March 2017 - Release-announce - lists.openstack.org

[tripleo] instack-undercloud 6.0.0 (ocata)
by no-reply＠openstack.org 08 Mar '17

08 Mar '17

We are psyched to announce the release of: instack-undercloud 6.0.0: instack-undercloud This release is part of the ocata release series. The source is available from: http://git.openstack.org/cgit/openstack/instack-undercloud Download the package from: https://tarballs.openstack.org/instack-undercloud/ Please report issues through launchpad: http://bugs.launchpad.net/tripleo For more details, please see below. 6.0.0 ^^^^^ New Features * Add new plugins for lldp processing ("lldp_basic") and switch port link information ("local_link_connection") to "processing_hooks" in inspector.conf. Changes in instack-undercloud 5.0.0.0rc2..6.0.0 ----------------------------------------------- e712d17 Move Docker registry setup into its own profile cfeebb1 Revert "Turn off propagation for undercloud logger" 56bf795 Return 1 when an error occurs b5925eb Set instance audit settings so nova sends notifications 44169b1 Allow to teardown Telemetry services ecc2306 Install Ironic inspector plugins 746343d Set project name explicitly to service for panko 4d5eee6 Update .gitreview for stable/ocata e04ac53 Reduce required memory check to 7.5GB 1d2f36a Fix insufficient memory error message 66d12cc Disallow IP changes on undercloud update 014cb5b Stop using deprecated mockpatch module 86492f6 Add py35 to tox envlist d85b11c Fix ntp configuration. 6b38be4 Bump required undercloud memory to 8 GB 35312d5 Add last missing release notes before Ocata release ee1a836 nova: start compute after keystone endpoints/services e28f501 Turn off propagation for undercloud logger 1f325e5 Remove image_path option 2ccd050 Fix ironic-related deprecations 8222fe1 Reduce memcached memory usage 599d5b1 Explicitly configure credentials used by ironic to access glance ef82a2f Remove backslash from awk command in stackrc 4bd5cd5 Typo fix: occured => occurred 578599f Increase sync timeout for nova db syncs 4d58e77 Stop deploying Nova API in WSGI with Apache 03d5cd9 Clear any previous environment in stackrc 3dc0557 Add additional proxy and config endpoints for UI 0b02f14 Fix initialization of novaclient f4db8c8 Add a pre-upgrade online_data_migration step for undercloud 3b7e367 Move handling keys for hieradata template completely to instack_undercloud module 4194764 Disable the deprecation warnings as errors for puppet-syntax 450e46d Add a release note regarding inspector switch to mysql from sqlite f6771ac Remove ramdisk rebuild from overcloud-full element 6fdde18 Stop setting deprecated enable_setting_ipmi_credentials option cf0c95b Set discovery_default_driver=pxe_ipmitool and add missing release note 8916a4a Configure listen address/port for novajoin c504a91 Ammend the completion and error message to signal an upgrade 350aeaf Allow enabling node auto-discovery on the undercloud ad47a3c Run cell v2 setup differently for upgrades 48dbd2f nova: create basic setup for cells 147209c Update release notes to include aodh db changes ccfc56d Ensure Aodh uses its own mysql db 811ea33 Add release notes for Ocata 6.0.0 84f58a1 Deprecate instack-virt-setup 3f6a345 Remove setup-neutron 91015d8 Run yum clean before yum update dbc50a1 Add Reno support 6a73374 placement: fix auth_url 25ecc19 Remove Glance Registry from undercloud 83892b8 Fix typo in undercloud.py e465ca4 Remove enable_(mistral|zaqar) options 9c6424d Validate vips when generating certificate too 948b047 ntp: make sure chrony is purged before 1f0cee9 Add missing FW rules for Placement API 61ef526 Remove store events setting ad1076f Add panko service to undercloud 2c93df4 ssh: use tripleo profile to deploy SSH 35759b7 Initialize gnocchi::keystone::auth on undercloud a661b6d Improve upgrade process to include upgrade flag bbbb908 Adds the nova db online data migrations to the list of db sync 3148821 Deploy Nova Placement API on the undercloud 267d9b1 Add code to support novajoin in the undercloud 3f83f39 Revert "Add cell_v2 simple_cell_setup" 5549778 Keep Ceilometer api enabled for Ocata Undercloud 039eb66 Revert "Add code to support novajoin in the undercloud" a507648 nova: use new wsgi class 9eb86c2 Install also Cinder V2 and V3 endpoints when Cinder is enabled ec628cf Explicitly open port 443 for the TripleO UI 15eb78e export OS_BAREMETAL_API_VERSION in stackrc 3a12ee6 Add code to support novajoin in the undercloud 53f8f21 H803 hacking have been deprecated 4f17279 Add cell_v2 simple_cell_setup cf904e0 mysql: remove 'test' default database ff95ae6 Set fernet max_active_keys to 2 fc7f42f Add a generic failure message on exception 92ed8fd Revert "Switch mistral to use authtoken configuration" 853b4bf Run `yum update -y` before Puppet run 9031dcf Fix bashate errors and warnings (lint) 4b4d4bd Disable legacy ceilometer api 0077a78 Add gnocchi support on undercloud 0cb4fbd Switch mistral to use authtoken configuration e33c91e Optional Cinder support for undercloud d351a9e Set Ironic cleaning network to ctlplane 450f756 Update network_cidr config option doc 2e88f18 Add option to set undercloud dns nameserver 0a316cb Fix package update cases 924e1b8 Changed author and author-email 32d2d16 Show team and repo badges on README 34ec264 Increase the default number of workers for heat engine 34b89d7 Fix docker registry firewall rule a38b0ad Remove deprecated network range 192.0.2.0 0e30430 Only erase disk metadata if automated cleaning is enabled 55eab21 Set heat.conf max_nested_stack_depth = 6 b42de57 Stop pinning Glance API 0a85391 Configure undercloud docker for insecure registry 5867272 Fix pep8 job d11a5ee Pass keystone configuration via hiera 6ab2fd4 Move glance_api_servers conf for nova to hiera 4ce1042 Configure keystone ec2 conf for heat behind haproxy 4ee68a5 Increase Mistral Task Size limit 811d174 Open firewall port for the TripleO UI 90f7f54 Make inspection also respect whether iPXE is enabled f0494e4 Increase the timeout for the default plan creation f3fd1e3 Prevent pxe_ilo driver from guessing the boot mode to use c677aa8 Allow setting enabled drivers in the configuration 0564ee2 Add option to not update packages during undercloud install 0fa4ab8 Fix generated sample config 67a04a1 Fix deprecated variables in puppet 3c366c9 Enable docker-registry haproxy endpoint c9c9447 Install, enable docker service b8585c5 Bind docker-registry to controller_host 7d0abea apache: Remove product informations 312f42a Disable Swift auditors and replicators on the undercloud 1b89f5b Remove instack-create-overcloudrc a370e16 Only create the Mistral config env if it doesn't exist ee5f25a Tune number of workers for undercloud 76489f7 Switch Ironic to use local boot by default for all nodes 7c24207 Run ceilometer api under wsgi on undercloud 0c5b729 Make the snmpd_readonly_user_password available to Mistral 625a4ab Enable validations by default 1aae46b Enable telemetry services by default on undercloud d80a144 Fix default Swift ring partition power 04c2cff start ironic-(api|inspector) after Keystone_endpoint 5673306 Revert "Stop pinning Glance API version on stackrc" c9e5485 Switch to use Puppet Openstack spec helper 2c7c869 correctly spell yaql_limit_iterators b477a6e Open instack-undercloud for Ocata e5655b0 Pin beaker due to ruby requirement a78a5fb Make HAProxy terminate OpenStack internal/admin endpoints 045f1f1 Clean up validation error message 1510844 Use same logging format for file and stream 562632f Switch ironic-inspector to mysql b2e5648 Stop pinning Glance API version on stackrc Diffstat (except docs and test files) ------------------------------------- .gitignore | 3 + .gitreview | 2 +- Gemfile | 27 +- README.md | 7 + Rakefile | 2 +- .../post-install.d/90-rebuild-ramdisk | 6 - .../install.d/02-puppet-stack-config | 21 +- .../configure.d/50-puppet-stack-config | 2 +- .../puppet-stack-config/puppet-stack-config.pp | 352 +++++++++----- .../puppet-stack-config.yaml.template | 315 ++++++++++--- .../os-apply-config/root/stackrc | 36 +- .../root/tripleo-undercloud-passwords | 1 + .../post-configure.d/98-undercloud-setup | 58 +-- instack_undercloud/__init__.py | 18 + instack_undercloud/undercloud.py | 513 ++++++++++++++++----- instack_undercloud/validator.py | 36 +- releasenotes/notes/6.0.0-7413b6a7cecc00b6.yaml | 25 + .../add-additional-endpoints-96cb28a13c79e9d9.yaml | 5 + ...recate-instack-virt-setup-0e76669d1e068408.yaml | 3 + .../disallow-ip-changes-bde0e2528544c71b.yaml | 11 + .../fix_ntp_configuration-1a74dd4e02a622f5.yaml | 5 + ...nspector-additional-hooks-9a5c8f5aad2bac31.yaml | 6 + .../notes/inspector-mysql-0985b0bc920c8b34.yaml | 9 + releasenotes/notes/ipmi-cred-7d3b52a2618b66f7.yaml | 6 + .../notes/node-discovery-8264e0c97cb5e00f.yaml | 10 + .../notes/nova_cells_setup-471df6c9dd45166c.yaml | 3 + releasenotes/notes/nova_db-677f60f74ba34df9.yaml | 10 + .../notes/nova_eventlet-84ad971618732da9.yaml | 7 + ...-image_path-configuration-9092b1c78da4d6de.yaml | 4 + .../required-memory-increase-b7f22375c1d21aee.yaml | 6 + releasenotes/source/_static/.placeholder | 0 releasenotes/source/conf.py | 265 +++++++++++ releasenotes/source/index.rst | 18 + releasenotes/source/unreleased.rst | 5 + requirements.txt | 1 - scripts/instack-create-overcloudrc | 33 -- scripts/instack-upgrade-undercloud | 3 + scripts/instack-virt-setup | 9 +- setup.cfg | 8 +- templates/config.json.template | 2 +- templates/net-config.json.template | 3 +- test-requirements.txt | 1 + tools/releasenotes_tox.sh | 28 ++ tools/tox_install.sh | 30 ++ tox.ini | 8 +- undercloud.conf.sample | 124 +++-- 48 files changed, 1882 insertions(+), 531 deletions(-) Requirements updates -------------------- diff --git a/requirements.txt b/requirements.txt index afb8e35..8d041dc 100644 --- a/requirements.txt +++ b/requirements.txt @@ -9 +8,0 @@ pystache -os-cloud-config diff --git a/test-requirements.txt b/test-requirements.txt index 8d61c44..345eeb8 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -16,0 +17 @@ bashate +reno>=1.8.0 # Apache-2.0

1 0

[tripleo] tripleo-heat-templates 6.0.0 (ocata)
by no-reply＠openstack.org 08 Mar '17

08 Mar '17

We are ecstatic to announce the release of: tripleo-heat-templates 6.0.0: Heat templates for deploying OpenStack with OpenStack. This release is part of the ocata release series. The source is available from: http://git.openstack.org/cgit/openstack/tripleo-heat-templates Download the package from: https://tarballs.openstack.org/tripleo-heat-templates/ Please report issues through launchpad: http://bugs.launchpad.net/tripleo For more details, please see below. 6.0.0 ^^^^^ Support for Manila/CephFS with TripleO managed Ceph cluster New Features ************ * It is now possible to configure Manila with CephFS to use a TripleO managed Ceph cluster. When using the Heat environment file at environments/manila-cephfsnative-config.yaml Manila will be configured to use the TripleO managed Ceph cluster if CephMDS is deployed as well, which can be done using the file environments/services/ceph-mds.yaml Changes in tripleo-heat-templates 5.0.0.0rc2..6.0.0 --------------------------------------------------- 5f278eb reno: prepare 6.0.0 (Ocata GA) ff48624 Make UpdateDeployment depend on NetworkDeployment 04035a8 Fix Panko API upgrade process ec42700 Install nova-placement package on upgrade ec200a8 Add upgrade task for panko api 16c4cd6 Upgrades: fix up the rabbitmq HA mode like in new ocata deployments edb2220 Add mistral service support for composable upgrades 53225d5 upgrades/validation: only run validation when services exist d968747 Put service stop at step1 and quiesce at step2. d0d9395 Adding upgrade_tasks to tacker bb9867e Adding upgrade steps to congress service dda25e8 Add upgrade support for Horizon a27b97d Add etcd composable upgrade steps e082540 upgrades: fix ec2api conditional 3907fcb Adding keystone parameters for Congress 28cc7e6 Adding keystone parameters for Tacker 4f3a72e Add auditd upgrate steps 1555183 Add zaqar service for composable upgrade 05e0a5f Add support for upgrading ec2-api f0d6c7b Adds http proxy support for registering RHEL overcloud nodes dd4524c Updated from global requirements 7a08ed7 Update the Nova Endpoint information for Cinder 94e27e6 Don't recalculate EndpointMap to get outputs 7f99e6d Install openstack-heat-agents on upgrade 74561e6 Install openstack-panko-api on upgrade daac054 Don't assume default network names in net_ip*map 8c9cef2 Deploy CI scenarios with Pacemaker c472b36 Remove forgotten sahara dbsync from step5 upgrades tasks 077c72b multinode_major_upgrade: enable Pacemaker 577ea9b Upgrade nova-api/scheduler/conductor packages at step3 not step2. 2358764 Align HCI environment file with list of services from roles_data a41c5eb Add checks in ansible upgrade tasks for CephMon and CephOSD 38cbdc5 Add release notes for Manila/CephFS with managed Ceph bded9a1 Adding the ip_conntrack_proto_sctp kernel module 039e7ef Increase ansible-pacemaker default service start timeout fd3ac00 neutron: don't set external_network_bridge option by default dfa98bc Re-add the disable_upgrade_deployment note in roles_data.yaml 7b17083 Update ci environment for multinode jobs to support Ceph 77af536 Increase apache ServerLimit and workers to 100 3166631 Enable panko service by default on overcloud 7c280a3 Add step0,validation checks for heat services 9014197 Stop nova-api before upgrading package 3a7ed44 Make the DB URIs host-independent for all services a61ca21 multinode/upgrade: add nova services to environment 0d348d1 Switch to net-config-multinode e160cd2 Add explicit swift check to tripleo_upgrade_node.sh 695efa6 Deploy Manila with CephMDS in scenario004 3440d9d Apply puppet in non-controller script in step. a334a15 Automatically backup and restore Swift rings from the undercloud 824c54d Add Newton to Ocata UpgradeInitCommonCommand a36cac3 Apply post-upgrade step to not run puppet in post upgrade aef946f CI fix broken references to multinode-core.yaml fcf62ae Update .gitreview for stable/ocata 0b99c32 Add major-upgrade-converge environment. 701b544 Setup FreeIPA to serve DNS in the setup script 8424e21 Declare variables for freeipa_setup.sh script 5353f1c Add nova service support for composable upgrades 47d29db Release notes ha composable ac29fde OVN bridge mappings for tripleo 35c64e1 Add upgrade tasks for opstools services 246370e Containers: Add required EndpointMap parameter b80a89c Configuring a default ntp server. fa29c83 Add Ceph RGW to capabilities map 093949d Updated from global requirements 8896c4e Fix empty parameter_default error in environment file 3ee40f3 Add release note for services endpoint change d1edc33 Use Keystone internal endpoint instead of admin for nova-ironic d1eb0bc Use Keystone internal endpoint instead of admin for services f2ab850 Remove duplicated release notes aa7134b Add missing TripleO services to ci/multinode ef7b38a nova-placement: support upgrade ec5ba08 Remove [heat,glance,ironic,cinder,keystone] db sync from ansible d23c164 Remove the ansible neutron-api db sync as for other services ca843e1 Configure the placement API's interface to use the internal endpoint 97e0768 Reduce memcached memory configuration 7bca48b Add missing release notes for Ocata fbb7298 placement: switch service to use NovaPlacementNetwork 94a0d14 Fix Neutron region in nova.conf 8a77f29 Remove gnocchi db sync from the ansible upgrade step 5e411fa Adds cluster status check_and_fail before running upgrade (step0) f55d670 Dump and run puppet for role which are disable_upgrade_deployment true f666228 adding Congress Support c389ced Remove legacy major upgrade scripts for Ceph and BlockStorage ed220ae Delivers upgrade scripts where upgrade steps are disabled 9df2928 Make UpgradeBatch resource depends on BatchConfig step0 76e89a5 Remove aodh db sync from ansible upgrade b49b443 Adding Tacker Support 53619e2 Remove deprecated metering_secret da91bb6 Re-organizes Contrail services to the correct roles 9f48b91 Stop deploying Nova API in WSGI with Apache 2026ee4 Enables support for configuring Cinder with Dell EMC ScaleIO storage backend. 6d27319 Stop setting bind_address on nova db uri. a19e570 Composable services support for Cinder Dell EMC PS Series 490c19b implement a collectd composable service 7a14359 Remove precheck on services which run on httpd for upgrade 353c2de Remove openstack-ceilometer-api pre upgrade check 2afc240 Adds default Keystone region to regionOne Closes-Bug: #1661839 341afb9 Composable service support for Cinder Dell EMC Storage Center 07876f2 Add registry and role service list entries for Octavia f48c665 net-config-multinode: make controlplane int idempotent e32164c Provide a default value for Ironic cleaning_network configuration 6c5ded0 Remove openstack-ceilometer-expirer check 0bd4cfc Disable batch upgrade deployments for disabled roles 1b58806 Reduce number of steps for upgrades efa4c0f Simplify/fix config enabled conditions for upgrades 87af02d Disable puppet on upgrade for roles not upgrading 526d434 Added further security functionality in release notes. aeeed8b CI: enable debug on multinode and upgrade job 1cb731b Remove old host param 05fdd46 Switch item notation to jinja format eaafa92 OVN plugin configuration fixes a6a69ad Add pacemaker composable upgrade steps e5d594e Moving the validation for using the template alias version for all templates ca0bf43 Remove unused SR-IOV parameter NeutronSupportedPCIVendorDevs 2ca1624 Add more explicit messagae to build_endpoint_map's check option 5e0a7ee Validate that endpoint_map.yaml is up to date in the gate 064f7d6 Configure VNC Server listen address through t-h-t f6d8dc6 FreeIPA: don't preprovision service principals if novajoin is enabled c99a607 Don't run ceilometer-upgrade via upgrade_tasks 5beb31a Remove Gemfile and Rakefile a81ccd8 Disable the deprecation warnings as errors for puppet-syntax ad4cc3e Add ability to toggle swift's ceilometer transport_url SSL 79f148b Use common directory in CI scenario for net-config 474783e Introduce Octavia implementation services 5339b91 Describe use of Manila/CephFS in capabilites_map 9d82796 docker: eliminate copy-json.py in favor of json-file ceebfa2 multinode/upgrade: set heat::rpc_response_timeout to 600 12b0d72 Pass parameters for TLS proxy in front of neutron server 1dd364f Use os-net-config in multinode jobs 6bdfd93 Add support for Jinja2 includes afdc138 Add AuditD composable service d14c56e Adds a pre-upgrade check that service is running (step0) 4869212 Allow the override of pacemaker::corosync::settle_tries 581cfa7 Allow to separate Horizon from Neutron 5461971 Add deployed server bootstrap for RHEL ffd62b2 Remove create-legacy-resource-types opts a0c5f65 Add upgrade support for CephRGW service 708d337 Add release note for composable upgrades bf4c3f2 Do not try to update the 'ceph' metapackage from CephMon role 54667d3 ci: import multinode_major_upgrade.yaml from tripleo-ci bdfc7c6 Add Ceph RBD mirror Pacemaker profile 73f5879 Adds SSH Banner text into sshd_config f1c2675 Add SkipUpgradeConfigTags for upgrade config 5750df8 Add telemetry service support for composable upgrades 405ccc3 Add ironic service support for composable upgrades 5e575fb Skip upgrade steps where no tasks are defined 9f908e9 Add upgrade support for ceph OSD service 6fb4eec Add upgrade support for ceph-mon service 1cdc514 Add support for batched upgrades to composable upgrades 11f487f Use versionless keystone endpoint for barbican-related configurations c7ae882 Set the correct default for gnocchi workers c6b6466 Add novajoin entries to the TLS-everywhere environment file 08bac5a Add a release note for using deployed-servers (aka split-stack) 8bf0468 Conform CephExternal template to the new hiera hook 6466cbd Add release notes for Ocata 6.0.0 0e18ac5 Manage password_validator regex e252295 Add snmp service support for composable upgrades d33422d Remove spurious for loop from post deploy j2 80086fd Add metadata settings for needed kerberos principals 4f4582e Add glance registry service to disable on upgrade ac70b82 Import multinode + pingtest from tripleo-ci 3d1c202 cinder-api: cleanup TODO 35e49d5 Specify what to do if endpoint map environment don't match a88261a Pass parameters for TLS proxy in front of Glance-API e02c3c2 Add ec2-api service cf8c1eb pacemaker remote profile support 44ec613 scenario002: updating volume encryption provider 275bbe8 Allow for specifying the output_dir 5fbe0c5 Ignore hidden files in directories 3330089 Add support for not using admin_token in Ceph/RGW 1cbf097 Remove unused nova_url from neutron config 67f9413 Add disable_upgrade_deployment flag to roles_data.yaml a7b3f81 Set manila default_share_type config option cb56496 Move nova placement hiera to nova-base 2254d38 cinder: move glance params into base e9cb6de Allow dnsmasq_dns_servers to be configured for DHCP Agent 07cdf9b Enabling until_complete to be configured dynamically e56b191 Add THT for fossw ML2 plugin in networking-fujitsu 24952e0 Make ServiceNetMap support custom network names ee26457 Add sahara service support for composable upgrades 04084ba Add swift service support for composable upgrades 2dee58a Swift proxy align *-quotas with puppet-swift syntax df1e016 Don't start all services during upgrade steps d5d8701 Disable glance registry during upgrade 49dc4d2 Ignore systemctl return code in yum_update.sh 550dde6 Deploy NTP with puppet-tripleo profile 52573da Adds etcd composable service 312f357 Fix comment in freeipa_setup.sh script c644d83 Add entry in serviceNetMap for Nova Placement 70e8e7a Expose instance discovery method for compute agent dcfc581 Remove CeilometerStoreEvents parameter 78215fa Add IP to provisioning interface for FreeIPA if requested 51fa5a5 Add Octavia API service definitions 0561ae1 Revert "Revert "Specify cell0 db creation"" 8568de4 Add a environment file to disable ceilo api 7efa88b Check that all templates are using the release alias 22ffadd set -e in run-os-net-config.sh 08c6a86 Add deployed server bootstrap to noop-ctlplane d1e6731 Add endpoint map matching validation to validate-yaml.py 26ae162 Nova Placement API composable service e4c2b99 Add release notes for the HA-by-default change ddca775 Bump missing template names to ocata 18e6dc9 Conditionally set OVS agent firewall driver 4320ee5 Simplify passing config to ovs agent container 269a3bb Allow user to configure Ceph rbd_default_features 4ccb27a Remove Glance Registry service c9dca84 Fix typo in template description 62a84e7 Use custom role names in deployed-server roles c913d9b Deployed server bootstrap via Heat 92e203a Fix for AllNodesExtraConfig and fix environment files to create swap files/partitions e1f223b Configure cron parameters for Cinder Heat Keystone and Nova fa45e05 Updated from global requirements e8996d9 Removes deprecated neutron-opendaylight-l3 env file 5efee26 Add ReNo support 34f3ab6 Revert "Specify cell0 db creation" ca8face HPELeftHandISCSIDriver support for Cinder aaf4dc1 Add git to FreeIPA test server install script 399a048 Add heat service support for composable upgrades 11f3bde Add cinder service support for composable upgrades 04ed7e5 Add neutron service support for composable upgrades 7ac5ef5 Adds a step0 for pre upgrade-init checks c3d69c1 Parameterizes Nova API default floating IP pool 9245880 Add glance service support for composable upgrades 9087536 Fix protocol for ZaqarWebsockets endpoint f25458d Make build_endpoint_map.py output an ocata versioned template 3af65ff Fix error path for tools/process-templates.py 00b2529 Allow freeipa environment file to be in /tmp 8428553 Removes deprecated OpenDaylight L2 only deployments 6f20304 Add deployed-server backwards compatible template 42c31dc Add support for the deployment of Ceph MDS 4183f66 Add THT for networking-fujitsu f97ee52 Add retry to RHEL registration 216aa0d Updated from global requirements 1e606a1 Correct typo in ManagementAllocationPools in network-environment.yaml d31c78e README: Add mistral a0e6c8f Configure specific module path for ansible. 8a5c767 Setting networking-odl v2 as a mechanism driver 9d64d88 Make update-from-keystone-admin-internal-api.yaml work on newton+ c9596b7 Continue checking for request url if initially null ca4dd75 Update net-config-noop to use apply-config 64eb5a1 Add UpgradeInitCommand to deployed-server b1fe2e8 Template and role support for the undercloud 10044ba Heat engine settings required for Undercloud b7db1f4 scenario001: add Panko testing 6583d08 README: updates for CI matrix d998638 Remove unused pacemaker profiles f6511ec Auto-set SwiftMountCheck and SwiftUseLocalDir settings 4f9a16d Configure Kernel Args and Tuned and then reboot for Compute 81b0d79 Merge mysql service_config_settings for nova ea597d0 Fix a typo in deployed-server/README.rst 782c82a puppet/role.role.j2.yaml has invalid get_resource reference c172a84 nova-api: legacy cleanup with old wsgi params 806fe37 nova-api: also include hiera for new apache_api class 3bd90e2 Set rabbitmq package_provider to yum bd985f8 Add custom roles data for deployed-server 724ba3a Add example showing how to set root password via cloud-init 40cb3ab Configure Heat engine metadata URL's 3c478c4 Add missing VIP definitions into -no-tunneling env file 87bcf6b Expose enabled_perf_events libvirt options 4e3b085 Specify cell0 db creation 4b8720e Remove old ControllerConfig override from puppet-pacemaker.yaml 56ebc7e DB connection: prevent src address from binding to a VIP 437f4df Force epmd listening to a specific address 3c6ec65 Bump template version for all templates to "ocata" 7f58104 Pass nova rabbit information to mysql 356b961 Use provided qemu.conf in libvirt container 20f627c Add network_config_hook interface to run-os-net-config.sh bb26e46 Add CI matrix to THT d2da590 Add hook to generate metadata from service profiles ee7456e Add FreeIPA server installation script 8d796ea Add a per service bootstrap node variable 22ba81c Adds missing firewall rules for OpenDaylight API service c5b7aa1 Adds missing OpenDaylight username/password from ODL OVS service efd28db Set gnocchi wsgi display name 0294499 Set aodh wsgi display name 696bb73 Set the default event pipeline publisher 5d777f3 Use ws instead of http for Zaqar websocket endpoints d2c61c5 FreeIPA: Make OTP and FreeIPA server parameters optional e3edcb2 Configure DPDK options to isolate PMD cores and ovs process cores 997690b Revert "Switch mistral to use authtoken configuration" 5c272e9 Use overcloud-full instead of atomic-image d5cd18d Introduce role-specific NodeUserData, use for docker e6bc520 Add bind mounts for agent state c568891 Move UpgradeInitCommand to role templates 58c6988 Run upgrade steps before post-deploy config d169989 Split OVN northd and ml2 plugin 9313e18 Add "deployed server" fake neutron ports c6f4d5b net-conf: make bridge and interface name optional 600f9b2 Increase libvirt/qemu.conf max_files and max_processes 3078533 Introduce role-specific nova-server-metadata f3d7b97 Don't run yum_update.sh inside docker b3e5f8e Add ZaqarApiNetwork to the service net map f1cc214 Add pre-network hook and example showing config-then-reboot 4e8d5aa Use hostname -s instead of hostnamectl --transient afcb6e0 Make the openvswitch 2.4->2.5 upgrade more robust de92353 Set rabbitmq's port and IP via the config file and not the env file 45522a9 Set manila cephfs backend if ceph is deployed db31ff5 Enable SECURE_PROXY_SSL_HEADER option for horizon d49173b Synchronize NetworkDeployment inputs for generic roles 0097da7 Use OS::Heat::DeployedServer 0146b6b Manage disallow_iframe_embed 623c249 Use df instead of findmnt in cephstorage upgrade scripts 1a9c202 Decouple swift-proxy from ceilometer 5938731 Add a type for the ControlVirtualIP resource ed029e5 Switch mistral to use authtoken configuration c0cbbd5 Expose param to enable legacy ceilometer api 7611f45 Add FreeIPA enrollment template f592e19 Don't rely on lsb_release for hosts template write bb73874 docker: don't use custom run-os-net-config 5de29f8 Correction to SRIOV THT Examples 4b425b9 Enable haproxy internal TLS through enable-internal-tls.yaml ebc17a2 Remove unused attr from templates 1102b64 Remove redundant CLI arguments for neutron-db-manage d4db12b neutron: don't set router_delete_namespaces 9745e8b Fix SwiftStorage role. 8e5652e Add NIC config for compute role for DVR with multiple NICs f7e8a04 Fix bug when using multiple DeployArtifactURLs 0f1022e Revert "Use FQDN for rabbitmq's nodename env variable" 41b062a Add zaqar to the controller's list of services in roles_data.yaml d706032 Move nodes' fqdns to a map to remove clutter 64e44e8 Make get-occ-config.sh support custom roles 26c229a scenario001: deploy Cinder with RBD backend ea67638 scenario003: configure Keystone tokens with Fernet provider 072a06f Implement scenario004 with Ceph Rados Gateway scenario f334758 ceph-rgw: add missing user parameter adcb488 scenario001: deploy Ceph dbee500 scenario001/pingtest: remove gnocchi_res_alarm dbece39 Initial support for composable upgrades with Heat+Ansible 3e9fcfd Use FQDN for rabbitmq's nodename env variable b4cd2ed Use network-based fqdn entry from hiera instead of the custom fact 7a2c2b0 Introduce network-based FQDNs via hiera 7876851 Hiera optimization: use a new hiera hook b56e666 Make pep8 task run template generation 32f84e5 Use transient hostname for deployed servers f6b1dee Deployed server: switch to apply-config hook 4b5b244 Add local template generation tox task f02742a Configure /etc/hosts via os-collect-config script 413d292 Support multiple meter dispatchers in ceilometer config c5a1ea1 Add Zaqar to scenario002 5d18520 Make scenario template paths relative dddddbf Add Mistral to scenario003 0c7cbcf Fix grammar 981c33a Test encrypted volumes in scenario002 4f88933 get-occ-config.sh replace deprecated heat commands 2985cd9 Apply os-net-config with a script instead of element d1deaae Use correct type for SensuRedactVariables parameter 8a849dd Revert "Set NeutronL3HA to false when deploying DVR" 933f1af Stop using puppet to configure VIPs in /etc/hosts 9f595c8 Fix puppet/services/README.rst step description 2f50e14 Show team and repo badges on README 2819cb3 Import TripleO CI environments from tripleo-ci 2a7e044 Provide full list of services for Compute role in HCI scenario 22003fb Enable TLS in the internal networkf or Mysql 9e3bf28 Disable Neutron agents with OVN. 476b054 Run os-net-config before restarting cluster on update 4e0e4a5 Explicitly set rabbit hosts so its not overridden during upgrade e2e0f9d Cleanup some inline comments in network/config 0ca8dab Make the CloudDomain defaults match the doc strings 5a472f1 Fix ovs 2.4 to 2.5 upgrade - minor update non controllers d9b80a8 Fix resource_registry path in enable-internal-tls 6e86622 Containerized Services for Composable Roles a3f03eb Modify external loadbalancer environments to use new FixedIPs 583e052 Add necessary parameters for encrypted volumes support ab8b13d Make Ceilometer notifications non-blocking 0f742c7 Disable keepalived for HA deployments via t-h-t 0213ae9 Disable Options Indexes in horizon 06d4d08 No longer hard coding to a specifc network interface name. a2e0aa4 Add panko api support to service templates 4a35893 Remove conditional for neutron l3_ha f9b2a22 Configure Keystone Fernet Keys ca12232 Enable enforce_password_check ea22134 Remove Combination alarms support 277fbae Do not manage overcloud repositories when using external Ceph 8fe71c0 Correct AllNodesDeploySteps depends_on 42f835e Use keystone profile parameter to pass heat password 8ab22a9 Nova base cleanups for hiera json hook 133edad Horizon service cleanups for hiera json hook 2df399d Replace ceilometer-dbsync by ceilometer-upgrade bb3c742 Fix external Load Balancer deployment 59997c5 Define keystone token provider 20f8fd1 Composable Zaqar services 71ed1db Fix up Newton->Ocata rabbitmq ha policy 23ca447 Enable internal TLS for Barbican API a5cec52 Fixes missing OVS Firewall config with OpenDaylight 76b0edc Configure civetweb bind socket via puppet-tripleo c99c48b Increasing neutron timeout for low memory usage eec4587 Increase reserved memory for computes when enabling DVR c921b15 Use default Sensu redact 548bf8a Fix inconsistent Manila service naming e2ebc8e Fix typo in Keystone Sensu subscription d96b58b Use j2 loops in post.j2.yaml 36aa652 Neutron L3 service cleanups for hiera json hook 93b4d83 Handle null role_data in services 390292e Select bootstrap node by list index not name 5e52fb0 adding swift middleware that is typically enabled by default 96a458d Add firewall rules for manila api service 465d913 Disable password reveal in horizon dde12b0 Fix race during major-upgrade-pacemaker step 1482956 set url_base option in static web middleware 094bbef ceilometer compute agent needs restart on compute upgrade 17e727d Reload haproxy configuration as a post-deployment step b0f964d Temporary UCSM mapping files should be opened with write mode b1624dd Use --globoff when downloading artifacts 665fad1 Enable internal TLS for Cinder API 5ba02aa Removes deprecated overcloud VIP outputs d3f75f6 Fixes incorrect reference to OpendaylightApiNetwork b5cb4e4 Add missing Barbican endpoint from tls-everywhere environment ed95fda Ensure heat-domain hiera is in nodes that contain keystone d297e02 Move per role Services defaults into environment file b4bfc17 Add an optional extra node admin ssh key parameter 16004b9 Move db settings from manila-api to manila-base f20c044 Include keystone authtoken config in manila-share service a560e98 swift/proxy: remove swift::proxy::ceilometer::rabbit_host 69be131 Defaults kernel.pid_max to 1048576 fa5a9ad nova: add missing vnc console port in firewall d006338 nova/libvirt: add missing ports for live-migration a7af5b9 Fixup the start of swift services 56c38c1 Add Sahara plugins list as a configurable parameter 9bb00f2 Ensure we update ceph and composable nodes ba66980 Do not reference CephBase from CephExternal service c54d323 Revert "Adjust MTU to compensate for VLAN tag issue" 53ff813 Add Neutron network type and VLAN ranges to network-environment.yaml 204ebf8 gnocchi statsd should be able to send data to port 8125 d8fa70d Update openstack-puppet-modules dependencies a8e1190 Rework gnocchi-upgrade to run in a separate upgrade step eb34d8c Change nova ram_allocation_ratio to match puppet-nova 65db374 Enable internal TLS for Nova API 4a17efe Updated Nuage neutron plugin name 178b647 Add SNMP role to the CephStorage nodes 38fe61b Fix Swift proxy pipeline ordering 813b3dc Add option to disable "d1" Swift device 9e2e558 Set cinder's service name to httpd via t-h-t 61cba94 Add replacepkgs to the manual ovs upgrade workaround and fix a typo 82e262d Fix usage of SwiftRawDisks f49d4d2 Enables auto-detection for VIP interfaces 3866490 Fix the rabbitmq/redis pacemaker resource timeouts on updates d6df3c6 Clarify horizon allowed hosts setting b6a4bdc Re-add NFS backend for Glance da3b0cb Use ::os_workers fact instead of ::processorcount 9dfc243 Composable Mistral services 7cc594c Add missing Ceph endpoints from tls-everywhere environment c6ddaaf Remove double tcp_listen_options entries for rabbit 1c4ade1 Open port 16509 for libvirt for live migration f1b509c Include ceilometer in swift proxy pipeline 7ce2179 Fix the stonith property during upgrades 7e09b70 Add special case handling for OVS upgrade in updates and upgrades bf97a0f Enable internal TLS for gnocchi eb11477 Enable internal TLS for aodh 660dbd5 Enable internal TLS for ceilometer debbfbb Generate internal TLS hieradata for apache services 9bd8d53 Remove duplicate bind_host from nova-api profile e7cb607 Bind mount files to run DiD in latest atomic host 6d41f69 Have docker start script honor configuration 5f2f542 Add Barbican to the overcloud 0b62c95 Add parameters to run cinder over httpd 2cd90e8 Fix api_extensions_path in neutron-opencontrail environment 4c500c6 Add apache workers to nova-api conditional 59f19b5 Removes EnableODL heat parameter and fixes missing local_ip param d7610f7 Set nova service_name via t-h-t bb875ec Enable proxy headers parsing for Neutron 0ff21f8 glance_multiple_locations when NovaEnableRbdBackend=true 6b9fe61 Disables Neutron ML2 config on Compute for OpenDaylight ccc3a56 Ensure all HostsDeployments finish before puppet 74317f2 heat-api-cfn endpoint is created to RegionOne instead of regionOne 32d7c52 Fixes missing provider mappings for OpenDaylight 4e98b29 Pass heat domain admin password to keystone 1884d2a Modify the constraint to allow single quote for DPDK core list param 4794154 Enable Glance multiple locations when using Ceph 9f89441 Split out hosts config deployment 7b04794 Move trunk service plugin to the proper list 9d9eece Prefill Sensu client custom config dd14a8c Enable proxy headers parsing for Ceilometer 81576e9 Enable proxy headers parsing for Aodh 17c821b Enable proxy headers parsing for Gnocchi 4eacf41 Disable IPv6 RAs & Autoconf For All (Not Just Default) 38f9838 Only set NovaWorkers in the non-default case a80d13b Remove duplicate metadata keys from nova-api.yaml 3f842b5 Add contrail services to the resource registry 29306b7 Special case non-matching ObjectStorage role port names 0448622 Allow Glance API and Registry to be split 28a2a6d Enable object versioning in Swift proxy 30a570a Actually start the systemd services in step3 of the major-upgrade step 1c8ef6c Fix default Swift ring partition power 6d9f97f Set the notification driver for glance 22ab4a6 Make step an integer on the pacemaker controller ff908cc Add new environment for debug 87e83b7 Remove unneeded *_enable_backend hiera from Manila backends a6d6acd Add cloud names to hosts output eaf91da Ceilometer Wsgi Mitaka->Newton upgrades c70af3e Serialize AllNodesDeployment and UpdateWorkflow b55f6cd Specify the Ceph packages to be installed 7322d60 Enable firewalling by default on compute nodes ddd4d3c Re-enable ManageFirewall by default. e32e211 Add Select per-network hostnames for service_node_names to role.role.j2.yaml 704a78d Be more inclusive in insecure registry regex 8c52f96 Add generic template for custom roles. 273a449 Set proper ceph config path for manila dd162f4 restore missing fluentd client functionality 78500bc Renames OpenDaylight to OpenDaylightApi and splits out OVS configuration eaa385f Fix OpendaylightApiNetwork key naming ec282c4 Open tripleo-heat-templates for Ocata 2e6cc07 Adds Environment File for Removing Sahara during M/N upgrade 6a408ff Select per-network hostnames for service_node_names ff86a85 j2 template per-role ServiceNetMapDefaults 883addf Move the main template files for defalut services to new syntax generation 3fa2ab4 Include redis/mongo hiera when using pacemaker 2b06ed8 Disable all repos during rhel registration dc6f93d Update $service to $resource this variable does not exist in the context b74b679 reload HAProxy config in HA setups when certificate is updated 1d7231a Change the rabbitmq ha policies during an M/N Upgrade 1c5d168 Change rabbitmq queues HA mode from ha-all to ha-exactly c947008 Make keystone api network hiera composable 94fddff j2 template role config templates b3c73a7 Replace per role manifests with a common role manifest d720f22 telemetry: remove coordination_url hiera settings b97c913 Telemetry: add redis_password hiera parameter b6b35e4 Fixed NoneType issue when monitoring-environment.yaml a23f192 Fixed NoneType issue when logging-environment.yaml is used d2af1b8 Add flag for internal TLS 9bf37e0 Add HAProxy TLS handled by certmonger as composable service 57f14d9 Add option to specify Certmonger CA 5e41f15 Balance Rabbitmq Queue Master Location on queue declaration with min-masters strategy 27e1d10 Set ceph osd max object name and namespace len on upgrade when on ext4 1da253f Add parameters to run nova over httpd 7822c97 Cinder volume service is not managed by Pacemaker on BlockStorage b0d6607 Move the rest of static roles resource registry entries to j2 371698a Fix typo in fixing gnocchi upgrade. 0593077 Use -L with chown and set crush map tunables when upgrading Ceph 752394a Use netapp_host_type instead of netapp_eseries_host_type 333f6b3 Use correct password for keystone bootstrap 06da49e Fixing resources path in OpenDaylight ff20b53 Added support for pass-through iSER configuration 1fa4c02 Add gateway_ip in OS::Neutron::Subnet Diffstat (except docs and test files) ------------------------------------- .gitignore | 18 + .gitreview | 1 + Gemfile | 24 - README.rst | 84 + Rakefile | 6 - all-nodes-validation.yaml | 2 +- bootstrap-config.yaml | 2 +- capabilities-map.yaml | 126 +- ci/README.rst | 11 + ci/common/net-config-multinode-os-net-config.yaml | 114 + ci/common/net-config-multinode.yaml | 66 + ci/environments/multinode-3nodes.yaml | 78 + ci/environments/multinode-core.yaml | 37 + ci/environments/multinode.yaml | 64 + ci/environments/multinode_major_upgrade.yaml | 65 + ci/environments/scenario001-multinode.yaml | 115 + ci/environments/scenario002-multinode.yaml | 67 + ci/environments/scenario003-multinode.yaml | 64 + ci/environments/scenario004-multinode.yaml | 84 + ci/scripts/freeipa_setup.sh | 120 + default_passwords.yaml | 2 +- deployed-server/README.rst | 13 +- deployed-server/ctlplane-port.yaml | 17 +- deployed-server/deployed-neutron-port.yaml | 67 + .../deployed-server-bootstrap-centos.sh | 16 + .../deployed-server-bootstrap-centos.yaml | 22 + deployed-server/deployed-server-bootstrap-rhel.sh | 13 + .../deployed-server-bootstrap-rhel.yaml | 22 + deployed-server/deployed-server-config.yaml | 22 - deployed-server/deployed-server-roles-data.yaml | 173 + deployed-server/deployed-server.yaml | 80 +- deployed-server/scripts/get-occ-config.sh | 60 +- environments/auditd.yaml | 119 + environments/cinder-dellps-config.yaml | 31 + environments/cinder-dellsc-config.yaml | 4 +- environments/cinder-eqlx-config.yaml | 17 - environments/cinder-hpelefthand-config.yaml | 13 + environments/cinder-iser.yaml | 19 + environments/cinder-netapp-config.yaml | 2 +- environments/cinder-scaleio-config.yaml | 35 + environments/collectd-environment.yaml | 23 + environments/contrail/contrail-net.yaml | 26 + .../contrail/contrail-nic-config-compute.yaml | 167 + environments/contrail/contrail-services.yaml | 45 + environments/contrail/roles_data_contrail.yaml | 237 + environments/debug.yaml | 5 + ...ployed-server-bootstrap-environment-centos.yaml | 7 + ...deployed-server-bootstrap-environment-rhel.yaml | 7 + environments/deployed-server-environment.yaml | 4 +- environments/deployed-server-noop-ctlplane.yaml | 4 +- environments/docker-network-isolation.yaml | 4 - environments/docker.yaml | 32 +- environments/enable-internal-tls.yaml | 19 + environments/enable-swap-partition.yaml | 3 + environments/enable-swap.yaml | 3 + environments/enable_congress.yaml | 2 + environments/enable_tacker.yaml | 2 + environments/external-loadbalancer-vip-v6.yaml | 21 +- environments/external-loadbalancer-vip.yaml | 19 +- environments/horizon_password_validation.yaml | 5 + environments/host-config-pre-network.j2.yaml | 16 + environments/hyperconverged-ceph.yaml | 26 +- environments/logging-environment.yaml | 2 +- environments/low-memory-usage.yaml | 7 +- environments/major-upgrade-all-in-one.yaml | 2 + ...ajor-upgrade-ceilometer-wsgi-mitaka-newton.yaml | 7 + environments/major-upgrade-composable-steps.yaml | 15 + environments/major-upgrade-converge.yaml | 7 + environments/major-upgrade-pacemaker-converge.yaml | 4 + environments/major-upgrade-remove-sahara.yaml | 6 + environments/manage-firewall.yaml | 2 - environments/manila-cephfsnative-config.yaml | 11 +- environments/manila-generic-config.yaml | 9 +- environments/manila-netapp-config.yaml | 9 +- environments/monitoring-environment.yaml | 38 +- environments/net-bond-with-vlans-no-external.yaml | 4 - environments/net-bond-with-vlans-v6.yaml | 6 - environments/net-bond-with-vlans.yaml | 6 - .../net-single-nic-linux-bridge-with-vlans.yaml | 6 - .../net-single-nic-with-vlans-no-external.yaml | 4 - environments/net-single-nic-with-vlans-v6.yaml | 6 - environments/net-single-nic-with-vlans.yaml | 6 - environments/network-environment.yaml | 9 +- environments/network-isolation-no-tunneling.yaml | 30 +- environments/network-isolation.yaml | 3 - environments/neutron-ml2-fujitsu-cfab.yaml | 21 + environments/neutron-ml2-fujitsu-fossw.yaml | 22 + environments/neutron-ml2-ovn.yaml | 14 +- environments/neutron-nuage-config.yaml | 2 +- environments/neutron-opencontrail.yaml | 25 - environments/neutron-opendaylight-l3.yaml | 14 - environments/neutron-opendaylight.yaml | 12 +- environments/neutron-ovs-dvr.yaml | 19 +- environments/neutron-sriov.yaml | 3 - environments/puppet-ceph-external.yaml | 3 + environments/puppet-ceph.yaml | 12 + environments/puppet-pacemaker.yaml | 5 +- environments/services/barbican.yaml | 4 + environments/services/ceph-mds.yaml | 2 + environments/services/ceph-rbdmirror.yaml | 2 + environments/services/disable-ceilometer-api.yaml | 2 + environments/services/ec2-api.yaml | 3 + environments/services/etcd.yaml | 2 + .../services/haproxy-internal-tls-certmonger.yaml | 4 + .../services/haproxy-public-tls-certmonger.yaml | 4 + environments/services/octavia.yaml | 9 + environments/services/panko.yaml | 2 + environments/services/zaqar.yaml | 2 + environments/sshd-banner.yaml | 13 + environments/storage-environment.yaml | 22 +- environments/tls-endpoints-public-dns.yaml | 64 +- environments/tls-endpoints-public-ip.yaml | 64 +- environments/tls-everywhere-endpoints-dns.yaml | 117 + environments/undercloud.yaml | 18 + environments/updates/README.md | 3 + .../update-from-deployed-server-newton.yaml | 2 + .../update-from-keystone-admin-internal-api.yaml | 29 +- environments/use-dns-for-vips.yaml | 4 +- extraconfig/all_nodes/mac_hostname.j2.yaml | 2 +- extraconfig/all_nodes/random_string.j2.yaml | 2 +- extraconfig/all_nodes/swap-partition.j2.yaml | 19 +- extraconfig/all_nodes/swap.j2.yaml | 10 +- .../nova_metadata/krb-service-principals.yaml | 84 + extraconfig/post_deploy/default.yaml | 2 +- extraconfig/post_deploy/example.yaml | 2 +- extraconfig/post_deploy/example_run_on_update.yaml | 2 +- extraconfig/post_deploy/undercloud_post.sh | 126 + extraconfig/post_deploy/undercloud_post.yaml | 93 + .../environment-rhel-registration.yaml | 4 + .../rhel-registration/rhel-registration.yaml | 18 +- .../rhel-registration/scripts/rhel-registration | 122 +- .../pre_network/ansible_host_config.ansible | 58 + extraconfig/pre_network/config_then_reboot.yaml | 48 + .../host_config_and_reboot.role.j2.yaml | 100 + extraconfig/tasks/major_upgrade_block_storage.sh | 8 - ...ajor_upgrade_ceilometer_wsgi_mitaka_newton.yaml | 62 + extraconfig/tasks/major_upgrade_ceph_mon.sh | 78 - extraconfig/tasks/major_upgrade_ceph_storage.sh | 92 - extraconfig/tasks/major_upgrade_check.sh | 19 +- extraconfig/tasks/major_upgrade_compute.sh | 28 - .../tasks/major_upgrade_controller_pacemaker_1.sh | 176 +- .../tasks/major_upgrade_controller_pacemaker_2.sh | 212 +- .../tasks/major_upgrade_controller_pacemaker_3.sh | 74 +- .../tasks/major_upgrade_controller_pacemaker_4.sh | 17 + .../tasks/major_upgrade_controller_pacemaker_5.sh | 8 + .../tasks/major_upgrade_controller_pacemaker_6.sh | 15 + extraconfig/tasks/major_upgrade_object_storage.sh | 40 - extraconfig/tasks/major_upgrade_pacemaker.yaml | 108 +- .../tasks/major_upgrade_pacemaker_init.j2.yaml | 87 - .../tasks/major_upgrade_pacemaker_migrations.sh | 35 +- .../mitaka_to_newton_aodh_data_migration.yaml | 2 +- .../mitaka_to_newton_ceilometer_wsgi_upgrade.pp | 103 + extraconfig/tasks/pacemaker_common_functions.sh | 26 +- extraconfig/tasks/pacemaker_resource_restart.sh | 14 +- extraconfig/tasks/post_puppet_pacemaker.yaml | 2 +- .../tasks/post_puppet_pacemaker_restart.yaml | 2 +- extraconfig/tasks/pre_puppet_pacemaker.yaml | 2 +- extraconfig/tasks/run_puppet.sh | 27 + extraconfig/tasks/swift-ring-deploy.yaml | 31 + extraconfig/tasks/swift-ring-update.yaml | 42 + extraconfig/tasks/tripleo_upgrade_node.sh | 66 + extraconfig/tasks/yum_update.sh | 42 +- extraconfig/tasks/yum_update.yaml | 9 +- extraconfig/tasks/yum_update_noop.yaml | 2 +- firstboot/install_vrouter_kmod.yaml | 105 + firstboot/os-net-config-mappings.yaml | 6 +- firstboot/userdata_default.yaml | 2 +- firstboot/userdata_dev_rsync.yaml | 2 +- firstboot/userdata_example.yaml | 2 +- firstboot/userdata_heat_admin.yaml | 8 +- firstboot/userdata_root_password.yaml | 38 + hosts-config.yaml | 37 + j2_excludes.yaml | 10 + net-config-bond.yaml | 72 +- net-config-bridge.yaml | 44 +- net-config-linux-bridge.yaml | 60 +- net-config-noop.yaml | 6 +- net-config-static-bridge-with-external-dhcp.yaml | 78 +- net-config-static-bridge.yaml | 67 +- net-config-static.yaml | 58 +- net-config-undercloud.yaml | 77 + network/config/bond-with-vlans/ceph-storage.yaml | 121 +- network/config/bond-with-vlans/cinder-storage.yaml | 131 +- network/config/bond-with-vlans/compute-dpdk.yaml | 155 +- network/config/bond-with-vlans/compute.yaml | 131 +- .../bond-with-vlans/controller-no-external.yaml | 141 +- network/config/bond-with-vlans/controller-v6.yaml | 165 +- network/config/bond-with-vlans/controller.yaml | 153 +- network/config/bond-with-vlans/swift-storage.yaml | 131 +- network/config/multiple-nics/ceph-storage.yaml | 88 +- network/config/multiple-nics/cinder-storage.yaml | 101 +- network/config/multiple-nics/compute-dvr.yaml | 162 + network/config/multiple-nics/compute.yaml | 108 +- network/config/multiple-nics/controller-v6.yaml | 155 +- network/config/multiple-nics/controller.yaml | 145 +- network/config/multiple-nics/swift-storage.yaml | 101 +- .../ceph-storage.yaml | 95 +- .../cinder-storage.yaml | 109 +- .../single-nic-linux-bridge-vlans/compute.yaml | 113 +- .../controller-v6.yaml | 155 +- .../single-nic-linux-bridge-vlans/controller.yaml | 152 +- .../swift-storage.yaml | 109 +- network/config/single-nic-vlans/ceph-storage.yaml | 87 +- .../config/single-nic-vlans/cinder-storage.yaml | 97 +- network/config/single-nic-vlans/compute.yaml | 97 +- .../single-nic-vlans/controller-no-external.yaml | 107 +- network/config/single-nic-vlans/controller-v6.yaml | 129 +- network/config/single-nic-vlans/controller.yaml | 117 +- network/config/single-nic-vlans/swift-storage.yaml | 97 +- network/endpoints/build_endpoint_map.py | 7 +- network/endpoints/endpoint_data.yaml | 189 +- network/endpoints/endpoint_map.yaml | 6450 +++++++++++++++++--- network/external.yaml | 7 +- network/external_v6.yaml | 7 +- network/internal_api.yaml | 3 +- network/internal_api_v6.yaml | 3 +- network/management.yaml | 9 +- network/management_v6.yaml | 2 +- network/networks.yaml | 2 +- network/ports/ctlplane_vip.yaml | 2 +- network/ports/external.yaml | 2 +- network/ports/external_from_pool.yaml | 2 +- network/ports/external_from_pool_v6.yaml | 2 +- network/ports/external_v6.yaml | 2 +- network/ports/from_service.yaml | 2 +- network/ports/from_service_v6.yaml | 2 +- network/ports/internal_api.yaml | 2 +- network/ports/internal_api_from_pool.yaml | 2 +- network/ports/internal_api_from_pool_v6.yaml | 2 +- network/ports/internal_api_v6.yaml | 2 +- network/ports/management.yaml | 2 +- network/ports/management_from_pool.yaml | 2 +- network/ports/management_from_pool_v6.yaml | 2 +- network/ports/management_v6.yaml | 2 +- network/ports/net_ip_list_map.yaml | 138 +- network/ports/net_ip_map.yaml | 157 +- network/ports/net_vip_map_external.yaml | 2 +- network/ports/net_vip_map_external_v6.yaml | 2 +- network/ports/noop.yaml | 2 +- network/ports/storage.yaml | 2 +- network/ports/storage_from_pool.yaml | 2 +- network/ports/storage_from_pool_v6.yaml | 2 +- network/ports/storage_mgmt.yaml | 2 +- network/ports/storage_mgmt_from_pool.yaml | 2 +- network/ports/storage_mgmt_from_pool_v6.yaml | 2 +- network/ports/storage_mgmt_v6.yaml | 2 +- network/ports/storage_v6.yaml | 2 +- network/ports/tenant.yaml | 2 +- network/ports/tenant_from_pool.yaml | 2 +- network/ports/tenant_from_pool_v6.yaml | 2 +- network/ports/tenant_v6.yaml | 2 +- network/ports/vip.yaml | 2 +- network/ports/vip_v6.yaml | 2 +- network/scripts/run-os-net-config.sh | 148 + network/service_net_map.j2.yaml | 169 + network/service_net_map.yaml | 100 - network/storage.yaml | 3 +- network/storage_mgmt.yaml | 3 +- network/storage_mgmt_v6.yaml | 3 +- network/storage_v6.yaml | 3 +- network/tenant.yaml | 3 +- network/tenant_v6.yaml | 3 +- overcloud-resource-registry-puppet.j2.yaml | 101 +- overcloud.j2.yaml | 246 +- puppet/all-nodes-config.yaml | 316 +- puppet/blockstorage-config.yaml | 41 - puppet/blockstorage-role.yaml | 528 ++ puppet/ceph-storage.yaml | 407 -- puppet/cephstorage-config.yaml | 41 - puppet/cephstorage-role.yaml | 539 ++ puppet/cinder-storage.yaml | 397 -- puppet/compute-config.yaml | 41 - puppet/compute-role.yaml | 565 ++ puppet/compute.yaml | 434 -- puppet/config.role.j2.yaml | 59 + puppet/controller-config-pacemaker.yaml | 38 - puppet/controller-config.yaml | 41 - puppet/controller-role.yaml | 611 ++ puppet/controller.yaml | 483 -- puppet/deploy-artifacts.sh | 2 +- puppet/deploy-artifacts.yaml | 2 +- .../all_nodes/neutron-midonet-all-nodes.yaml | 2 +- .../all_nodes/neutron-ml2-cisco-nexus-ucsm.yaml | 10 +- .../pre_deploy/compute/neutron-ml2-bigswitch.yaml | 2 +- .../pre_deploy/compute/neutron-opencontrail.yaml | 59 - .../extraconfig/pre_deploy/compute/nova-nuage.yaml | 2 +- .../pre_deploy/controller/cinder-dellsc.yaml | 87 - .../pre_deploy/controller/cinder-eqlx.yaml | 86 - .../pre_deploy/controller/cinder-netapp.yaml | 20 +- .../pre_deploy/controller/multiple.yaml | 2 +- .../controller/neutron-ml2-bigswitch.yaml | 2 +- .../controller/neutron-ml2-cisco-n1kv.yaml | 2 +- puppet/extraconfig/pre_deploy/default.yaml | 2 +- puppet/extraconfig/pre_deploy/per_node.yaml | 2 +- puppet/extraconfig/tls/ca-inject.yaml | 2 +- puppet/extraconfig/tls/freeipa-enroll.yaml | 83 + puppet/extraconfig/tls/tls-cert-inject.yaml | 8 +- puppet/major_upgrade_steps.j2.yaml | 239 + puppet/manifests/overcloud_cephstorage.pp | 21 - puppet/manifests/overcloud_compute.pp | 21 - puppet/manifests/overcloud_controller.pp | 21 - puppet/manifests/overcloud_controller_pacemaker.pp | 21 - puppet/manifests/overcloud_object.pp | 21 - puppet/manifests/overcloud_role.pp | 30 + puppet/manifests/overcloud_volume.pp | 21 - puppet/objectstorage-config.yaml | 41 - puppet/objectstorage-role.yaml | 526 ++ puppet/post-upgrade.j2.yaml | 27 + puppet/post.j2.yaml | 125 +- puppet/puppet-steps.j2 | 106 + puppet/role.role.j2.yaml | 560 ++ puppet/services/README.rst | 85 +- puppet/services/aodh-api.yaml | 29 +- puppet/services/aodh-base.yaml | 14 +- puppet/services/aodh-evaluator.yaml | 16 +- puppet/services/aodh-listener.yaml | 16 +- puppet/services/aodh-notifier.yaml | 16 +- .../services/apache-internal-tls-certmonger.yaml | 75 + puppet/services/apache.yaml | 60 +- puppet/services/auditd.yaml | 50 + puppet/services/barbican-api.yaml | 161 + puppet/services/ca-certs.yaml | 2 +- puppet/services/ceilometer-agent-central.yaml | 25 +- puppet/services/ceilometer-agent-compute.yaml | 26 +- puppet/services/ceilometer-agent-notification.yaml | 16 +- puppet/services/ceilometer-api.yaml | 25 +- puppet/services/ceilometer-base.yaml | 29 +- puppet/services/ceilometer-collector.yaml | 16 +- puppet/services/ceilometer-expirer.yaml | 2 +- puppet/services/ceph-base.yaml | 85 +- puppet/services/ceph-client.yaml | 2 +- puppet/services/ceph-external.yaml | 75 +- puppet/services/ceph-mds.yaml | 49 + puppet/services/ceph-mon.yaml | 55 +- puppet/services/ceph-osd.yaml | 84 +- puppet/services/ceph-rgw.yaml | 46 +- puppet/services/cinder-api.yaml | 73 +- puppet/services/cinder-backend-dellps.yaml | 85 + puppet/services/cinder-backend-dellsc.yaml | 85 + puppet/services/cinder-backend-scaleio.yaml | 111 + puppet/services/cinder-backup.yaml | 2 +- puppet/services/cinder-base.yaml | 53 +- puppet/services/cinder-hpelefthand-iscsi.yaml | 56 + puppet/services/cinder-scheduler.yaml | 16 +- puppet/services/cinder-volume.yaml | 21 +- puppet/services/congress.yaml | 116 + puppet/services/database/mongodb-base.yaml | 2 +- puppet/services/database/mongodb.yaml | 9 +- puppet/services/database/mysql-client.yaml | 30 + .../database/mysql-internal-tls-certmonger.yaml | 47 + puppet/services/database/mysql.yaml | 120 +- puppet/services/database/redis-base.yaml | 6 +- puppet/services/database/redis.yaml | 2 +- puppet/services/disabled/glance-registry.yaml | 30 + puppet/services/ec2-api.yaml | 138 + puppet/services/etcd.yaml | 73 + puppet/services/glance-api.yaml | 205 +- puppet/services/glance-base.yaml | 126 + puppet/services/glance-registry.yaml | 98 - puppet/services/gnocchi-api.yaml | 23 +- puppet/services/gnocchi-base.yaml | 14 +- puppet/services/gnocchi-metricd.yaml | 18 +- puppet/services/gnocchi-statsd.yaml | 20 +- .../services/haproxy-internal-tls-certmonger.yaml | 66 + puppet/services/haproxy-public-tls-certmonger.yaml | 41 + puppet/services/haproxy.yaml | 75 +- puppet/services/heat-api-cfn.yaml | 30 +- puppet/services/heat-api-cloudwatch.yaml | 16 +- puppet/services/heat-api.yaml | 30 +- puppet/services/heat-base.yaml | 82 +- puppet/services/heat-engine.yaml | 49 +- puppet/services/horizon.yaml | 102 +- puppet/services/ironic-api.yaml | 13 +- puppet/services/ironic-base.yaml | 3 +- puppet/services/ironic-conductor.yaml | 17 +- puppet/services/keepalived.yaml | 45 +- puppet/services/kernel.yaml | 13 +- puppet/services/keystone.yaml | 119 +- puppet/services/logging/fluentd-base.yaml | 2 +- puppet/services/logging/fluentd-client.yaml | 22 +- puppet/services/logging/fluentd-config.yaml | 4 +- puppet/services/manila-api.yaml | 40 +- puppet/services/manila-backend-cephfs.yaml | 26 +- puppet/services/manila-backend-generic.yaml | 6 +- puppet/services/manila-backend-netapp.yaml | 6 +- puppet/services/manila-base.yaml | 25 +- puppet/services/manila-scheduler.yaml | 11 +- puppet/services/manila-share.yaml | 12 +- puppet/services/memcached.yaml | 17 +- puppet/services/metrics/collectd.yaml | 131 + puppet/services/mistral-api.yaml | 71 + puppet/services/mistral-base.yaml | 94 + puppet/services/mistral-engine.yaml | 57 + puppet/services/mistral-executor.yaml | 57 + puppet/services/monitoring/sensu-base.yaml | 19 +- puppet/services/monitoring/sensu-client.yaml | 39 +- .../network/contrail-analytics-database.yaml | 43 + puppet/services/network/contrail-analytics.yaml | 59 +- puppet/services/network/contrail-base.yaml | 87 +- puppet/services/network/contrail-config.yaml | 30 +- puppet/services/network/contrail-control.yaml | 23 +- puppet/services/network/contrail-database.yaml | 14 +- puppet/services/network/contrail-heat.yaml | 40 + .../services/network/contrail-neutron-plugin.yaml | 45 + puppet/services/network/contrail-provision.yaml | 39 + puppet/services/network/contrail-tsn.yaml | 64 + puppet/services/network/contrail-vrouter.yaml | 64 + puppet/services/network/contrail-webui.yaml | 32 +- puppet/services/neutron-api.yaml | 100 +- puppet/services/neutron-base.yaml | 19 +- .../services/neutron-compute-plugin-midonet.yaml | 2 +- puppet/services/neutron-compute-plugin-nuage.yaml | 2 +- .../neutron-compute-plugin-opencontrail.yaml | 29 - puppet/services/neutron-compute-plugin-ovn.yaml | 26 +- .../services/neutron-compute-plugin-plumgrid.yaml | 2 +- puppet/services/neutron-dhcp.yaml | 21 +- puppet/services/neutron-l3-compute-dvr.yaml | 27 +- puppet/services/neutron-l3.yaml | 45 +- puppet/services/neutron-metadata.yaml | 20 +- puppet/services/neutron-midonet.yaml | 2 +- puppet/services/neutron-ovs-agent.yaml | 49 +- puppet/services/neutron-ovs-dpdk-agent.yaml | 12 +- .../services/neutron-plugin-ml2-fujitsu-cfab.yaml | 73 + .../services/neutron-plugin-ml2-fujitsu-fossw.yaml | 78 + puppet/services/neutron-plugin-ml2-ovn.yaml | 29 +- puppet/services/neutron-plugin-ml2.yaml | 62 +- puppet/services/neutron-plugin-nuage.yaml | 2 +- puppet/services/neutron-plugin-opencontrail.yaml | 74 - puppet/services/neutron-plugin-plumgrid.yaml | 5 +- puppet/services/neutron-sriov-agent.yaml | 7 +- puppet/services/nova-api.yaml | 230 +- puppet/services/nova-base.yaml | 186 +- puppet/services/nova-compute.yaml | 37 +- puppet/services/nova-conductor.yaml | 28 +- puppet/services/nova-consoleauth.yaml | 6 +- puppet/services/nova-ironic.yaml | 10 +- puppet/services/nova-libvirt.yaml | 22 +- puppet/services/nova-metadata.yaml | 14 +- puppet/services/nova-placement.yaml | 129 + puppet/services/nova-scheduler.yaml | 8 +- puppet/services/nova-vnc-proxy.yaml | 11 +- puppet/services/octavia-api.yaml | 98 + puppet/services/octavia-base.yaml | 62 + puppet/services/octavia-health-manager.yaml | 61 + puppet/services/octavia-housekeeping.yaml | 70 + puppet/services/octavia-worker.yaml | 102 + puppet/services/opendaylight-api.yaml | 31 +- puppet/services/opendaylight-ovs.yaml | 30 +- puppet/services/ovn-dbs.yaml | 40 + puppet/services/pacemaker.yaml | 33 +- .../pacemaker/ceilometer-agent-central.yaml | 45 - .../pacemaker/ceilometer-agent-notification.yaml | 45 - puppet/services/pacemaker/ceilometer-api.yaml | 45 - .../services/pacemaker/ceilometer-collector.yaml | 45 - puppet/services/pacemaker/ceph-rbdmirror.yaml | 47 + puppet/services/pacemaker/cinder-api.yaml | 45 - puppet/services/pacemaker/cinder-backup.yaml | 2 +- puppet/services/pacemaker/cinder-scheduler.yaml | 45 - puppet/services/pacemaker/cinder-volume.yaml | 3 +- puppet/services/pacemaker/core.yaml | 29 - puppet/services/pacemaker/database/mongodb.yaml | 42 - puppet/services/pacemaker/database/mysql.yaml | 10 +- puppet/services/pacemaker/database/redis.yaml | 4 +- puppet/services/pacemaker/glance-api.yaml | 74 - puppet/services/pacemaker/glance-registry.yaml | 47 - puppet/services/pacemaker/gnocchi-api.yaml | 45 - puppet/services/pacemaker/gnocchi-metricd.yaml | 47 - puppet/services/pacemaker/gnocchi-statsd.yaml | 46 - puppet/services/pacemaker/haproxy.yaml | 6 +- puppet/services/pacemaker/heat-api-cfn.yaml | 44 - puppet/services/pacemaker/heat-api-cloudwatch.yaml | 44 - puppet/services/pacemaker/heat-api.yaml | 44 - puppet/services/pacemaker/heat-engine.yaml | 45 - puppet/services/pacemaker/horizon.yaml | 41 - puppet/services/pacemaker/keystone.yaml | 45 - puppet/services/pacemaker/manila-share.yaml | 2 +- puppet/services/pacemaker/memcached.yaml | 42 - puppet/services/pacemaker/neutron-dhcp.yaml | 46 - puppet/services/pacemaker/neutron-l3.yaml | 46 - puppet/services/pacemaker/neutron-metadata.yaml | 44 - puppet/services/pacemaker/neutron-midonet.yaml | 41 - puppet/services/pacemaker/neutron-ovs-agent.yaml | 42 - puppet/services/pacemaker/neutron-plugin-ml2.yaml | 42 - .../services/pacemaker/neutron-plugin-nuage.yaml | 40 - .../pacemaker/neutron-plugin-opencontrail.yaml | 40 - .../pacemaker/neutron-plugin-plumgrid.yaml | 40 - puppet/services/pacemaker/neutron-server.yaml | 48 - puppet/services/pacemaker/nova-api.yaml | 45 - puppet/services/pacemaker/nova-conductor.yaml | 45 - puppet/services/pacemaker/nova-consoleauth.yaml | 45 - puppet/services/pacemaker/nova-scheduler.yaml | 45 - puppet/services/pacemaker/nova-vnc-proxy.yaml | 45 - puppet/services/pacemaker/rabbitmq.yaml | 31 +- puppet/services/pacemaker/sahara-api.yaml | 45 - puppet/services/pacemaker/sahara-engine.yaml | 45 - puppet/services/pacemaker_remote.yaml | 57 + puppet/services/panko-api.yaml | 105 + puppet/services/panko-base.yaml | 74 + puppet/services/rabbitmq.yaml | 27 +- puppet/services/sahara-api.yaml | 6 +- puppet/services/sahara-base.yaml | 17 +- puppet/services/sahara-engine.yaml | 6 +- puppet/services/services.yaml | 39 +- puppet/services/snmp.yaml | 6 +- puppet/services/sshd.yaml | 34 + puppet/services/swift-base.yaml | 2 +- puppet/services/swift-proxy.yaml | 83 +- puppet/services/swift-ringbuilder.yaml | 21 +- puppet/services/swift-storage.yaml | 34 +- puppet/services/tacker.yaml | 116 + puppet/services/time/ntp.yaml | 10 +- puppet/services/time/timezone.yaml | 2 +- puppet/services/tripleo-firewall.yaml | 4 +- puppet/services/tripleo-packages.yaml | 14 +- puppet/services/vip-hosts.yaml | 56 - puppet/services/zaqar.yaml | 86 + puppet/swift-storage.yaml | 396 -- puppet/upgrade_config.yaml | 58 + releasenotes/notes/6.0.0-b52a14a71fc62788.yaml | 125 + .../add-default-ntp-server-696b8568e09be497.yaml | 6 + .../notes/composable-ha-37e2d7e1f57f5c10.yaml | 12 + .../composable-upgrades-d9ec7c634365e8e0.yaml | 14 + .../notes/deployed-servers-fd47f18204cea105.yaml | 8 + .../notes/ha-by-default-55326e699ee8602c.yaml | 5 + .../ironic-cleaning-network-1e06881df0402221.yaml | 10 + .../notes/keystone_internal-53cc7b24ebdd9df4.yaml | 9 + .../manila-with-managed-ceph-e5178fd06127624f.yaml | 11 + .../memcached-max-memory-ef6834d17953fca6.yaml | 7 + ...tavia-service-integration-03bd3eb6cfe1efaf.yaml | 4 + .../notes/puppet-auditd-6504295e8c6c7a3b.yaml | 9 + releasenotes/source/_static/.placeholder | 0 releasenotes/source/conf.py | 264 + releasenotes/source/index.rst | 18 + releasenotes/source/unreleased.rst | 5 + requirements.txt | 7 +- roles_data.yaml | 74 +- roles_data_undercloud.yaml | 35 + scripts/hosts-config.sh | 39 + setup.py | 11 +- test-requirements.txt | 10 +- tools/process-templates.py | 168 + tools/releasenotes_tox.sh | 28 + tools/tox_install.sh | 30 + tools/yaml-nic-config-2-script.py | 219 + tools/yaml-validate.py | 115 + tox.ini | 11 +- 561 files changed, 26052 insertions(+), 10496 deletions(-) Requirements updates -------------------- diff --git a/requirements.txt b/requirements.txt index 4e46b89..057aa28 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1 +1,6 @@ -pbr>=0.5.21,<1.0 +# The order of packages is significant, because pip processes them in the order +# of appearance. Changing the order has an impact on the overall integration +# process, which may cause wedges in the gate later. +pbr>=1.8 # Apache-2.0 +Jinja2!=2.9.0,!=2.9.1,!=2.9.2,!=2.9.3,!=2.9.4,>=2.8 # BSD License (3 clause) +six>=1.9.0 # MIT diff --git a/test-requirements.txt b/test-requirements.txt index c3726e8..06bce5a 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -1 +1,9 @@ -pyyaml +# The order of packages is significant, because pip processes them in the order +# of appearance. Changing the order has an impact on the overall integration +# process, which may cause wedges in the gate later. +PyYAML>=3.10.0 # MIT +Jinja2!=2.9.0,!=2.9.1,!=2.9.2,!=2.9.3,!=2.9.4,>=2.8 # BSD License (3 clause) +six>=1.9.0 # MIT +sphinx!=1.3b1,<1.4,>=1.2.1 # BSD +oslosphinx>=4.7.0 # Apache-2.0 +reno>=1.8.0 # Apache-2.0

1 0

[tripleo] tripleo-puppet-elements 6.0.0 (ocata)
by no-reply＠openstack.org 08 Mar '17

08 Mar '17

We are overjoyed to announce the release of: tripleo-puppet-elements 6.0.0: Puppet building rules for OpenStack images. This release is part of the ocata release series. Download the package from: https://tarballs.openstack.org/tripleo-puppet-elements/ For more details, please see below. 6.0.0 ^^^^^ New Features * Adds puppet-systemd which can be used to create or modify systemd unit service files and set system limits. Changes in tripleo-puppet-elements 5.0.0..6.0.0 ----------------------------------------------- bb18776 Adds puppet-systemd 3e6bc8c Update .gitreview for stable/ocata 1a97231 Adding congress package to overcloud ee4790d Adding tacker package to overcloud 835a1de Add release notes for Ocata-3 4c72096 Revert "Add qpid-dispatch-router to overcloud-controller element" 84b3918 Add reno support 688584c Add explicit install of net-snmp 2f8264b Change upstream URL for puppet-contrail 5b742b1 Remove carbonara package reference 7ab27c7 Add reference to puppet-auditd 753c8cc Octavia integration d0011bb Add reference to puppet-ipaclient 9a07055 Add openstack-nova-placement-api support d95605b Add openstack-ec2-api package to overcloud-controller element b886d7b Delete unnecessary utf-8 coding 9a6f672 Add rbd-mirror to the overcloud-controller element 550e116 Add ipa-admintools package to the overcloud. 164632a Install Curator from RPM in MidoNet element bf65a5e opstools: ensure that collectd is available on overcloud images 2744aa6 Add panko to base controller image 8fa35f7 overcloud-base sets DIB_DEFAULT_INSTALLTYPE=package 6f3cca0 Install docker in overcloud-base element 2886ca4 Install hiera orc files via install.d 6ec9d65 Move nova.conf truncation into separate element eea6d6f Adding networking-bgpvpn package to overcloud-controller element 20e6f9b Add ceph-mds to the overcloud-controller element 94345e0 Show team and repo badges on README f395fd4 Add qpid-dispatch-router to overcloud-controller element 58c65b5 Add puppet-qdr module 41ee989 Disable old hiera.yaml o-a-c script e58dc17 Enable MidoNet element to install MEM b16ea25 Separate Datastax repository from the Midonet one 464e5b1 Installs more packages with the Midonet element 82ccb48 update required packages for opstools support 88943a1 Remove redundant 'the' 59e5ff6 Pin puppetlabs-ntp when installing from source 7465fc4 Element overcloud-agent replaces os-collect-config 2770e40 Update git commit sources for Midonet element 5a759f0 Add ipa-client package to overcloud-controller image 70ba06e Open tripleo-puppet-elements for Ocata b0a4b7d Change puppet-pacemaker repo from github.com to openstack.org Diffstat (except docs and test files) ------------------------------------- .gitignore | 3 + .gitreview | 1 + README.md | 7 + elements/hiera/10-hiera-disable | 20 ++ elements/hiera/40-hiera-datafiles | 74 ++++++ elements/hiera/element-deps | 1 + elements/hiera/install.d/11-hiera-orc-install | 8 + .../configure.d/40-hiera-datafiles | 74 ------ .../configure.d/40-truncate-nova-config | 14 -- elements/overcloud-agent/README.md | 122 ++++++++++ elements/overcloud-agent/element-deps | 1 + .../install.d/10-enable-os-collect-config | 4 + elements/overcloud-agent/package-installs.yaml | 2 + elements/overcloud-agent/pkg-map | 10 + .../environment.d/02-export-install-types.bash | 1 + .../install.d/package-installs-overcloud-base | 2 + elements/overcloud-base/pkg-map | 4 +- elements/overcloud-ceph-storage/element-deps | 1 + .../package-installs-overcloud-ceph-storage | 4 - elements/overcloud-ceph-storage/pkg-map | 6 +- elements/overcloud-cinder-volume/element-deps | 1 + .../package-installs-overcloud-cinder-volume | 4 - elements/overcloud-cinder-volume/pkg-map | 4 - elements/overcloud-compute/element-deps | 1 + .../install.d/package-installs-overcloud-compute | 4 - elements/overcloud-compute/pkg-map | 6 +- .../overcloud-contrail-controller/element-deps | 1 + .../package-installs-overcloud-contrail-controller | 4 - elements/overcloud-contrail-controller/pkg-map | 6 +- elements/overcloud-controller/element-deps | 1 + .../package-installs-overcloud-controller | 20 +- elements/overcloud-controller/pkg-map | 20 +- elements/overcloud-network-midonet/element-deps | 1 + .../environment.d/02-midonet-envs.bash | 3 + .../extra-data.d/60-create-midonet-repositories | 28 ++- .../overcloud-network-midonet/extra-data.d/curator | 6 + .../extra-data.d/datastax | 6 + .../extra-data.d/elasticsearch | 6 + .../extra-data.d/logstash | 6 + .../extra-data.d/midonet-mem | 15 +- .../extra-data.d/vbernat-llpd | 6 + .../install.d/00-midonet-manager | 11 + .../package-installs-overcloud-network-midonet | 8 +- elements/overcloud-network-midonet/pkg-map | 10 +- .../source-repository-overcloud-network-midonet | 5 +- elements/overcloud-opstools/README.md | 1 + elements/overcloud-opstools/element-deps | 2 + .../install.d/package-installs-overcloud-opstools | 27 +++ elements/overcloud-opstools/pkg-map | 31 +++ elements/puppet-modules/README.md | 10 +- .../environment.d/01-puppet-module-pins.sh | 3 + .../02-puppet-modules-install-types.sh | 8 + .../source-repository-puppet-modules | 12 +- elements/puppet/README.md | 2 +- .../truncate-nova-config/40-truncate-nova-config | 14 ++ elements/truncate-nova-config/README.md | 1 + elements/truncate-nova-config/element-deps | 1 + .../install.d/11-truncate-nova-orc-install | 7 + releasenotes/notes/6.0.0-0d097c704b6602e8.yaml | 23 ++ .../adds_puppet_systemd-fe0658caedfb342f.yaml | 5 + releasenotes/source/_static/.placeholder | 0 releasenotes/source/conf.py | 264 +++++++++++++++++++++ releasenotes/source/index.rst | 18 ++ releasenotes/source/unreleased.rst | 5 + test-requirements.txt | 1 + tools/releasenotes_tox.sh | 28 +++ tools/tox_install.sh | 30 +++ tox.ini | 4 +- 69 files changed, 876 insertions(+), 165 deletions(-) Requirements updates -------------------- diff --git a/test-requirements.txt b/test-requirements.txt index d742d62..7667146 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -6,0 +7 @@ testrepository>=0.0.18 +reno>=1.8.0 # Apache-2.0

1 0

[tripleo] tripleo-image-elements 6.0.0 (ocata)
by no-reply＠openstack.org 08 Mar '17

08 Mar '17

We are satisfied to announce the release of: tripleo-image-elements 6.0.0: Disk image builder elements for deploying OpenStack. This release is part of the ocata release series. Download the package from: https://tarballs.openstack.org/tripleo-image-elements/ For more details, please see below. Changes in tripleo-image-elements 5.0.0..6.0.0 ---------------------------------------------- ad33b59 Update .gitreview for stable/ocata 662ba39 Follow HTTP/HTTPS redirects 8597926 Add release notes for Ocata-3 fbfe282 Add reno support 96cb130 Add a script to zero /etc/sysconfig/ip6tables at build time 00b9869 Set IRONIC_AGENT_MULTIPATH_DRIVERS to '' when undefined 15b5776 Add element to customize dracut on the agent f6f9321 Purge chrony package in NTP element 48c2a3f Add a script to zero /etc/sysconfig/iptables at build time 4c51932 Add element to rebuild dracut enabling modules b9fb532 Copy map-services script to tripleo elements c538d27 Show team and repo badges on README 866bf14 Don't depend on os-collect-config element 7863089 Remove vim configuration in source file 2312f80 Fix typos in README.md & rootwrap.conf 8688c28 Set correct content-type for o-r-c curl calls 4b16047 Include lsb_release in the hosts element since it's used there. 3648c68 Make 'module' directives match filenames 8692ae9 Fix tr syntax in 51-hosts fae231a Open tripleo-image-elements for Ocata a5fdfee Remove galera package from being explicitly installed with mariadb 2c9e505 Add zaqar.use_websockets option to o-c-c Diffstat (except docs and test files) ------------------------------------- .gitignore | 3 + .gitreview | 1 + README.md | 7 + .../os-apply-config/etc/cinder/rootwrap.conf | 6 +- .../delorean-repo/pre-install.d/01-delorean-repo | 8 +- .../hosts/os-refresh-config/configure.d/51-hosts | 2 +- elements/hosts/package-installs.yaml | 1 + elements/hosts/pkg-map | 7 + elements/iptables/install.d/99-empty-iptables | 9 + elements/ironic-agent-multipath/README.rst | 10 + elements/ironic-agent-multipath/element-deps | 2 + .../environment.d/10-ironic-agent-multipath.bash | 4 + .../finalise.d/98-regenerate-initramfs | 17 ++ .../ironic-agent-multipath/package-installs.yaml | 2 + elements/mariadb/install.d/10-mariadb-packages | 2 +- elements/ntp/install.d/50-ntp | 5 + .../os-apply-config/etc/os-collect-config.conf | 3 + elements/os-refresh-config/element-deps | 1 - .../post-configure.d/99-refresh-completed | 4 +- elements/os-svc-install/bin/map-services-tripleo | 95 ++++++++ .../os-svc-install/install.d/04-os-svc-install | 2 + elements/os-svc-install/upstart/os-svc-enable.conf | 2 - elements/overcloud-dracut/README.rst | 7 + elements/overcloud-dracut/element-deps | 2 + .../finalise.d/98-regenerate-initramfs | 13 + elements/overcloud-dracut/package-installs.yaml | 2 + elements/rdo-release/README.md | 2 +- .../custom-policies/tripleo-selinux-mariadb.te | 2 +- .../custom-policies/tripleo-selinux-rabbitmq.te | 2 +- releasenotes/notes/6.0.0-0d097c704b6602e8.yaml | 37 +++ releasenotes/source/_static/.placeholder | 0 releasenotes/source/conf.py | 264 +++++++++++++++++++++ releasenotes/source/index.rst | 18 ++ releasenotes/source/unreleased.rst | 5 + test-requirements.txt | 1 + tools/releasenotes_tox.sh | 28 +++ tools/tox_install.sh | 30 +++ tox.ini | 4 +- 38 files changed, 592 insertions(+), 18 deletions(-) Requirements updates -------------------- diff --git a/test-requirements.txt b/test-requirements.txt index e1d0224..4c9a602 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -6,0 +7 @@ testrepository>=0.0.18 +reno>=1.8.0 # Apache-2.0

1 0

[openstackansible] openstack-ansible-os_nova 15.0.0 (ocata)
by no-reply＠openstack.org 08 Mar '17

08 Mar '17

We are pleased to announce the release of: openstack-ansible-os_nova 15.0.0: os_nova for OpenStack Ansible This release is part of the ocata release series. Download the package from: https://tarballs.openstack.org/openstack-ansible-os_nova/ For more details, please see below. 15.0.0 ^^^^^^ New Features * Capping the default value for the variables "nova_wsgi_processes", "nova_osapi_compute_workers", "nova_metadata_workers" and "nova_conductor_workers" to 16 when the user doesn't configure these variables. Default value is half the number of vCPUs available on the machine with a capping value of 16. * The "nova-placement" service is now configured by default. "nova_placement_service_enabled" can be set to "False" to disable the "nova-placement" service. * The "nova-placement" api service will run as its own ansible group "nova_api_placement". * Nova cell_v2 support has been added. The default cell is "cell1" which can be overridden by the "nova_cell1_name". Support for multiple cells is not yet available. Changes in openstack-ansible-os_nova 14.0.0.0rc2..15.0.0 -------------------------------------------------------- 3569d76 Install python2-pyOpenSSL package on CentOS ac004fd Adjust ordering for nova_db_setup 82c9107 Change /etc/default/libvirt-bin to libvirtd 4d210c7 Split upgrade testing into it's own shell script 657d10c Adjust ansible_hostname to ansible_nodename 0358e28 Reload nginx instead of restart ca9cdc4 Cap the number of worker threads 6652653 Remove uwsgi http port and add var for buffer-size 43d9388 Ordered service restarts 4c79a76 Fix cell enrollment wait conditional 1d1923b Move nova-lxd to stable/ocata branch 7108da4 Enable cell auto enrollment 345bdce Setup "os_interface" option for placement service 2ee2394 Remove UCA/RDO in role b6e1609 Implementing stricter permissions on config files 08cc234 Add variable to enable integration with barbican 3328ef1 Update repo for stable/ocata c88375b Combine package install tasks c45bab5 Wait for nova-compute service registration 4d4cfd6 Fix idempotence for nova cell1 create d342a52 Use ocata component for UCA c263b74 Work around Trusty CI bindep issue 100f6f1 Fix nova.conf to reduce deprecation warnings. 9ade2d9 Update paste, policy and rootwrap configurations 2017-02-02 74ef3d9 Update UPPER_CONSTRAINTS_FILE for stable/ocata 3738794 Update .gitreview for stable/ocata 966ea26 Add nova-placement-api service and cell_v2 setup a89f13c Use systemd module instead of shell 51816f0 Change permission for conf folder 6490250 Cap the number of worker threads 6cb72a2 Enable systemd service which disables smt 72e4e7d Split upgrade test into its own play f982a56 Update paste, policy and rootwrap configurations 2017-01-19 a05a804 Fix tox.ini to work with ansible 2.2.1.0 d7e8071 Add pull for nova-lxd rootwrap filter f7670e3 Add nova-lxd storage-pool option for ZFS storage backend 27173a7 Cleanup of developer mode logic 6eafe10 Bring consistency to tags 5807424 Fixes incorrect variable used for ironic user name a28e7c5 Add which in CentOS package list 8e6bf7a Additional fix for venv build fallback ed97bd7 Fix venv build fallback mechanism 68a7db9 Allow override of the repo filename 9ef1ecf Update and clean up run_tests.sh dae54d6 Remove pki support 12b2374 Update repository with reference to role git location 1f35394 Fix centos gate job for CentOS 8f8a6b6 Fixed confusing console keymap variables 167fe1b Remove Trusty support from os_nova role 3916b54 Update paste, policy and rootwrap configurations 2016-12-10 9863267 resolve config deprecations 1c9ebce Nova upgrade testing. 41df5aa Remove the -d flag to libvirtd when using systemd 1227539 Delete deprecated Hacking in tox.ini 0f11ba6 Updated from global requirements dd0cbb4 Point roles docs bugs to openstack-ansible LP 5c80388 Use new ansible package module to install distro packages. cbd64aa Add custom interfaces file and update docs for PowerVM RMC 2c875dc Fix virtualenv-tools issue e61ecae Show team and repo badges on README 5678639 Remove join filter from optional pip module tasks debf05d Using updated tempest method for nova. 2b87253 Deprecate scheduler_max_attempts option 1e3090a Reinitialize venv upon install 83a9864 Add CentOS support for os_nova fcb78e1 Fix qemu_conf_dict not defined 6846f56 Rename tmpfiles.d files 159b50b Do not configure smt disabling init scripts always 00f7796 Use ansible_service_mgr fact c63ddb0 Remove join filter from pip module tasks 42904c4 Use updated get_url module checksum functionality 6be7518 Fix tmpfiles.d when multiple service are running 4f7a87e Use apt_repository update_cache feature 933b73f Adding support for Designate notifications. 59ea9b1 Adding pyOpenSSL for nova-lxd gate. c24ddc6 Remove ansible<2.2 apt cache hack 244a830 Simplify pip options/constraints mechanism e70e626 Updated from global requirements 55c89fc Disable SMT for ppc64 hypervisor and set VNC 6361372 Fix linting issues for ansible-lint 3.4.1 59b855a Change protocol of novalink url. 1d4c3ad Fix permissions for the Nova lock directory in systemd e659628 Identify virt type of PowerVM and KVM on Power b082fe9 Use upper constraints for all tox targets cd39587 [DOCS] Added release-name as a watermark to Docs. 34cfe72 Move ironic pip install into it's own path 4253d20 Remove 'ignore_errors: true' in favor of 'failed_when: false' c88cd87 Remove nova-cert 48c99a5 Fix api_paste_config option 3f91e25 Delegate from first available compute host 8ab98e1 Fix ironic compute_driver d1c0549 Use centralised Ansible test scripts 8fc0304 Ensure that novnc/spice consoles use the public endpoint protocol 4bb01af Enable release notes translation 5fff317 Update paste, policy and rootwrap configurations 2016-10-06 1b34f8b Fix race condition for nova_compute installation 8a7dca5 Remove install_test_packages variable dbef981 Remove dynamic inclusion from inventory-based service setup be678ea Move "--no-binary libvirt-python" to ansible-tests 9b3a9a8 Updated from global requirements 9a17ca6 Use dictionary for service group mappings a2ffeab Run tempest tests 2037030 Update reno for stable/newton 81aee82 Update ironic auth options for Keystone v3 auth b838299 Use centralised test scripts Diffstat (except docs and test files) ------------------------------------- .gitignore | 5 +- .gitreview | 1 + README.rst | 10 +- Vagrantfile | 2 +- bindep.txt | 2 +- defaults/main.yml | 167 ++++++++++++++----- files/rootwrap.d/compute.filters | 6 + files/rootwrap.d/lxd.filters | 6 + files/smt.conf | 10 ++ files/smt.service | 24 +++ handlers/main.yml | 75 +++++++-- manual-test.rc | 2 +- meta/main.yml | 3 +- .../apt-source-filenamed-e710006ed93a9c67.yaml | 5 + .../capping_nova_workers-349f0f4d3fd50b37.yaml | 7 + .../notes/nova-placement-api-07ce03fdceb95c6d.yaml | 12 ++ .../os-nova-remove-nova-cert-441989f79b69524f.yaml | 5 + .../os_nova-centos-support-4ada2ade2b9dd8c9.yaml | 3 + .../powervm-novalink-url-c5f9377e4f7971af.yaml | 7 + .../remove-requirements-git-c8a762c5172f25c7.yaml | 12 ++ .../support-powervm-rmc-dedce9da5fdd1bea.yaml | 7 + releasenotes/source/conf.py | 3 + releasenotes/source/index.rst | 1 + releasenotes/source/newton.rst | 6 + tasks/main.yml | 58 +++++-- tasks/nova_compute.yml | 18 +- tasks/nova_compute_ironic.yml | 32 ++++ tasks/nova_compute_key_distribute.yml | 9 +- tasks/nova_compute_kvm.yml | 61 +++++-- tasks/nova_compute_kvm_install.yml | 14 +- tasks/nova_compute_kvm_virsh_net_remove.yml | 10 +- tasks/nova_compute_lxd.yml | 5 + tasks/nova_compute_lxd_install.yml | 10 +- tasks/nova_compute_powervm.yml | 19 ++- tasks/nova_compute_powervm_install.yml | 42 +---- tasks/nova_compute_qemu.yml | 1 + tasks/nova_compute_wait.yml | 25 +++ tasks/nova_console_novnc_install.yml | 10 +- tasks/nova_console_novnc_ssl.yml | 5 + tasks/nova_db_post_setup.yml | 35 ++++ tasks/nova_db_setup.yml | 48 +++++- tasks/nova_disable_smt.yml | 41 +++++ tasks/nova_init.yml | 101 ----------- tasks/nova_init_common.yml | 25 +-- tasks/nova_init_systemd.yml | 53 ++++-- tasks/nova_init_upstart.yml | 36 ---- tasks/nova_install.yml | 170 +++++++------------ tasks/nova_install_apt.yml | 127 ++------------ tasks/nova_install_yum.yml | 25 +++ tasks/nova_placement.yml | 58 +++++++ tasks/nova_placement_nginx.yml | 56 +++++++ tasks/nova_placement_service_setup.yml | 103 ++++++++++++ tasks/nova_placement_uwsgi.yml | 50 ++++++ tasks/nova_post_install.yml | 6 +- tasks/nova_pre_install.yml | 10 +- tasks/nova_virt_detect.yml | 6 +- templates/api-paste.ini.j2 | 13 +- templates/libvirtd.conf.j2 | 2 +- templates/lxd-init.sh.j2 | 3 + templates/nova-interfaces-template.j2 | 51 ++++++ templates/nova-placement-nginx.conf.j2 | 23 +++ templates/nova-placement-uwsgi.ini.j2 | 20 +++ templates/nova-systemd-init.j2 | 10 +- templates/nova-systemd-tempfiles.j2 | 4 - templates/nova-systemd-tmpfiles.j2 | 5 + templates/nova-upstart-init.j2 | 42 ----- templates/nova.conf.j2 | 184 +++++++++++++-------- templates/qemu.conf.j2 | 2 + test-requirements.txt | 11 +- tox.ini | 168 ++++++------------- vars/common.yml | 30 ++++ vars/redhat-7.yml | 71 ++++++++ vars/ubuntu-14.04.yml | 100 ----------- vars/ubuntu-16.04.yml | 21 ++- 91 files changed, 2002 insertions(+), 1069 deletions(-) Requirements updates -------------------- diff --git a/test-requirements.txt b/test-requirements.txt index 0e69546..a5433f9 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -8 +8 @@ pyOpenSSL>=0.14 # Apache-2.0 -requests>=2.10.0 # Apache-2.0 +requests!=2.12.2,>=2.10.0 # Apache-2.0 @@ -12,3 +12,6 @@ ndg-httpsclient>=0.4.2;python_version<'3.0' # BSD -sphinx!=1.3b1,<1.3,>=1.2.1 # BSD -oslosphinx!=3.4.0,>=2.5.0 # Apache-2.0 -reno>=1.8.0 # Apache2 +sphinx!=1.3b1,<1.4,>=1.2.1 # BSD +oslosphinx>=4.7.0 # Apache-2.0 +openstackdocstheme>=1.5.0 # Apache-2.0 +doc8 # Apache-2.0 +reno>=1.8.0 # Apache-2.0 +sphinxmark>=0.1.14 # Apache-2.0

1 0

[openstackansible] openstack-ansible-os_neutron 15.0.0 (ocata)
by no-reply＠openstack.org 08 Mar '17

08 Mar '17

We are gleeful to announce the release of: openstack-ansible-os_neutron 15.0.0: os_neutron role for OpenStack- Ansible This release is part of the ocata release series. Download the package from: https://tarballs.openstack.org/openstack-ansible-os_neutron/ For more details, please see below. 15.0.0 ^^^^^^ New Features ************ * The number of worker threads for neutron will now be capped at 16 unless a specific value is specified. Previously, the calculated number of workers could get too high on systems with a large number of processors. This was particularly evident on POWER systems. * Capping the default value for the variables "neutron_api_workers", "neutron_num_sync_threads" and "neutron_metadata_workers" to 16 when the user doesn't configure these variables. Default value is half the number of vCPUs available on the machine with a capping value of 16. * The "dragonflow" plugin for neutron is now available. You can set the "neutron_plugin_type" to "ml2.dragonflow" to utilize this code path. The "dragonflow" code path is currently experimental. Upgrade Notes ************* * The variable "neutron_dhcp_domain" has been renamed to "neutron_dns_domain". Changes in openstack-ansible-os_neutron 14.0.0.0rc2..15.0.0 ----------------------------------------------------------- e8fc955 Install python2-pyOpenSSL package on CentOS 5917c1b Cap the number of worker threads 4435092 Install packages in one step 13f01b0 Add program name to neutron init tasks 83a8f57 Rename neutron_dhcp_domain to neutron_dns_domain ad9f722 Include l3-ha for openvswitch based deployments 2db048d Update paste, policy and rootwrap configurations 2017-02-15 c6f8dce Remove UCA/RDO in role c4fcf37 Implement Dragonflow deployment 69e52f0 Implementing stricter permissions on config files 8f2a179 Work around Trusty CI bindep issue df33b29 Update repo for stable/ocata 9872b07 Use ocata component for UCA c6304d4 Update UPPER_CONSTRAINTS_FILE for stable/ocata 5e76e63 Update .gitreview for stable/ocata 7454e60 Implementation Neutron SR-IOV 3eaa45b Update paste, policy and rootwrap configurations 2017-01-26 aa2a428 Update paste, policy and rootwrap configurations 2017-01-24 a9ff02a Change permission for conf folder 61b6782 Add heat metadata checksum fix for AIO-type network config 72f2166 Split out neutron upgrade test 15d00f7 Fix tox.ini to work with ansible 2.2.1.0 da627b4 Remove unused registered var 6026308 Ensure neutron_bin gets created c653a29 Cleanup of developer mode logic 6aaf1e7 Use full path for metering_agent interface_Driver 29fce57 Fix broken links 1b1df28 Bring consistency to tags b68e3a3 Add checksum script for CentOS AIO. 78bbecd Add which in CentOS package list df301ce Additional fix for venv build fallback 066c18b Fix venv build fallback mechanism 9e9d042 Keep the N behavior optionally b5c629b Update and clean up run_tests.sh 32207fc Allow override of the repo filename 8cf982b Update paste, policy and rootwrap configurations 2016-12-30 b637eb9 Remove pki support bca925b Update paste, policy and rootwrap configurations 2016-12-23 a6d825e Update repository with reference to role git location fdfa9b4 Clean up DVR conditionals 00c1bb4 Remove Trusty support from os_neutron role c1c28c6 Ensure correct VPNaaS package is installed de86131 Neutron upgrade testing. c39e7c6 Delete deprecated Hacking in tox.ini bfe5e0f Updated from global requirements 75cdd69 Point roles docs bugs to openstack-ansible LP e327ccd Use new ansible package module to install distro packages. 9bd5175 Fix virtualenv-tools issue 96ea32f Show team and repo badges on README 40b8d4a Using updated tempest method for neutron. b483a78 Remove join filter from optional pip module tasks 81e5aa6 Add region awareness to the neutron ha tool 08e8419 Fix stevedore warnings f27442f Remove join filter from pip module tasks e7bcb31 Reinitialize venv upon install 9fc9ffa Fix reversed calico override vars 898ea99 Rename tmpfiles.d files 7a05132 Use ansible_service_mgr fact 1ee6c09 Fix tmpfiles.d when multiple service are running. 7cbcc7b Use updated get_url module checksum functionality e27795e Add ocata to the releases list ca9ab39 Remove ansible<2.2 apt cache hack f588c45 Optimise optional pip package installation 9d750ba Adding support for Designate notifications. d4dd9df Move optional plugin installs out of the venv 2d248ad Change Calico package to Felix 2c7c486 Simplify pip options/constraints mechanism aa159da Fix OVS kernel module vars f2a568d Updated from global requirements cf56eca Fix linting issues for ansible-lint 3.4.1 1d02538 Fix perms issue for dnsmasq on CentOS. 8fda2b7 Update paste, policy and rootwrap configurations 2016-10-21 3ded614 [FIX] Changed neutron_driver_interface removed variable 935539c Use upper constraints for all tox targets 291ad18 [DOCS] Added release-name as a watermark to Docs. 8980f25 Move to use Tempest tests for Neutron 7849c7d Remove 'ignore_errors: true' in favor of 'failed_when: false' 31a11a1 Set calico wheel name for py_pkgs lookup 96ad291 Enable release notes translation 71ebd43 Calico is now Felix... who knew?! 6ab8f43 Use centralised Ansible test scripts aa995b8 Add missing space in tasks indentation 491b278 Add CentOS support for os_neutron 320d326 Remove install_test_packages variable cec9b07 Revert dynamic include for inventory-based conditionals 29f02c1 Fix dhcp-agent-list-hosting-net race condition 52965e1 Fix race condition on starting services abeecba Updated from global requirements d8ca8cb Update reno for stable/newton da9916a Use centralised test scripts cfb341a Add conditional around the pid clean up process Diffstat (except docs and test files) ------------------------------------- .gitignore | 5 +- .gitreview | 1 + README.rst | 9 + Vagrantfile | 4 +- bindep.txt | 2 +- defaults/main.yml | 215 ++++++++++++++++----- files/post-up-metadata-checksum | 6 + files/rootwrap.d/dhcp.filters | 5 +- files/rootwrap.d/dragonflow-controller.filters | 11 ++ files/rootwrap.d/iptables-firewall.filters | 9 +- files/rootwrap.d/l3.filters | 9 +- files/rootwrap.d/netns-cleanup.filters | 12 ++ files/rootwrap.d/privsep.filters | 31 +++ handlers/main.yml | 5 +- library/neutron_migrations_facts | 4 +- manual-test.rc | 2 +- meta/main.yml | 15 +- .../apt-source-filenamed-2cc698add82f5eea.yaml | 5 + .../notes/cap-workers-fc70b4f8586ba1a5.yaml | 6 + .../capping_neutron_workers-d97a5d50ca996af5.yaml | 6 + ...eutron-dragonflow-support-fce23f85c6a0bebd.yaml | 7 + .../notes/neutron-sriov-50c0099554574d01.yaml | 7 + ...ron-deprecate-dhcp-domain-63b4c4dfbccd3a3a.yaml | 4 + ...os_neutron-centos-support-6e3aede0f8b13af4.yaml | 3 + .../remove-requirements-git-212d02658644c17b.yaml | 7 + releasenotes/source/conf.py | 3 + releasenotes/source/index.rst | 1 + releasenotes/source/newton.rst | 6 + tasks/calico_config.yml | 10 +- tasks/calico_init.yml | 4 - tasks/dragonflow.yml | 119 ++++++++++++ tasks/main.yml | 31 ++- tasks/neutron_db_setup.yml | 4 +- tasks/neutron_init.yml | 13 ++ tasks/neutron_init_common.yml | 45 ++++- tasks/neutron_init_systemd.yml | 53 ----- tasks/neutron_init_upstart.yml | 28 --- tasks/neutron_install-apt.yml | 114 ----------- tasks/neutron_install.yml | 157 ++++++++------- tasks/neutron_l3_ha.yml | 2 + tasks/neutron_post_install.yml | 49 +++-- tasks/neutron_pre_install.yml | 11 +- tasks/nuage_neutron_config.yml | 4 +- templates/api-paste.ini.j2 | 11 +- templates/dhcp_agent.ini.j2 | 8 +- templates/dragonflow.ini.j2 | 58 ++++++ templates/metadata_agent.ini.j2 | 5 +- templates/metering_agent.ini.j2 | 10 +- templates/neutron-ha-tool.py.j2 | 3 + templates/neutron-systemd-tempfiles.j2 | 4 - templates/neutron-systemd-tmpfiles.j2 | 5 + templates/neutron-upstart-init.j2 | 42 ---- templates/neutron.conf.j2 | 37 ++-- templates/plugins/ml2/linuxbridge_agent.ini.j2 | 8 + templates/plugins/ml2/ml2_conf.ini.j2 | 2 +- templates/plugins/ml2/sriov_nic_agent.ini.j2 | 9 + templates/vpnaas_agent.ini.j2 | 2 +- test-requirements.txt | 10 +- tox.ini | 186 ++++++------------ vars/common.yml | 26 +++ vars/redhat-7.yml | 45 +++++ vars/ubuntu-14.04.yml | 54 ------ vars/ubuntu-16.04.yml | 10 +- 84 files changed, 1596 insertions(+), 952 deletions(-) Requirements updates -------------------- diff --git a/test-requirements.txt b/test-requirements.txt index 8fdd8d8..a5433f9 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -8 +8 @@ pyOpenSSL>=0.14 # Apache-2.0 -requests>=2.10.0 # Apache-2.0 +requests!=2.12.2,>=2.10.0 # Apache-2.0 @@ -12,2 +12,3 @@ ndg-httpsclient>=0.4.2;python_version<'3.0' # BSD -sphinx!=1.3b1,<1.3,>=1.2.1 # BSD -oslosphinx!=3.4.0,>=2.5.0 # Apache-2.0 +sphinx!=1.3b1,<1.4,>=1.2.1 # BSD +oslosphinx>=4.7.0 # Apache-2.0 +openstackdocstheme>=1.5.0 # Apache-2.0 @@ -15 +16,2 @@ doc8 # Apache-2.0 -reno>=1.8.0 # Apache2 +reno>=1.8.0 # Apache-2.0 +sphinxmark>=0.1.14 # Apache-2.0

1 0

[openstackansible] openstack-ansible-os_keystone 15.0.0 (ocata)
by no-reply＠openstack.org 08 Mar '17

08 Mar '17

We are jazzed to announce the release of: openstack-ansible-os_keystone 15.0.0: os_keystone for OpenStack Ansible This release is part of the ocata release series. Download the package from: https://tarballs.openstack.org/openstack-ansible-os_keystone/ For more details, please see below. 15.0.0 ^^^^^^ New Features * Capping the default value for the variable "keystone_wsgi_processes" to 16 when the user doesn't configure this variable. Default value is half the number of vCPUs available on the machine with a capping value of 16. * The os_keystone role now performs a rolling upgrade without downtime during installation. The process for rolling upgrades is documented here (http://docs.openstack.org/developer/keystone/upgrading.html #upgrading-without-downtime). Changes in openstack-ansible-os_keystone 14.0.0.0rc2..15.0.0 ------------------------------------------------------------ fddd964 Install python2-pyOpenSSL package on CentOS 4e6caba Split out Keystone upgrade into it's own script 5769dc4 Benchmark requests during upgrade testing 82eb0e6 Cap the number of worker threads 5b5aa1e Only run token_flush on 1 host 594605e Fix erroneous release note ba542ba Remove 3DES from keystone_ssl_cipher_suite 3ab6d48 Implementing stricter permissions on config files 7fefe7e Work around Trusty CI bindep issue fb9e7ed Update repo for stable/ocata 6f1403a Resolved Keystone Federation bugs c2e1ae4 Update UPPER_CONSTRAINTS_FILE for stable/ocata 7db8e4d Update .gitreview for stable/ocata 0414459 Shorten tox job names for keystone. cbeae22 Split upgrade test into its own play bbb6f5a Update paste, policy and rootwrap configurations 2017-01-19 0c57099 Change permission for conf folder dd2f1f9 Fix tox.ini to work with ansible 2.2.1.0 2f63386 Bring consistency to tags e253b87 Cleanup of developer mode logic ec6824f Fix 404 for os_keystone c1ab96b Add which in CentOS package list 464db72 Additional fix for venv build fallback 672b69e Disable WSGIScriptReloading f80f78b Allow Apache ports to be specified per VHost 88bbcc8 Fix venv build fallback mechanism 83e7c28 Update and clean up run_tests.sh 2635e43 [docs] Updating 404 link for os_keystone 7b8b435 Update paste, policy and rootwrap configurations 2016-12-23 3aef25d Update repository with reference to role git location b82d81c Include fernet config block only when fernet tokens are used 6a6e377 Remove Trusty support from os_keystone role 6a96998 All handlers should be tagged "config" d180506 Delete deprecated Hacking in tox.ini a32f14c Updated from global requirements e31dc2d Point roles docs bugs to openstack-ansible LP dbf5a35 Fix virtualenv-tools issue 1b5c70b Use new ansible package module to install distro packages. 6c90338 Do not listen on port 80 faa2fc6 Show team and repo badges on README 1766414 Using updated tempest method for keystone. 9f7c2f0 Update paste, policy and rootwrap configurations 2016-11-18 fc01718 Update URL for LDAP integration guide 04737f5 Implement zero downtime upgrades 68fd798 Reinitialize venv upon install 56b547e CentOS: Only install Federation IDP/SP Packages when necessary 6635f6e Use ansible_service_mgr fact d8668a5 Remove join filter from pip module tasks bd33f3d Use updated get_url module checksum functionality 320e0e6 Workaround upstream issue with apache2_module b11ec3e Updated from global requirements 2ba5dd4 Fix linting issues for ansible-lint 3.4.1 c5a0cce Simplify pip options/constraints mechanism 18700d7 Use upper constraints for all tox targets cd31c6b [DOCS] Added release-name as a watermark to Docs. 6c902fc Remove 'ignore_errors: true' in favor of 'failed_when: false' 4d720c9 Use centralised Ansible test scripts 403d5b8 Enable release notes translation 60dac15 Enable apache2 service. bc00f07 Fix bare variable in handler 2b7e68d Updated from global requirements ff30ce0 Update reno for stable/newton 0c4bb0f Use centralised test scripts Diffstat (except docs and test files) ------------------------------------- .gitignore | 5 +- .gitreview | 1 + README.rst | 9 + Vagrantfile | 2 +- bindep.txt | 2 +- defaults/main.yml | 20 +- handlers/main.yml | 96 +++++++- library/keystone_sp | 6 +- manual-test.rc | 2 +- meta/main.yml | 3 +- .../capping_keystone_workers-e284a47fc4dcea38.yaml | 6 + ...one-zero-downtime-upgrade-5f19ab84183490b9.yaml | 5 + .../remove-requirements-git-bdf5691b8390ed7c.yaml | 7 + releasenotes/source/conf.py | 3 + releasenotes/source/index.rst | 1 + releasenotes/source/newton.rst | 6 + tasks/keystone_apache.yml | 110 +++++---- tasks/keystone_credential_distribute.yml | 15 +- tasks/keystone_db_setup.yml | 27 +- tasks/keystone_federation_sp_setup.yml | 80 +++--- tasks/keystone_fernet_keys_distribute.yml | 15 +- tasks/keystone_idp_metadata.yml | 6 +- tasks/keystone_idp_self_signed_create.yml | 3 +- tasks/keystone_idp_self_signed_distribute.yml | 3 +- tasks/keystone_init_common.yml | 7 +- tasks/keystone_init_systemd.yml | 5 +- tasks/keystone_init_upstart.yml | 31 --- tasks/keystone_install.yml | 273 ++++++++++++++------- tasks/keystone_install_apt.yml | 119 --------- tasks/keystone_install_yum.yml | 154 ------------ tasks/keystone_ldap_setup.yml | 16 +- tasks/keystone_nginx.yml | 17 +- tasks/keystone_post_install.yml | 31 ++- tasks/keystone_pre_install.yml | 4 +- tasks/keystone_service_setup.yml | 1 + tasks/keystone_ssl_key_create.yml | 6 +- tasks/keystone_ssl_user_provided.yml | 9 +- tasks/keystone_token_cleanup.yml | 14 +- tasks/keystone_uwsgi.yml | 12 +- tasks/main.yml | 32 +-- templates/keystone-httpd.conf.j2 | 4 + templates/keystone-paste.ini.j2 | 13 +- templates/keystone-ports.conf.j2 | 6 +- templates/keystone-uwsgi_upstart.conf.j2 | 44 ---- templates/keystone.conf.j2 | 5 +- templates/policy.json.j2 | 3 +- test-requirements.txt | 10 +- tox.ini | 193 ++++----------- vars/redhat-7.yml | 9 +- vars/ubuntu-14.04.yml | 70 ------ 70 files changed, 1181 insertions(+), 918 deletions(-) Requirements updates -------------------- diff --git a/test-requirements.txt b/test-requirements.txt index 8fdd8d8..a5433f9 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -8 +8 @@ pyOpenSSL>=0.14 # Apache-2.0 -requests>=2.10.0 # Apache-2.0 +requests!=2.12.2,>=2.10.0 # Apache-2.0 @@ -12,2 +12,3 @@ ndg-httpsclient>=0.4.2;python_version<'3.0' # BSD -sphinx!=1.3b1,<1.3,>=1.2.1 # BSD -oslosphinx!=3.4.0,>=2.5.0 # Apache-2.0 +sphinx!=1.3b1,<1.4,>=1.2.1 # BSD +oslosphinx>=4.7.0 # Apache-2.0 +openstackdocstheme>=1.5.0 # Apache-2.0 @@ -15 +16,2 @@ doc8 # Apache-2.0 -reno>=1.8.0 # Apache2 +reno>=1.8.0 # Apache-2.0 +sphinxmark>=0.1.14 # Apache-2.0

1 0

[openstackansible] openstack-ansible-security 15.0.0 (ocata)
by no-reply＠openstack.org 08 Mar '17

08 Mar '17

We enthusiastically announce the release of: openstack-ansible-security 15.0.0: OpenStack-Ansible: Host security hardening This release is part of the ocata release series. Download the package from: https://tarballs.openstack.org/openstack-ansible-security/ For more details, please see below. Changes in openstack-ansible-security 14.0.0.0rc2..15.0.0 --------------------------------------------------------- 2d4fb83 Add missing STIG ID tags 82cc48f Install python2-pyOpenSSL package on CentOS 333d11c Install python2-pyOpenSSL package on CentOS dcad939 Only enable ssh, not start 656dad3 Use async for file perms corrections 9f4a20d Use async for updating ClamAV DB 602f3e0 Use async for RPM verification a678596 Fix the regex 9b820be Update repo for stable/ocata 4c23bf1 Update UPPER_CONSTRAINTS_FILE for stable/ocata bf514f7 Update .gitreview for stable/ocata 1025238 Restore RHEL 6 STIG content gating 8d223fe Move test plugins into security role 87b635e Always check for EFI b14056e Don't fail when checking for FIPS dc8dc3d Install chrony when enabled in RHEL7 STIG dc949de Add Ubuntu audit packages for RHEL 7 STIG cdcfb46 Fix clamav_service variable to "clamav-daemon" 6f6c08f Enable RHEL 7 STIG tasks as default [+Docs] cd0fad3 Make umask change opt-in 354b87c Fix copy/paste error in task name c322abe Updated from global requirements ea8a0f0 Remove groupby filter to avoid bug 30ad9d5 DOC Remove some repeated words f69e851 Updated the broken link 672c028 Fix pip check in run_tests.sh 2a11c9c Add openstack-ansible-plugins dependency cce8ed6 Update and clean up run_tests.sh 17a4661 Fix invalid user/group checks bug 3e908d3 Handle SELinux properly when it is disabled 3942b20 Unblock security role gate f60dc47 Fix a typo de5f161 Updated from global requirements 9294b06 [Docs] Exceptions for user init files 8e82b13 Set cron.allow owner/group owner [+Docs] c0517ec Find world-writable dirs with bad group owners 5fdee29 Set home dir mode/owner/group owner [+Docs] ce386ec Add libxslt headers to bindep 1cf9fba Enable FIPS [+Docs] 111fa30 [Docs] Fix missing code-block property 61dd6e6 [Docs] Update for RHEL7 STIG a0b88da Add checks for remote syslog [+Docs] 71a3847 Fix issues from new CentOS 7 release 325fe75 Ensure separate filesystems exist [+Docs] f92f29d Set permissions on sshd host keys [+Docs] 7534fba Check for default SNMP comm strings [+Docs] 5b06a44 Check for TFTP secure mode [+Docs] fc2c356 Restrict mail relaying [+Docs] 14fa6e5 Enable chrony [+Docs] b1435ff Set TMOUT variable for all sessions [+Docs] 81807a1 Check for promiscuous interfaces [+Docs] 553ad01 Set action_email_acct in auditd [+Docs] 9f3921a Set space_left_action in auditd [+Docs] 42ca47b Set space_left in auditd [+Docs] efbeb69 Add AIDE checks for ACL/xattrs [+Docs] af84a27 Remove .shosts/shosts.equiv files [+Docs] 28cd873 Check for pam_lastlogin [+Docs] 404175d Check for cackey/coolkey values [+Docs] 4bee87b Check for ocsp_on in PKCS config [+Docs] 280e797 Set grub2 password [+Docs] e5db852 Enable automatic package updates [+Docs] 505a4a9 Enable AIDE [+Docs] 0e05d2e Search for unlabeled device files [+Docs] 46bb44c [Docs] User init file exceptions 222627c [Docs] Refer to other control for firewalld 2944081 [Docs] Exception: firewall port auditing 0e8feaf Verify password age limits [+Docs] d5ee4c3 Check for groups that don't exist [+Docs] 30c225b Extend get_users module to get groups 9c7b923 [Docs] Exception for firewalld config d63a709 [Docs] Exception: Disable syslog reception 3d51712 [Docs] Exception: Add AUTH_GSS for NFS fd4fa2d Set audisp failure options [+Docs] 806e364 Set maxlogins limit [+Docs] 2a17cd1 Disable accounts w/expired passwords [+Docs] 655b5f9 [Docs] Add missing docs for GSSAPI e841a78 [Docs] Docs for TFTP server removal c9aaf90 [Docs] Fix swapped docs 69db20a [Docs] Exception: grub on removable media 25f3d5c [Docs] Exception: logging level 5559b1c [Docs] Virus definition update frequency 1487c85 [Docs] Fix broken/missing auditd docs 439cd3d Enable/start auditd [+Docs] 85a337b [Docs] Exception for cron logging 21454af Disable kdump [+Docs] 83fe89e [Docs] Exception for user init file umask ec68313 [Docs] Exceptions for filesystem mounts 4e8bf67 Trivial fix to the documentation 2ac6dd6 [Docs] Exception for removing unnecessary accounts ab8cdc3 Fix status/tag for RHEL-07-010040 971c6df [Docs] Exception for removing default accounts fa65790 Apply pam_faillock restrictions [+Docs] 113947b Delete deprecated Hacking in tox.ini 8ad6816 Set minimum password length [+Docs] 708cb62 Prevent password re-use [+Docs] e06fc87 Ensure prep tasks have 'always' tag 0eef112 Refactor login.defs adjustments [+Docs] 711dc28 Updated from global requirements f9a3a16 Check for two nameservers [+Docs] 0085792 Add firewalld rate limit rule [+Docs] 61dbdd6 Check for SHA512 password storage [+Docs] 3fa6fd2 Display MOTD warning banner [+Docs] 51bd12f Point roles docs bugs to openstack-ansible LP e84a295 [Docs] Enable graphical login banner 992f196 Enable sshd [+Docs] c777f73 Enable firewalld [+Docs] 40ca9cf Disable ctrl-alt-del key sequence [+Docs] 9880ceb Disable autofs [+Docs] c229c43 Find files/dirs without valid owners [+Docs] 8fe505e Expire cached sssd authenticators [+Docs] f61fc49 Require auth for sudo [+Docs] fce1e4f Verify that home directories exist [+Docs] acdd6d5 Create home directories by default [+Docs] 66ebdc9 Check for users w/o home dirs [+Docs] 637d0f3 Set lifetime limits for passwords [+Docs] 0eece28 Set auditd failure flag [+Docs] 3efe849 Enable SELinux/AppArmor [+Docs] dcb3034 [Docs] Exceptions for disk encryption aacea94 Disable usb-storage module [+Docs] 2739579 [Docs] Exception for SELinux user confinement 63a900f [Docs] Exception for MFA/smartcards 29cbeb5 [Docs] Apply password quality rules 06090a2 Ensure libuser crypt_style is SHA512 [+Docs] 63131e0 Ensure passwords hashed with SHA512 [+Docs] c59d5b6 Apply password quality rules b8597c8 [Docs] Capitalize severity 04ff6e1 Show team and repo badges on README 4c79244 Move common variables to common.yml 53ffc83 Use dynamic includes for speedup 85630fd Enable graphical login banner 57748b7 Correct lineinfile option 60a8205 [Docs] Refactor auditd rules ff5bbe1 Refactor auditd rules 5c97321 Move clamav packages to rhel7 vars 6f256af [Docs] Set cn_map permissions/owner 6a3ee0f Set cn_map permissions/owner 4c91f21 Fix stig_packages_rhel7 typo 716232c [Docs] Securing sysctl configurations 746816c Securing sysctl configurations 1435ce5 [Doc] Exceptions for LDAP SSL/TLS checks 401f321 [Docs] Exception for PKI revocation 300c9f8 Check for other UID 0 accounts 215001c Add exception for supported release check f23aace Handle sshd_config without Match properly 8868011 Disable repo GPG checks by default 8efb235 Change package state to 'present' 3c0cc41 Enable virus scanner 770b2ad [Docs] Set graphical session locks 5fbc456 Set graphical session locks db2663b Automatically remove package deps 4405271 [Docs] Configure sshd based on the RHEL 7 STIG 1335d0b [Docs] Audit rules 09487fd Add template for audit rules 235ee06 Use ansible_service_mgr fact 9d12469 [Docs] Declutter controls listing 14baa91 [Docs] Exception for RHEL-07-040830 365ad65 Configure sshd based on the RHEL 7 STIG f383afe Encrypt transmitted audit logs 8daae8c Transmit audit logs to other servers a3e0f68 Remove deprecated always_run 9e66cde [Docs] Auditing setuid/setgid applications 35fa42e Refactor package removal 9d74dbd Install screen and ssh client/server 1f557eb Fix tags 0df4169 GPG verification for packages e5f3528 Remove packages according to STIG fec2cb3 Add conf file entry for chrony 23af709 Fix auditd restart handler d63b6ce Remove ansible<2.2 apt cache hack 784a38e Speed up package install/removal 0b2a381 Fix linting issues for ansible-lint 3.4.1 7f7d1da [Docs] Adjust docs for Ocata 20976bc Updated from global requirements 8424eb4 Replace github with git.o.o e4d3ea4 Add RHEL-07-010430 and RHEL-07-010431 19cfb16 [Docs] Add 'only' to clarify status 0637257 Add RHEL-07-010270 (ssh - empty password) de92fbd [Docs] Fix indentation for bullets bc9cc7b Fix stdout_lines check 1a0724d Security: Add tasks for RHEL-07-010260 0a7a993 Security: Add tasks for RHEL-07-010020 6971f03 Security: Add tasks for RHEL-07-010010 eed96b4 Use upper constraints for all tox targets 13e3fd4 Security: Remove quotes from extra vars 90c3630 Use centralised Ansible test scripts c906216 Enable release notes translation 3fdc656 Initial docs scaffolding for RHEL 7 STIG b87effb Add dividers to defaults/main.yml 4e7e57a Skip some test assertions for RHEL7 STIG 687dcdc Remove install_test_packages variable d001b9d Initial scaffolding for RHEL 7 STIG 401ccd7 Skip V-38620 (chrony) in gate 4913b29 Updated from global requirements b8c7c40 Update reno for stable/newton ec1b42a Use centralised test scripts Diffstat (except docs and test files) ------------------------------------- .gitignore | 4 +- .gitreview | 1 + README.md | 2 +- README.rst | 9 + bindep.txt | 6 +- defaults/main.yml | 302 +- ...Enterprise_Linux_7_STIG_V1R0-2_Manual-xccdf.xml | 10364 +++++++++++++++++++ files/aide_extra.conf | 14 + files/dconf-profile-gdm | 3 + files/dconf-user-profile | 2 + handlers/main.yml | 25 +- library/get_users | 122 + manual-test.rc | 2 +- .../chrony-config-variable-7a1a7862c05c9675.yaml | 5 + .../package-state-present-951161faa5384abd.yaml | 7 + .../notes/rhel7-stig-default-f6c7c97498a8b2e7.yaml | 19 + releasenotes/source/conf.py | 3 + releasenotes/source/index.rst | 1 + releasenotes/source/newton.rst | 6 + tasks/aide.yml | 115 - tasks/apt.yml | 112 - tasks/auditd.yml | 313 - tasks/auth.yml | 467 - tasks/boot.yml | 66 - tasks/console.yml | 59 - tasks/file_perms.yml | 184 - tasks/kernel.yml | 222 - tasks/lsm.yml | 83 - tasks/mail.yml | 92 - tasks/main.yml | 52 +- tasks/misc.yml | 375 - tasks/nfsd.yml | 74 - tasks/rhel6stig/aide.yml | 94 + tasks/rhel6stig/apt.yml | 129 + tasks/rhel6stig/auditd.yml | 290 + tasks/rhel6stig/auth.yml | 408 + tasks/rhel6stig/boot.yml | 66 + tasks/rhel6stig/console.yml | 61 + tasks/rhel6stig/file_perms.yml | 188 + tasks/rhel6stig/kernel.yml | 222 + tasks/rhel6stig/lsm.yml | 52 + tasks/rhel6stig/mail.yml | 72 + tasks/rhel6stig/main.yml | 42 + tasks/rhel6stig/misc.yml | 339 + tasks/rhel6stig/nfsd.yml | 74 + tasks/rhel6stig/rpm.yml | 125 + tasks/rhel6stig/services.yml | 167 + tasks/rhel6stig/sshd.yml | 234 + tasks/rhel7stig/aide.yml | 102 + tasks/rhel7stig/apt.yml | 92 + tasks/rhel7stig/auditd.yml | 186 + tasks/rhel7stig/auth.yml | 521 + tasks/rhel7stig/file_perms.yml | 187 + tasks/rhel7stig/graphical.yml | 154 + tasks/rhel7stig/kernel.yml | 94 + tasks/rhel7stig/lsm.yml | 89 + tasks/rhel7stig/main.yml | 86 + tasks/rhel7stig/misc.yml | 408 + tasks/rhel7stig/packages.yml | 90 + tasks/rhel7stig/rpm.yml | 71 + tasks/rhel7stig/sshd.yml | 108 + tasks/rpm.yml | 109 - tasks/services.yml | 312 - tasks/sshd.yml | 234 - templates/chrony.conf.j2 | 2 +- templates/dconf-gdm-banner-message.j2 | 3 + templates/dconf-screensaver-lock.j2 | 24 + templates/dconf-session-user-config-lockout.j2 | 8 + templates/osas-auditd-rhel7.j2 | 97 + templates/osas-auditd.j2 | 6 + templates/pam_faillock.j2 | 3 + templates/pwquality.conf.j2 | 8 + templates/sshd_config_block.j2 | 58 + test-requirements.txt | 12 +- tox.ini | 180 +- vars/common.yml | 337 + vars/main.yml | 30 +- vars/redhat.yml | 150 +- vars/ubuntu.yml | 134 +- 351 files changed, 20987 insertions(+), 3345 deletions(-) Requirements updates -------------------- diff --git a/test-requirements.txt b/test-requirements.txt index 73b06a3..326f6eb 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -8 +8 @@ pyOpenSSL>=0.14 # Apache-2.0 -requests>=2.10.0 # Apache-2.0 +requests!=2.12.2,>=2.10.0 # Apache-2.0 @@ -12,2 +12,2 @@ ndg-httpsclient>=0.4.2;python_version<'3.0' # BSD -sphinx!=1.3b1,<1.3,>=1.2.1 # BSD -oslosphinx!=3.4.0,>=2.5.0 # Apache-2.0 +sphinx!=1.3b1,<1.4,>=1.2.1 # BSD +oslosphinx>=4.7.0 # Apache-2.0 @@ -16,3 +16,3 @@ doc8 # Apache-2.0 -reno>=1.8.0 # Apache2 -Jinja2>=2.8 # BSD License (3 clause) -lxml>=2.3 # BSD +reno>=1.8.0 # Apache-2.0 +Jinja2!=2.9.0,!=2.9.1,!=2.9.2,!=2.9.3,!=2.9.4,>=2.8 # BSD License (3 clause) +lxml!=3.7.0,>=2.3 # BSD

1 0

[openstackansible] openstack-ansible 15.0.0 (ocata)
by no-reply＠openstack.org 08 Mar '17

08 Mar '17

We contentedly announce the release of: openstack-ansible 15.0.0: Ansible playbooks for deploying OpenStack This release is part of the ocata release series. The source is available from: http://git.openstack.org/cgit/openstack/openstack-ansible Download the package from: https://tarballs.openstack.org/openstack-ansible/ For more details, please see below. 15.0.0 ^^^^^^ New Features ************ * CentOS7/RHEL support has been added to the ceph_client role. * Only Ceph repos are supported for now. * There is now experimental support to deploy OpenStack-Ansible on CentOS 7 for both development and test environments. * The number of worker threads for neutron will now be capped at 16 unless a specific value is specified. Previously, the calculated number of workers could get too high on systems with a large number of processors. This was particularly evident on POWER systems. * Capping the default value for the variables "ceilometer_api_workers" and "ceilometer_notification_workers" to 16 when the user doesn't configure these variables. Default value is half the number of vCPUs available on the machine with a capping value of 16. * Capping the default value for the variable "cinder_osapi_volume_workers" to 16 when the user doesn't configure this variable. Default value is half the number of vCPUs available on the machine with a capping value of 16. * Capping the default value for the variable "galera_wsrep_slave_threads" to 16 when the user doesn't configure this variable. Default value is the number of vCPUs available on the machine with a capping value of 16. * Capping the default value for the variable "galera_max_connections" to 1600 when the user doesn't configure this variable. Default value is 100 times the number of vCPUs available on the machine with a capping value of 1600. * Capping the default value for the variables "glance_api_workers" and "glance_registry_workers" to 16 when the user doesn't configure these variables. Default value is half the number of vCPUs available on the machine with a capping value of 16. * Capping the default value for the variables "heat_api_workers" and "heat_engine_workers" to 16 when the user doesn't configure these variables. Default value is half the number of vCPUs available on the machine with a capping value of 16. * Capping the default value for the variables "horizon_wsgi_processes" and "horizon_wsgi_threads" to 16 when the user doesn't configure these variables. Default value is half the number of vCPUs available on the machine with a capping value of 16. * Capping the default value for the variable "keystone_wsgi_processes" to 16 when the user doesn't configure this variable. Default value is half the number of vCPUs available on the machine with a capping value of 16. * Capping the default value for the variables "neutron_api_workers", "neutron_num_sync_threads" and "neutron_metadata_workers" to 16 when the user doesn't configure these variables. Default value is half the number of vCPUs available on the machine with a capping value of 16. * Capping the default value for the variables "nova_wsgi_processes", "nova_osapi_compute_workers", "nova_metadata_workers" and "nova_conductor_workers" to 16 when the user doesn't configure these variables. Default value is half the number of vCPUs available on the machine with a capping value of 16. * Capping the default value for the variable "repo_nginx_workers" to 16 when the user doesn't configure this variable. Default value is half the number of vCPUs available on the machine with a capping value of 16. * Several configuration files that were not templated for the "os_ceilometer" role are now retrieved from git. The git repository used can be changed using the "ceilometer_git_config_lookup_location" variable. By default this points to "git.openstack.org". These files can still be changed using the "ceilometer_x_overrides" variables. * Deployers can set "openstack_host_nf_conntrack_max" to control the maximum size of the netfilter connection tracking table. The default of "262144" should be increased if virtual machines will be handling large amounts of concurrent connections. * The Designate pools.yaml file can now be generated via the designate_pools_yaml attribute, if desired. This allows users to populate the Designate DNS server configuration using attributes from other plays and obviates the need to manage the file outside of the Designate role. * Several configuration files that were not templated for the "os_gnocchi` role are now retrieved from git. The git repository used can be changed using the ``gnocchi_git_config_lookup_location" variable. By default this points to "git.openstack.org". These files can still be changed using the "gnocchi_x_overrides" variables. * Added support for ironic-OneView drivers. Check the documentation on how to enable them. * LXC on CentOS is now installed via package from a COPR repository rather than installed from the upstream source. * The "dragonflow" plugin for neutron is now available. You can set the "neutron_plugin_type" to "ml2.dragonflow" to utilize this code path. The "dragonflow" code path is currently experimental. * Neutron SR-IOV can now be optionally deployed and configured. For details about the what the service is and what it provides, see the SR-IOV Installation Guide (http://docs.openstack.org/developer /openstack-ansible-os_neutron/configure-network-services.html#sr --iov-support-optional) for more information. * The "nova-placement" service is now configured by default. "nova_placement_service_enabled" can be set to "False" to disable the "nova-placement" service. * The "nova-placement" api service will run as its own ansible group "nova_api_placement". * Nova cell_v2 support has been added. The default cell is "cell1" which can be overridden by the "nova_cell1_name". Support for multiple cells is not yet available. * CentOS7/RHEL support has been added to the os_designate role. * While default python interpreter for swift is cpython, pypy is now an option. This change adds the ability to greatly improve swift performance without the core code modifications. These changes have been implemented using the documentation provided by Intel and Swiftstack. Notes about the performance increase can be seen here (https://software.intel.com/en-us/blogs/2016/05/06/doubling-the- performance-of-openstack-swift-with-no-code-changes). * The variable "trove_conductor_workers" can be configured for defining the number of workers for the trove conductor service. The default value is half the number of vCPUs available on the machine with a capping value of 16. * Added new variable "tempest_volume_backend_names" and updated templates/tempest.conf.j2 to point "backend_names" at this variable Upgrade Notes ************* * The Designate pools.yaml file can now be generated via the designate_pools_yaml attribute, if desired. This ability is toggled by the designate_use_pools_yaml_attr attribute. In the future this behavior may become default and designate_pools_yaml may become a required variable. * The variable "neutron_dhcp_domain" has been renamed to "neutron_dns_domain". * A new option *swift_pypy_enabled* has been added to enable or disable the pypy interpreter for swift. The default is "false". * A new option *swift_pypy_archive* has been added to allow a pre- built pypy archive to be downloaded and moved into place to support swift running under pypy. This option is a dictionary and contains the URL and SHA256 as keys. * Gnocchi service endpoint variables were not named correctly. Renamed variables to be consistent with other roles. Deprecation Notes ***************** * The "ceilometer_gnocci_resources_yaml_overrides" variable is deprecated and scheduled for removal in the Pike cycle. This is replaced with the correctly spelled variable, which should now be used "ceilometer_gnocchi_resources_yaml_overrides". * Removed "tempest_volume_backend1_name" and "tempest_volume_backend1_name" since "backend1_name" and "backend2_name" were removed from tempest in commit 27905cc (merged 26/04/2016) Bug Fixes ********* * Metal hosts were being inserted into the "lxc_hosts" group, even if they had no containers (Bug 1660996). This is now corrected for newly configured hosts. In addition, any hosts that did not belong in "lxc_hosts" will be removed on the next inventory run or playbook call. Other Notes *********** * From now on, external repo management (in use for RDO/UCA for example) will be done inside the pip-install role, not in the repo_build role. Changes in openstack-ansible 14.0.0.0rc2..15.0.0 ------------------------------------------------ 135ed2c Release day SHA bump for Ocata release 600b1db Add openstack_user_config reference to Networking Appendix ca78526 Remove with_items from utility pip install 501c60e Update thread/worker settings for optimal memory usage ab271f3 Implement ARA logging and reporting for openstack-ansible gate jobs 1634194 SHA bump to include nova upgrade fixes db53e54 Only insert container hosts into lxc_hosts 752f186 Move ceph client role to playbooks for faster run time eb406d7 unify interface lookups b61e1f4 Install rdo package 976b960 Use an explicit version of urrlib3 1515c99 Final SHA bump before 15.0.0 release c912ccd Remove ceilometer from the gate 56a234b Updated from global requirements 7df772c Fix error during 'inventory-manage.py -r' calls 2f0f4e2 SHA Bump post stable/ocata release for upstream e7badda Use setuptools 33.1.1 f9ebadb Update Ocata doc index 9adbc1c Fix ceph AIO bootstrap for CentOS 7709434 Fix fastest-infra-wheel-mirror.py for CentOS. a84de56 Add in ironic_service_user_name group_vars/all.yml bdfa2d2 Make Magnum proto use openstack_service_proto 91c2740 Rename neutron_dhcp_domain to neutron_dns_domain 3afc6ce [DOCS] Move limited connectivity section to Deploy Guide 114872a Add CentOS support for AIO setup 0dce016 Integration of dragonflow in integrated gate 6861c0e Remove security role from user_variables.yml 93e9ed7 Cinder use correct glance API when RBD enabled caeedcb SHA Bump for Ocata 17-02-2017 22b1dc0 Get conf files from local git server rather than upstream af9a97f SHA Bump for roles and upstream projects 15-02-2017 5ebba0c [DOCS] Fix link to plugins docs 1f019e3 [Docs] Complete the example file 9a63d11 Update Keepalived f32abc0 [DOCS] Include branch in links to role docs d825bc1 [DOCS] Move links to role docs to deploy guide 2727aed [DOC] Fix release name in quickstart doc 7930045 [Docs] Fix documentation for Cinder NFS backend f4e742a Work on starting the upgrade job 8a08009 Ensures the host IP isn't used for containers 95961f6 Fixed typo causing bug in openstack-hosts-setup 5dbeb80 Stable/Ocata SHA bump f56068c Add group vars to enable integration with barbican d64c0d0 Remove 3DES from ssl_cipher_suite 0a1685d Bring idempotency to swapon f9e8686 Add tracepath commands to the AIO 1e15cc4 Target unbound component group instead of _all 74d3ee9 Move scenario variables under vars 4383699 Use upstream profile_tasks callback bf93c39 Fix haproxy playbook group target a451319 Configurable haproxy network whitelists 81ba4d3 Update UPPER_CONSTRAINTS_FILE for stable/ocata ac09db7 Update .gitreview for stable/ocata 773245e Fix SHA's for rc1 + SHA bump 3431d41 corrected infra wheel mirror URL e0cc789 Add support for placement_database and cell_v2 b0b7e3e Var target security playbook host group 3d60e4e Remove unused DEPLOY_AIO variable 62fa3cc Use https to retrieve upper-constraints b05d662 [DOCS] Remove redundant sentence in ops guide 91855ef Update Galera container config serially 2345c78 Revert role SHA pin for Ocata-RC development aa986bd Fix role SHA's for Ocata-3 release e410759 Change the dpkg -l to dpkg-query -s f752814 Implement nova-placement-api group for integrated build 26aca0c Add missing haproxy_ssl option to default configs ad2e1c3 Implementation Neutron SR-IOV eb69921 Don't enforce SELinux policy temporarily e3c8c24 Ensure that tox uses global pins 9fac196 Allow customisation of AIO paths and filenames 253ea10 Apply global-pins as constraints to ensure complete pinning 96a474d Update all SHAs for Ocata 2017-01-24 8df22c4 Fix trailing space added at end of line in converted inventory 6e4a00f Updated setting for br-vlan interface ded5650 Update all SHAs for Ocata 2017-01-19 2284b15 Install ansible from git source 524b8a0 Type fix: seperate => separate edc9cd1 Fix fastest mirror fact set 5e8cb18 Simplify access to the utility container 72eb07a Fix filename and call out security concerns 9ca193f Correct location of the secrets file in Ops doc 06ede41 ceph-ansible integration d75a179 Workaround ansible yaml export bug 32ca3e6 Use RHEL 7 STIG content in OSA cf71de7 Re-order envlist to run linters first 7cc13fd Update Ansible to v2.2.1.0 babee11 Fixing broken links 3951661 Install python2 in Ubuntu 16.04 or CentOS 7 9f7562d Add Test new compute node part 69b847b Pass correct venv paths to ceph_client a1a2500 Add conditional branch names for docs links 41d4fd8 [docs] Removing navigation.txt file 13bfa70 Ensure RHEL 6 STIG content is used 58b0ae4 [Docs] Fix some 404 in navigation 2453a07 Update Add a new infrastructure host script part b2a73a0 DOC Remove duplicated words b8e7a22 Fix a typo in documents a68f804 [Docs] Clarify Tags rules 749dfc8 [Docs] Update the add a new infrastructure host and fix the indentation 8d95e88 [Docs] Add a todo list of the regular contributions 76bcce8 Change from compute to infra 8b3da2e [docs] Add ansible module content 46ae50c [docs] Add replace failed hardware section 66558ac Add ANSIBLE_TEST_PLUGINS env variable 03d94d6 [DOCS] Remove ops content from dev docs c1ce287 Update title for index file 9503bc0 Update all SHAs for Ocata 2016-12-30 cb6006a [docs] Updating 404 links 4150b91 [docs] Updates content for clarity cfda6b6 Update all SHAs for Ocata 2016-12-23 c6c06c5 [ops-guide] Removes remaining instances of rpc aa613f0 Include individual role details in README.rst 91e3de5 Clean up injected role vars df1bd3b [ops-guide] Adding new content to guide 72c25e8 Remove ubuntu 14.04 mention in the additional roles doc 22ed4e1 Adjust when statement for os-gnocchi-install playbook 183b30d Add Apache 2.0 license to source file 7690ee1 fix some typo error 312147a Fix git url for deploy-guide 676c868 Target specific host groups instead of 'all' 0fc3285 Add retries to apt update in cache proxy task eff0c52 Revert role SHA pin for Ocata-3 development 71d97eb Call load_environment before mocking it 4ba6bc3 Dynamically group Neutron OVS DVR to compute 8a737a3 Fix liberty release notes since EOL 4fcc48b Auto-enable heat cinder backup functionality dd05518 Fixed when logic for gnocchi bind mounts a2e3d22 Fix role SHA's for Ocata-2 release de98fc1 Remove Ubuntu Trusty Support f4d73c4 Don't delete container_cidr key when overriding caa8732 Update apt after proxy config is dropped 239fc92 Fix test function name with two underscores to have only one 03d176d Fix main public interface name not always be eth0. 7c90979 Update all SHAs for Ocata 2016-12-10 d70d5db host net config bond0 static -> manual 61f5526 Fix default IPv6 BGP peer for BIRD c8606c4 Retry the git clone in role fetcher d2e8ce4 [DOCS] Remove hacking H303 fb8cb16 Fix cinder_volumes is_metal override example 2e1c6a4 DOC - Adding releasenote for Trusty removal f219d90 Process and mount default bind mounts first 38c54f3 [DOCS] Remove Rackspace specific content 0d66481 [DOCS] Updates and restructures proposed ops guide ff69563 Remove irrelevant cinder_backends in glance configuration ce60ac1 Gather facts before running first role requiring them c972859 Delete deprecated Hacking in tox.ini 3037067 Allow refspec in role fetcher 3fc41e2 Document and test group membership constraints dd8c993 [DOCS] Updating inventory files 1bf1e42 Link Calico log dir to /openstack/log 0c09254 Set basic DHCP configuration for neutron. 47d3f87 Use get-pip script from repo release folder bdcac52 Update all SHAs for Ocata 2016-12-02 8d0aa62 Updated from global requirements 5d0f0ba Inventory Generation rename vars 98842c6 [docs] Adjusting link placement for readability b6077e2 [DOCS] Edits to the upgrade guide c5ae3e7 [DOC] Fix minor language errors 38db194 [DOCS] Adding deploy guide to index c06bf31 [DOCS] Adding new roles and services section 0988702 Create Designate container and start services 689648b Show team and repo badges on README 43a3510 Bump horizon SHA to 10.0.0.0b1 1b341c8 Updated from global requirements 5548d3b Add command to create consolidated AIO config 5cde716 Inventory refactor SystemExit uses removed a2bd0c5 Add dictutils tests, clarify some var names 485100f Execute tempest using updated method ee33b15 Inventory filesystem refactor load funcs moved f4b65b8 Remove join filter from pip module tasks d82d545 Inventory generation: write hosts file refactor ad566bf DynamicInventory filesystem storage API cleanup 010cadf Consolidate tox run output into one report 99e3981 Add IPManager class for handling IP addresses d11b5a5 Revert role SHA pin for Ocata-2 development d36a613 Update all SHAs for Ocata 2016-11-18 42b2507 Fix role SHA's for Ocata-1 release ca1e4cc [DOCS] Adds a cookie cutter deploy guide for d.o.o 35691fe Move IP logic into separate module b7354ad Refactor inventory generation load/save filesystem a7f25d8 [DOCS] Creating new folder for proposed operations guide 2fe2267 Set a default for upper_constraints_check.status 249db3a Refactoring inventory generation data manipulation 3358b01 Refactor inventory management filesystem f9bd7ab Configure AIO sources.list with first matched repo 1e0c11f Fix multi arch repo-build 9757c0a Ensure all neutron optional packages always build 35da93d Remove duplicate horizon_enable_trove_ui a7e430e haproxy for ironic-api HEAD -> GET 21c77b2 Add command to remove IPs from inventory ed95267 Adding Trove UI support to the integrated repo. 33cb15e Adding designate ui support to integrated repo. b3a3a89 Standarize usage of format strings 923b232 Move ansible_ssh_host to ansible_host f34df83 Allow role path override in fetch play b70a027 Update ansible-lint to 3.4.1 39a10ef Use the correct upper constraints file 368119f Update all SHAs for Ocata 2016-11-04 faffbe7 [DOCS] Fix broken links 835bec6 Adding Designate to integrated repo. 723049c Add CentOS7 to supported OS check a7269d3 Protect CLI parameters passed through osa wrapper 11c7b27 Add boot priorities to containers 3b8601f Change Calico package to Felix d1d0341 Resolve dynamic inventory libs through symlink 3d9572f Update Ansible to v2.2.0.0-1 677ceb2 Fix bind mount of glance images 97185e5 Fix BaseException.message deprecation messages f5d8578 Move storage_address discovery into a single task 929034d [docs] Update branch names for Ocata 47e3705 Remove outdated aio heat template 11c6d21 Replace github with git.o.o db61c77 Updated from global requirements 97a5c6a Remove hard-coded host group f25912b Set the AIO to use bootstrap_host_public_interface 7eca223 Include barbican role in integrated release c8da904 Add supported Operating System check 2c6f098 Remove old secrets from user_secrets 9abb665 Refactoring inventory management data manipulation 106f12c typo fix Appendix H -> C 58074fd Updated envd configs for mixed virt and baremetal (ironic) e0b5892 Check for configured groups in the environment bd3d933 Added lxd password to the secrets file 76639d6 Stop all but one RabbitMQ node prior to upgrade 31b474e Fix trove deployment errors 20e246d Remove ansible_ssh_host variable from inventory e582207 Enable DeprecationWarning in test environments f28ddbb Updates to support ignored packages and external indexes 31a2c9d Ensure lxc_hosts have updated facts before container creation 8740250 Fix Ansible bootstrap upper constraint use a420d11 Remove deprecated ansible_ssh_host variable 7874a8d Using assertIsNone() instead of assertEqual(None) f4247c7 Fix errors due to repo_service_user_name setting cf0d302 Resolve random node selection in repo build 9f23aad Fix a grammatical error 4015d7a Updated from global requirements 9c1e0bc [Docs] Fix the alignment 46258cc Ensure that upper constraints are always applied c399270 Remove Newton specific upgrade playbooks 400698b Add missing infra playbooks to upgrade run list b9711d6 Update sources-branch-updater.sh help command to reflect Newton release 85554c1 [docs] Update index page to reflect Newton release eb4b0ae [Docs] Remove # 3e5bd6f [docs] Remove openstack-ansible.rc sourcing instruction e457ba8 Add missing Ironic auth plugin variable f785060 Adds support for disks on HP Smart Array Controllers 3bb904b Passing eth0 to br-vlan 60ceb9b Do not extend lists in AIO config c44f272 [docs] Add os_trove to Advanced Config section 82750ce [Docs] Fix the alignment faf78e4 Work around bad libvirt-python wheel f2fc042 Implement upper constraints for Ansible bootstrap 9e1527b NoVNC: Use a working version before QEMU RFB extension was merged 173d168 Remove nova-cert environment information 59aad8b Automatically source the rc file for ansible/ansible-playbook d921c90 Remove 'ignore_errors: true' in favor of 'failed_when: false' 0d7b20c Add full path to inventory faf3538 updated Appendix H to C 533c44c Updated the correct link in developer docs 03ba203 [docs] Clarify the 'Network configuration' section a4f8e28 Create log aggregation parent directory 7efa43b Enable fixed mac address generation 144cfe9 Remove the rabbitmq deterministic sort 0a5a117 Prevent overlayfs use in test when kernel < 3.18 or release == trusty 987bab7 [docs] Provide example configurations 5686c70 [docs] Add network config example for test and prod 2252d17 Fix container log bind mount regression a12fe67 Switch the repo_server role to master 52d7ae8 Change the common proxy cache manage tasks to be stateful ec125a3 Update all SHAs for Ocata 2016-10-12 0b16414 Configure Calico specific BIRD settings in OSA 8bfd0ad [Docs] Removed extra grave accent(`) 3b1647c Set default keepalived cidr if none is provided 1588b41 Remove xrange for run both Python 2 and Python 3 ded68dd Fix value for openstack_host_manage_hosts_file fa05a4f [DOCS] Update manual upgrade guide 14e13ec Move inventory generation code into lib 0d9eb88 Move management code to inventory lib. 27799ed Use UCA for keepalived by default 2bcc1f3 Add missing double quote 8b40061 Updated from global requirements cc62c0e [Docs] There was typo mistake b5bb2a9 [docs] Add Introduction heading to Appendix B 5265e1b [docs] Move sphinxmark requirement to test-requirements.txt 65372ce [docs] Correct alignment for code block 2406d36 Set calico wheel name for py_pkgs lookup 764e6c3 Ensure that repo_server/repo_build use same user:group 57255a1 Rename ironic database password during upgrades 227f24f Always force handler execution a1e465e Change calico_git_repo to new repository a7fe66f [DOCS] Edits to installation chapter 59534fb [DOCS] Edits to the target hosts chaps 85591a0 [Docs] Make the security note readable. f362104 [Docs] Fix space typo with effect on rendered page a98a939 [Docs] RabbitMQ is an AMQP server 70fc1ba [Docs] Fix Ansible link f81ac49 Remove unused variable 3f44361 Enable release notes translation f05e5f4 [Install-guide] Alignment gets corrected 1b8d775 [DOCS] Applies edits to the OSA install guide appendix C 34cc7a8 [DOCS] Applying edits to the OSA install guide: configure 4ca3c5c [DOCS] Applying edits to the OSA install guide: deployment host 2869cc8 [DOCS] Adjust watermark color 7305644 [DOCS] Applies edits to the OSA install guide appendix D 2791856 Revert "Update Ansible to v2.1.2.0-1" f4fa8a9 [DOCS] Edits to appendix F 5de2bf3 [DOCS] Edits to appendix G de1a617 [DOCS] Edits to appendix E 8675f24 [docs] Update index for Newton 4f4dbc8 [docs] Applying edits to the OSA install guide: overview 2736255 [DOCS] Applies edits to the OSA install guide appendix A f86e1ed Update release note as the process has changed 166b042 [DOCS] Applies edits to the OSA install guide appendix B 9eb9fc5 Adding Trove Horizon dashboard 951e241 Add integrated Trove deployment. a1bc7d1 Return append status, use it for accurate logging 5bac2e5 Fix a few grammatical errors bf8d023 Revise 'galera' to 'Galera' 7b98e41 Updated from global requirements a6c6bd1 Fix path for /lib/modules on CentOS 71792b9 Update Ansible to v2.1.2.0-1 3083b06 [docs] Update index to expose Newton & Ocata 4587276 Revises yaml to YAML c92f19f [DOCS] Specifies that commands and scripts be executed as root. 75cb2c6 Updated from global requirements 0aa1ce6 Checksum all traffic traveling though the bridges dd4884f Update reno for stable/newton c855ddc [install-guide] Aligned properly at Test environment 56b87ea Add support for the Ceph storage driver in Gnocchi Diffstat (except docs and test files) ------------------------------------- .gitignore | 1 + .gitreview | 2 +- README.rst | 20 + ansible-role-requirements.yml | 106 +- bindep.txt | 2 +- .../source/app-advanced-config-affinity.rst | 50 + .../source/app-advanced-config-options.rst | 14 + .../source/app-advanced-config-override.rst | 267 +++++ .../source/app-advanced-config-security.rst | 38 + .../source/app-advanced-config-sslcertificates.rst | 141 +++ deploy-guide/source/app-ceph.rst | 18 + deploy-guide/source/app-config-prod.rst | 126 ++ deploy-guide/source/app-config-test.rst | 108 ++ deploy-guide/source/app-custom-layouts.rst | 192 +++ deploy-guide/source/app-limited-connectivity.rst | 152 +++ deploy-guide/source/app-networking.rst | 118 ++ deploy-guide/source/app-resources.rst | 27 + deploy-guide/source/app-security.rst | 161 +++ deploy-guide/source/app.rst | 16 + deploy-guide/source/conf.py | 357 ++++++ deploy-guide/source/configure.rst | 186 +++ deploy-guide/source/deploymenthost.rst | 140 +++ .../source/figures/arch-layout-production.png | Bin 0 -> 217767 bytes .../source/figures/arch-layout-production.svg | 3 + deploy-guide/source/figures/arch-layout-test.png | Bin 0 -> 220515 bytes deploy-guide/source/figures/arch-layout-test.svg | 3 + deploy-guide/source/figures/arch-layout.graffle | Bin 0 -> 6161 bytes .../installation-workflow-configure-deployment.png | Bin 0 -> 49639 bytes .../installation-workflow-deploymenthost.png | Bin 0 -> 48857 bytes .../figures/installation-workflow-overview.png | Bin 0 -> 46557 bytes .../installation-workflow-run-playbooks.png | Bin 0 -> 48037 bytes .../figures/installation-workflow-targethosts.png | Bin 0 -> 48201 bytes .../installation-workflow-verify-openstack.png | Bin 0 -> 50368 bytes .../source/figures/installation-workflow.graffle | Bin 0 -> 2583 bytes .../figures/networkarch-bare-external-example.png | Bin 0 -> 107053 bytes .../source/figures/networkarch-bare-external.png | Bin 0 -> 109645 bytes .../networkarch-container-external-example.png | Bin 0 -> 178387 bytes .../figures/networkarch-container-external.png | Bin 0 -> 183958 bytes deploy-guide/source/figures/networkcomponents.png | Bin 0 -> 38304 bytes deploy-guide/source/figures/networking-compute.png | Bin 0 -> 116754 bytes .../source/figures/networking-neutronagents.png | Bin 0 -> 136895 bytes .../source/figures/production-storage-cinder.png | Bin 0 -> 102217 bytes .../production-storage-cinder.svg/image3.wmf | Bin 0 -> 19378 bytes .../production-storage-cinder.svg | 3 + .../source/figures/production-storage-glance.png | Bin 0 -> 87006 bytes .../production-storage-glance.svg/image3.wmf | Bin 0 -> 19378 bytes .../production-storage-glance.svg | 3 + .../source/figures/production-storage-nova.png | Bin 0 -> 84263 bytes .../figures/production-storage-nova.svg/image3.wmf | Bin 0 -> 19378 bytes .../production-storage-nova.svg | 3 + .../source/figures/production-storage-swift.png | Bin 0 -> 108150 bytes .../source/figures/production-storage-swift.svg | 3 + .../figures/production-storage.graffle/data.plist | Bin 0 -> 8497 bytes .../figures/production-storage.graffle/image3.wmf | Bin 0 -> 19378 bytes deploy-guide/source/figures/production-storage.svg | 3 + deploy-guide/source/index.rst | 25 + deploy-guide/source/overview-network-arch.rst | 85 ++ deploy-guide/source/overview-osa.rst | 63 + deploy-guide/source/overview-requirements.rst | 123 ++ .../source/overview-service-architecture.rst | 122 ++ deploy-guide/source/overview-storage-arch.rst | 167 +++ deploy-guide/source/overview.rst | 11 + deploy-guide/source/run-playbooks.rst | 132 +++ deploy-guide/source/targethosts-networkconfig.rst | 29 + deploy-guide/source/targethosts-prepare.rst | 179 +++ deploy-guide/source/targethosts.rst | 14 + deploy-guide/source/verify-operation.rst | 72 ++ .../installation-hosts-limited-connectivity.rst | 182 --- .../developer-docs/ops-remove-computehost.rst | 51 - .../draft-operations-guide/advanced-config.rst | 337 ++++++ .../draft-operations-guide/maintenance-tasks.rst | 19 + .../maintenance-tasks/ansible-modules.rst | 131 +++ .../maintenance-tasks/backups.rst | 37 + .../maintenance-tasks/containers.rst | 194 +++ .../maintenance-tasks/firewalls.rst | 14 + .../maintenance-tasks/galera.rst | 430 +++++++ .../maintenance-tasks/managing-swift.rst | 78 ++ .../maintenance-tasks/network-maintain.rst | 27 + .../maintenance-tasks/rabbitmq-maintain.rst | 24 + .../maintenance-tasks/scale-environment.rst | 366 ++++++ .../draft-operations-guide/monitor-environment.rst | 11 + .../monitor-environment/monitoring-systems.rst | 11 + .../openstack-operations.rst | 15 + .../openstack-operations/access-environment.rst | 272 +++++ .../openstack-operations/managing-images.rst | 125 ++ .../openstack-operations/managing-instances.rst | 220 ++++ .../openstack-operations/network-service.rst | 41 + .../openstack-operations/verify-deploy.rst | 61 + .../ref-info/ansible-scripts.rst | 21 + .../ref-info/lxc-commands.rst | 37 + .../draft-operations-guide/troubleshooting.rst | 223 ++++ .../install-guide/app-advanced-config-affinity.rst | 50 - .../install-guide/app-advanced-config-options.rst | 12 - .../install-guide/app-advanced-config-override.rst | 249 ---- .../install-guide/app-advanced-config-security.rst | 43 - .../app-advanced-config-sslcertificates.rst | 139 --- .../install-guide/app-advanced-role-docs.rst | 92 -- .../figures/arch-layout-production.png | Bin 217767 -> 0 bytes .../figures/arch-layout-production.svg | 3 - .../install-guide/figures/arch-layout-test.png | Bin 220515 -> 0 bytes .../install-guide/figures/arch-layout-test.svg | 3 - .../install-guide/figures/arch-layout.graffle | Bin 6161 -> 0 bytes .../installation-workflow-configure-deployment.png | Bin 49639 -> 0 bytes .../installation-workflow-deploymenthost.png | Bin 48857 -> 0 bytes .../figures/installation-workflow-overview.png | Bin 46557 -> 0 bytes .../installation-workflow-run-playbooks.png | Bin 48037 -> 0 bytes .../figures/installation-workflow-targethosts.png | Bin 48201 -> 0 bytes .../installation-workflow-verify-openstack.png | Bin 50368 -> 0 bytes .../figures/installation-workflow.graffle | Bin 2583 -> 0 bytes .../figures/networkarch-bare-external-example.png | Bin 107053 -> 0 bytes .../figures/networkarch-bare-external.png | Bin 109645 -> 0 bytes .../networkarch-container-external-example.png | Bin 178387 -> 0 bytes .../figures/networkarch-container-external.png | Bin 183958 -> 0 bytes .../install-guide/figures/networkcomponents.png | Bin 38304 -> 0 bytes .../install-guide/figures/networking-compute.png | Bin 116754 -> 0 bytes .../figures/networking-neutronagents.png | Bin 136895 -> 0 bytes .../figures/production-storage-cinder.png | Bin 102217 -> 0 bytes .../production-storage-cinder.svg/image3.wmf | Bin 19378 -> 0 bytes .../production-storage-cinder.svg | 3 - .../figures/production-storage-glance.png | Bin 87006 -> 0 bytes .../production-storage-glance.svg/image3.wmf | Bin 19378 -> 0 bytes .../production-storage-glance.svg | 3 - .../figures/production-storage-nova.png | Bin 84263 -> 0 bytes .../figures/production-storage-nova.svg/image3.wmf | Bin 19378 -> 0 bytes .../production-storage-nova.svg | 3 - .../figures/production-storage-swift.png | Bin 108150 -> 0 bytes .../figures/production-storage-swift.svg | 3 - .../figures/production-storage.graffle/data.plist | Bin 8497 -> 0 bytes .../figures/production-storage.graffle/image3.wmf | Bin 19378 -> 0 bytes .../install-guide/figures/production-storage.svg | 3 - .../overview-service-architecture.rst | 123 -- .../install-guide/targethosts-networkconfig.rst | 135 --- .../upgrade-guide/reference-upgrade-playbooks.rst | 93 +- .../interfaces.d/openstack_interface.cfg.example | 123 -- .../openstack_interface.cfg.prod.example | 141 +++ .../openstack_interface.cfg.test.example | 103 ++ etc/openstack_deploy/conf.d/ceph.yml.aio | 9 + etc/openstack_deploy/conf.d/designate.yml.aio | 4 + etc/openstack_deploy/conf.d/designate.yml.example | 8 + etc/openstack_deploy/conf.d/ironic.yml.aio | 6 + .../conf.d/swift-remote.yml.sample | 2 +- etc/openstack_deploy/conf.d/trove.yml.aio | 3 + etc/openstack_deploy/conf.d/trove.yml.example | 8 + .../env.d/cinder-volume.yml.container.example | 13 + etc/openstack_deploy/openstack_user_config.yml.aio | 4 + .../openstack_user_config.yml.example | 69 +- .../openstack_user_config.yml.prod.example | 288 +++++ .../openstack_user_config.yml.test.example | 144 +++ etc/openstack_deploy/user_secrets.yml | 32 +- etc/openstack_deploy/user_variables.yml | 8 - .../user_variables.yml.prod.example | 9 + global-requirement-pins.txt | 4 +- lib/__init__.py | 0 lib/dictutils.py | 92 ++ lib/filesystem.py | 315 +++++ lib/generate.py | 1132 ++++++++++++++++++ lib/ip.py | 322 +++++ lib/manage.py | 356 ++++++ lib/tools.py | 53 + playbooks/ceph-install.yml | 90 ++ playbooks/common-tasks/dynamic-address-fact.yml | 49 + playbooks/common-tasks/dynamic-grouping.yml | 22 + playbooks/common-tasks/mysql-db-user.yml | 1 + playbooks/common-tasks/os-lxc-container-setup.yml | 42 +- playbooks/common-tasks/package-cache-proxy.yml | 28 + playbooks/common-tasks/rabbitmq-servers-sort.yml | 33 - playbooks/common-tasks/set-pip-upstream-url.yml | 33 + playbooks/common-tasks/set-upper-constraints.yml | 51 + playbooks/defaults/repo_packages/gnocchi.yml | 2 +- playbooks/defaults/repo_packages/nova_consoles.yml | 4 +- .../defaults/repo_packages/openstack_services.yml | 96 +- .../defaults/repo_packages/openstack_testing.yml | 6 +- playbooks/defaults/repo_packages/projectcalico.yml | 6 +- playbooks/galera-install.yml | 5 +- playbooks/haproxy-install.yml | 2 +- playbooks/inventory/dynamic_inventory.py | 1238 +------------------- playbooks/inventory/env.d/barbican.yml | 36 + playbooks/inventory/env.d/ceph.yml | 53 + playbooks/inventory/env.d/designate.yml | 56 + playbooks/inventory/env.d/ironic.yml | 23 + playbooks/inventory/env.d/neutron.yml | 3 + playbooks/inventory/env.d/nova.yml | 9 +- playbooks/inventory/env.d/trove.yml | 59 + playbooks/inventory/group_vars/all.yml | 60 +- playbooks/inventory/group_vars/aodh_all.yml | 4 + playbooks/inventory/group_vars/barbican_all.yml | 33 + playbooks/inventory/group_vars/ceilometer_all.yml | 5 + playbooks/inventory/group_vars/cinder_all.yml | 13 + playbooks/inventory/group_vars/designate_all.yml | 53 + playbooks/inventory/group_vars/glance_all.yml | 5 + playbooks/inventory/group_vars/gnocchi_all.yml | 4 + playbooks/inventory/group_vars/haproxy_all.yml | 13 + playbooks/inventory/group_vars/heat_all.yml | 8 + playbooks/inventory/group_vars/horizon_all.yml | 7 + playbooks/inventory/group_vars/hosts.yml | 12 +- playbooks/inventory/group_vars/ironic_all.yml | 4 + playbooks/inventory/group_vars/ironic_compute.yml | 16 + playbooks/inventory/group_vars/keystone_all.yml | 4 + playbooks/inventory/group_vars/magnum_all.yml | 4 + playbooks/inventory/group_vars/memcached.yml | 2 +- playbooks/inventory/group_vars/neutron_agent.yml | 11 + playbooks/inventory/group_vars/neutron_all.yml | 6 +- .../group_vars/neutron_calico_dhcp_agent.yml | 107 ++ playbooks/inventory/group_vars/nova_all.yml | 8 + playbooks/inventory/group_vars/rabbitmq_all.yml | 3 + playbooks/inventory/group_vars/rally_all.yml | 18 + playbooks/inventory/group_vars/repo_all.yml | 14 + playbooks/inventory/group_vars/sahara_all.yml | 4 + playbooks/inventory/group_vars/swift_all.yml | 4 + playbooks/inventory/group_vars/trove_all.yml | 46 + playbooks/inventory/group_vars/utility_all.yml | 43 +- playbooks/lxc-containers-create.yml | 6 +- playbooks/lxc-hosts-setup.yml | 8 + playbooks/openstack-hosts-setup.yml | 44 + playbooks/os-aodh-install.yml | 5 - playbooks/os-barbican-install.yml | 61 + playbooks/os-ceilometer-install.yml | 5 - playbooks/os-cinder-install.yml | 56 +- playbooks/os-designate-install.yml | 76 ++ playbooks/os-glance-install.yml | 20 +- playbooks/os-gnocchi-install.yml | 16 +- playbooks/os-heat-install.yml | 5 - playbooks/os-horizon-install.yml | 5 - playbooks/os-ironic-install.yml | 5 - playbooks/os-keystone-install.yml | 8 +- playbooks/os-magnum-install.yml | 5 - playbooks/os-neutron-install.yml | 60 +- playbooks/os-nova-install.yml | 72 +- playbooks/os-rally-install.yml | 4 - playbooks/os-sahara-install.yml | 6 - playbooks/os-swift-install.yml | 6 +- playbooks/os-swift-sync.yml | 1 - playbooks/os-tempest-install.yml | 6 +- playbooks/os-trove-install.yml | 76 ++ playbooks/rabbitmq-install.yml | 22 +- playbooks/repo-build.yml | 34 +- playbooks/repo-server.yml | 7 +- .../system_crontab_coordination/meta/main.yml | 2 +- playbooks/rsyslog-install.yml | 2 + playbooks/security-hardening.yml | 2 +- playbooks/setup-infrastructure.yml | 1 + playbooks/setup-openstack.yml | 6 + playbooks/unbound-install.yml | 15 +- playbooks/utility-install.yml | 13 +- playbooks/vars/configs/haproxy_config.yml | 72 +- playbooks/vars/configs/keepalived_haproxy.yml | 5 +- .../notes/Add-CentOS-support-05f2d1302b7ee2e7.yaml | 4 + .../notes/Add-CentOS-support-9a63262163dfb678.yaml | 4 + .../add-designate-to-repo-7be6ea74870196ff.yaml | 5 + ...signate-dashboard-support-2dbd3ef0041c67d3.yaml | 5 + ...signate-dashboard-support-44392c49b0e1a307.yaml | 5 + ...n-trove-dashboard-support-0617c22db2203b62.yaml | 5 + .../notes/add-magnum-to-repo-548f243b3a253b04.yaml | 4 +- .../notes/add-rpc-tunables-cfb2027b083ccf88.yaml | 6 + .../notes/add-trove-to-repo-dec89e1024791765.yaml | 5 + .../notes/aio-config-path-82cda1de6d1dfad7.yaml | 14 + .../ansible-force-handlers-1e00c9a88c29fe4f.yaml | 8 + ...ible_ssh_host_var_removed-984abb4bbeb17366.yaml | 6 + .../apt-source-filenamed-2cc698add82f5eea.yaml | 5 + .../apt-source-filenamed-4b0f490c2bd97c19.yaml | 6 + .../apt-source-filenamed-796a4feb4434655c.yaml | 5 + .../apt-source-filenamed-9718897bcfa7b36b.yaml | 4 + .../apt-source-filenamed-9f83d18619debf26.yaml | 6 + .../apt-source-filenamed-e710006ed93a9c67.yaml | 5 + .../barbican-integration-cef0bf5e44d455e6.yaml | 5 + .../notes/bindmount-logs-3c23aab5b5ed3440.yaml | 32 +- .../bump-xtrabackup-ppc64le-479623f2d4ea3f52.yaml | 4 + .../bump-xtrabackup-version-91f09e88863e9487.yaml | 7 + .../notes/cap-workers-fc70b4f8586ba1a5.yaml | 6 + ...apping_ceilometer_workers-80a768e3aaed0aec.yaml | 6 + ...nder_osapi_volume_workers-db32afcf7615b05b.yaml | 5 + ...ing_galera_server_workers-028166f467ffe2d8.yaml | 9 + .../capping_glance_workers-54afc20c20baa14e.yaml | 6 + .../capping_heat_workers-13791c456e59277d.yaml | 6 + .../capping_horizon_workers-29ecc4893bcc3a4b.yaml | 6 + .../capping_keystone_workers-e284a47fc4dcea38.yaml | 6 + .../capping_neutron_workers-d97a5d50ca996af5.yaml | 6 + .../capping_nova_workers-349f0f4d3fd50b37.yaml | 7 + ...apping_repo_nginx_workers-ddbc355855f8fe43.yaml | 5 + ...ometer_conf_from_upstream-3bc88e19085cdace.yaml | 14 + ...nocci_resources_deprecate-efbce0894cf4e086.yaml | 7 + ...er_upstream_file_retrieve-bbbf147cdeacb8f2.yaml | 10 + .../notes/ceph-ansible-d89e3a02b560f9b1.yaml | 15 + .../chrony-config-variable-7a1a7862c05c9675.yaml | 5 + .../notes/cinder-backups-e615607a558248cd.yaml | 10 + .../cinder-nfs-multibackend-df133e8fff374da4.yaml | 5 + .../notes/compiler-packages-e110cafb5a69471e.yaml | 6 + ...onfigurable-conntrack-max-44e3d1af4921bdf0.yaml | 7 + ...e-polling-sample-interval-54b2fb66140b4220.yaml | 6 + ...iner-static-mac-addresses-9aae098fdc8a57cc.yaml | 15 + ...ntainer_cidr_key_restored-4d232fff46ec00b9.yaml | 8 + .../designate-1604-support-d397681dd302eda9.yaml | 2 + ...ignate-pools-yaml-support-d693dc2471642167.yaml | 11 + .../notes/disable-sslv3-303acdcc6b593180.yaml | 3 + ...disable_non_tls_listeners-ef9c20d70f820a69.yaml | 5 + .../distribute-extra-keys-d01164639ff9bdf9.yaml | 6 + ...sq-ignore-unknown-clients-5f6b3d36b7ad5e18.yaml | 8 + .../extra-ceph-clusters-00ad154ffb0589a6.yaml | 7 + .../notes/extra-volume-types-cd8f0feb467588ec.yaml | 5 + ...ntainer_config_no_restart-6e892a95956eff1f.yaml | 13 + ...unt-of-open-files-systemd-54af64659bf61518.yaml | 8 + .../fix_lxc_hosts_membership-1f73f3114638c09e.yaml | 7 + ...alera-client-mariadb-10-1-a90e0d2a89d6e76b.yaml | 5 + ...ra-client-package-install-fd34423e293f5d8b.yaml | 9 + ...alera-server-mariadb-10-1-8620e7eadafb6e8f.yaml | 10 + .../galera_package_arch-913fb39b07a139fd.yaml | 9 + .../notes/get-networks-e241137620c2280d.yaml | 9 + ...swift-store-auth-insecure-1b69e1e3e9ba0b30.yaml | 7 + ...hi_default_basic_authmode-32c951e1ab8f21ed.yaml | 12 + ...i_remove_policy_api_paste-40941301f475f1d1.yaml | 8 + ...hi_upstream_file_retrieve-e2a056bfc532d761.yaml | 10 + .../notes/group_branches-281e8d5fe2a54425.yaml | 5 + .../haproxy-bind-override-9562bab32b964de2.yaml | 7 + ...haproxy-selinux-all-ports-4094eed48f2bfbca.yaml | 4 + ...heat-using-cinder-backups-f9b4837d25f4b8b7.yaml | 8 + ...zon_disallow_iframe_embed-8c115e431b812655.yaml | 6 + .../inventory-check-groups-1cc245cdcbb999df.yaml | 5 + ...c-neutron-network-support-669c382ea8bd3b98.yaml | 17 + ...c-oneview-drivers-support-6d9c6c5a7e7bfc36.yaml | 4 + .../jewel-default-release-cf139062bb5fc972.yaml | 4 + ...d-default-cidr-workaround-8f2b5a0b074898e1.yaml | 9 + ...ontainer-base-name-prefix-dcf5ad3d914df59c.yaml | 4 + ...c-install-from-pkg-centos-e38d351a3a9ac67e.yaml | 5 + .../notes/lxc-net-ipv6-255787db5db6fc75.yaml | 5 + .../lxc_cache_environment-f14701a7f8f4b8ca.yaml | 5 + ...po-is-removed-if-not-used-36670d0a276192f1.yaml | 9 + .../network_sriov_mappings-7e4c9bcb164625c3.yaml | 8 + ...eutron-dragonflow-support-fce23f85c6a0bebd.yaml | 7 + .../notes/neutron-sriov-50c0099554574d01.yaml | 7 + .../notes/nova-placement-api-07ce03fdceb95c6d.yaml | 12 + ...tack-release-file-changes-ef4b28d46378fd7a.yaml | 19 + ...one-zero-downtime-upgrade-5f19ab84183490b9.yaml | 5 + ...ron-deprecate-dhcp-domain-63b4c4dfbccd3a3a.yaml | 4 + .../os-nova-remove-nova-cert-441989f79b69524f.yaml | 5 + .../notes/os-tempest-flavors-8f5b459b2e31b7c3.yaml | 5 + .../os_aodh-centos-support-6817cfd617e83bec.yaml | 3 + ...ceilometer-centos-support-2a87df89aa7b7556.yaml | 3 + ..._designate-centos-support-501276f049c2baff.yaml | 4 + ...signate-only-install-venv-b58477153de1b1de.yaml | 6 + ...os_gnocchi-centos-support-d86d5e8269789a77.yaml | 3 + .../os_heat-centos-support-1987176097125805.yaml | 3 + ...os_horizon-centos-support-8070b736874602ee.yaml | 3 + ...os_neutron-centos-support-6e3aede0f8b13af4.yaml | 3 + .../os_nova-centos-support-4ada2ade2b9dd8c9.yaml | 3 + .../os_swift-centos7-support-23846d7eafbfa957.yaml | 3 + ...sa-security-rhel7-content-b55ed1d1bae02295.yaml | 6 + .../notes/package-state-1497c9e2beedaf21.yaml | 13 + .../notes/package-state-b97c7b252aee4c20.yaml | 13 + .../package-state-present-951161faa5384abd.yaml | 7 + .../notes/path-customization-e7e0ae0f93e5283b.yaml | 4 + .../plugins-remove-glance-0034a2192f91da7c.yaml | 5 + .../powervm-novalink-url-c5f9377e4f7971af.yaml | 7 + .../proxy-apt-cacher-ng-1bedb761e2db04b8.yaml | 9 + ...olicies-and-rules-support-4eee3b183d8c4cdc.yaml | 10 + .../notes/qos-support-1c601862ab2f9825.yaml | 5 + ...-repo-instead-of-pkg-file-8cdd00f58d3496ba.yaml | 14 + .../notes/remove-ansible.cfg-e65e4f17bc30cce7.yaml | 2 +- .../notes/remove-old-secrets-d896f3ff794a1a47.yaml | 14 + .../remove-requirements-git-0454e08c243037bc.yaml | 7 + .../remove-requirements-git-09e7a42384f30594.yaml | 7 + .../remove-requirements-git-0c8e83081b435229.yaml | 7 + .../remove-requirements-git-0d898621f1b62a29.yaml | 7 + .../remove-requirements-git-212d02658644c17b.yaml | 7 + .../remove-requirements-git-2ae8c5f65faa3af6.yaml | 7 + .../remove-requirements-git-451af20d60205c17.yaml | 7 + .../remove-requirements-git-59f58bcf4e54a569.yaml | 7 + .../remove-requirements-git-6f43595994cc906e.yaml | 7 + .../remove-requirements-git-88e681504fbd8db1.yaml | 7 + .../remove-requirements-git-8953c213f4a57512.yaml | 7 + .../remove-requirements-git-af92138c4d8f9a81.yaml | 7 + .../remove-requirements-git-bdf5691b8390ed7c.yaml | 7 + .../remove-requirements-git-bed8d47512188ad1.yaml | 7 + .../remove-requirements-git-bf84874e42ca5fd1.yaml | 7 + .../remove-requirements-git-c8a762c5172f25c7.yaml | 12 + .../remove-requirements-git-c93cd07554c5f1e4.yaml | 7 + .../remove-requirements-git-eb90b906a4ad4642.yaml | 7 + .../notes/remove-uca-rdo-8c625c61eeb9a771.yaml | 5 + .../notes/rhel7-stig-default-f6c7c97498a8b2e7.yaml | 19 + .../rsync_reverse_lookup-609fb68be712a5e4.yaml | 11 + ...a-data-processing-service-8e63ebed6baf08bc.yaml | 2 +- ...curity-playbook-hosts-var-a9b71f3dbcda2cad.yaml | 4 + .../support-powervm-rmc-dedce9da5fdd1bea.yaml | 7 + .../swift-pypy-gc-options-663fecdf1e013a23.yaml | 10 + .../notes/swift-pypy-support-9706519c4b88a571.yaml | 8 +- ...ft-tempauth-configuration-7f710a5e2a1af67f.yaml | 8 + ...rsioned-writes-middleware-0b529e3cf2fb493d.yaml | 8 + .../trove-horizon-panel-c34dadb7f6cebe5e.yaml | 5 + .../trove-horizon-panel-c3b616273b21d7db.yaml | 9 + ...ctor_workers_with_capping-1ea72352813ce530.yaml | 6 + .../trusty-support-removed-585cf4b45b4283ee.yaml | 7 + ...ate-multi-backend-options-4eb27290058401d3.yaml | 9 + ...-rename-gnocchi-endpoints-87626018773f77e0.yaml | 5 + ...ame-required-pip-packages-632851ef8137a4a1.yaml | 5 + ...olume_clear_shred_removed-aa0b0e96d70a0221.yaml | 5 + .../xenial_systemd_support-d8c67f1101c34a26.yaml | 4 + releasenotes/source/conf.py | 3 + releasenotes/source/index.rst | 1 + releasenotes/source/newton.rst | 6 + requirements.txt | 13 +- scripts/bootstrap-aio.sh | 11 +- scripts/bootstrap-ansible.sh | 131 ++- scripts/fastest-infra-wheel-mirror.py | 9 +- scripts/gate-check-commit.sh | 50 +- scripts/gen-config.py | 65 + scripts/inventory-manage.py | 13 +- scripts/manage_inventory.py | 370 ------ scripts/openstack-ansible.rc | 6 +- scripts/osa-aio-heat-template.yml | 94 -- scripts/run-playbooks.sh | 16 - scripts/run-tempest.sh | 61 - scripts/run-upgrade.sh | 7 +- scripts/scripts-library.sh | 12 +- scripts/sources-branch-updater.sh | 17 +- .../playbooks/aodh-api-init-delete.yml | 47 - .../playbooks/db-collation-alter.yml | 57 - .../playbooks/deploy-config-changes.yml | 2 +- .../playbooks/galera-cluster-rolling-restart.yml | 2 +- .../playbooks/lbaas-version-check.yml | 27 - .../playbooks/mariadb-apt-cleanup.yml | 24 - .../playbooks/old-hostname-compatibility.yml | 145 --- .../playbooks/user-secrets-adjustment.yml | 8 + test-requirements.txt | 11 +- .../bootstrap-host/tasks/check-requirements.yml | 5 +- .../bootstrap-host/tasks/install_packages.yml | 114 ++ .../bootstrap-host/tasks/prepare_aio_config.yml | 20 +- .../bootstrap-host/tasks/prepare_data_disk.yml | 20 +- .../tasks/prepare_loopback_cinder.yml | 15 +- .../bootstrap-host/tasks/prepare_loopback_nova.yml | 2 +- .../bootstrap-host/tasks/prepare_loopback_swap.yml | 72 +- .../tasks/prepare_loopback_swift.yml | 2 +- .../bootstrap-host/tasks/prepare_networking.yml | 68 +- .../bootstrap-host/templates/osa_interfaces.cfg.j2 | 4 +- .../templates/redhat_interface_alias.cfg.j2 | 5 + .../templates/redhat_interface_default.cfg.j2 | 11 + .../templates/redhat_interface_ifdown-post.cfg.j2 | 19 + .../templates/redhat_interface_ifup-post.cfg.j2 | 25 + .../templates/user_variables.aio.yml.j2 | 31 +- .../templates/user_variables.ceph.yml.j2 | 16 + tox.ini | 28 +- 509 files changed, 14076 insertions(+), 7353 deletions(-) Requirements updates -------------------- diff --git a/requirements.txt b/requirements.txt index 2938075..0f5622d 100644 --- a/requirements.txt +++ b/requirements.txt @@ -4,2 +4,2 @@ -pip>=6.0 # MIT -setuptools!=24.0.0,>=16.0 # PSF/ZPL +pip>=7.1.0 # MIT +setuptools!=24.0.0,!=34.0.0,!=34.0.1,!=34.0.2,!=34.0.3,!=34.1.0,!=34.1.1,!=34.2.0,!=34.3.0,>=16.0 # PSF/ZPL @@ -9 +9 @@ pyOpenSSL>=0.14 # Apache-2.0 -requests>=2.10.0 # Apache-2.0 +requests!=2.12.2,>=2.10.0 # Apache-2.0 @@ -12 +12 @@ netaddr!=0.7.16,>=0.7.13 # BSD -PrettyTable<0.8,>=0.7 # BSD +PrettyTable<0.8,>=0.7.1 # BSD @@ -15,2 +15,3 @@ python-memcached>=1.56 # PSF -PyYAML>=3.1.0 # MIT -virtualenv # MIT +PyYAML>=3.10.0 # MIT +urllib3>=1.15.1 # MIT +virtualenv>=13.1.0 # MIT diff --git a/test-requirements.txt b/test-requirements.txt index 86fae7a..7c6cede 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -5 +5 @@ bashate>=0.2 # Apache-2.0 -coverage>=3.6 # Apache-2.0 +coverage>=4.0 # Apache-2.0 @@ -12 +12 @@ pyflakes==0.8.1 # MIT -virtualenv # MIT +virtualenv>=13.1.0 # MIT @@ -15,2 +15,2 @@ virtualenv # MIT -sphinx!=1.3b1,<1.3,>=1.2.1 # BSD -oslosphinx!=3.4.0,>=2.5.0 # Apache-2.0 +sphinx!=1.3b1,<1.4,>=1.2.1 # BSD +oslosphinx>=4.7.0 # Apache-2.0 @@ -19 +19,2 @@ doc8 # Apache-2.0 -reno>=1.8.0 # Apache2 +reno>=1.8.0 # Apache-2.0 +sphinxmark>=0.1.14 # Apache-2.0

1 0

[ironic] virtualbmc 1.1.0
by no-reply＠openstack.org 08 Mar '17

08 Mar '17

We enthusiastically announce the release of: virtualbmc 1.1.0: Create virtual BMCs for controlling virtual instances via IPMI Download the package from: https://tarballs.openstack.org/virtualbmc/ For more details, please see below. Changes in virtualbmc 1.0.0..1.1.0 ---------------------------------- ef2c881 Fix TypeError when writing config file in Python 3 14ec963 Update hacking requirements to fix the pep8 CI job Diffstat (except docs and test files) ------------------------------------- test-requirements.txt | 2 +- virtualbmc/manager.py | 3 ++- 3 files changed, 32 insertions(+), 4 deletions(-) Requirements updates -------------------- diff --git a/test-requirements.txt b/test-requirements.txt index ffa08e2..146553c 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -5 +5 @@ -hacking<0.11,>=0.10.2 # Apache-2.0 +hacking>=0.12.0,!=0.13.0,<0.14 # Apache-2.0

1 0