- Release-announce - lists.openstack.org

puppet-tripleo 16.1.0
by no-reply＠openstack.org 13 Apr '22

13 Apr '22

We are stoked to announce the release of: puppet-tripleo 16.1.0: Puppet module for OpenStack TripleO The source is available from: https://opendev.org/openstack/puppet-tripleo Download the package from: https://tarballs.openstack.org/puppet-tripleo/ For more details, please see below. 16.1.0 ^^^^^^ New Features ************ * A new "tripleo::profile::base::cinder::volume::rbd::extra_options" parameter adds the ability to configure additional options for use with cinder RBD backends. * Added support for host personality, iSCSI CIDR and eradicate on delete parameters for Pure Storage FlashArray Cinder backend. Upgrade Notes ************* * The unused "stack_action" hiera parameter has now been removed. Changes in puppet-tripleo 16.0.0..16.1.0 ---------------------------------------- e9e044d4 Bump metadata 16.1.0 to make master release 11e32903 setuptools: Disable auto discovery 6ae0ee75 Remove stack_action parameter c127941d Format [oslo_cache] memcache_server when IPv6 is used 1e63b4c5 Format [keystone_authtoken] memcache_servers when IPv6 is used 603fb44a Clean up code for novajoin bb298e6f Inject facts provided by Puppet OpenStack modules 3db4e972 Hardcode memcached::max_memory in unit tests 42a8771f Remove unused parameters 32d053bf Remove unused hieradata items d0ea37b8 Fix unnecessary class inclusion and type in unit tests efe87ad1 Add support for CentOS 9 Stream and RHEL 9 dccfa940 Remove manifests for networking-bigswitch c25d96a5 Remove puppet-redis from additional dependencies c9ba6a26 Bump haproxy check timeout a68d37f8 Swift: Fix the class to enable the audit middleware a4b168b0 Octavia: Ensure [service_auth] password is set 052b0e67 Move zuul jobs layout to centos9 only for master branch 79dd89c7 Revert "Pin puppet-snmp" aee66b92 Remove unused puppet-keepalived d0cc2685 Revert "Pin puppet-systemd" 0ba4a7bc Designate: Manage [network_api:neutron] parameters 70eb69d4 logrotate: Remove redundant blank lines dcda4ee5 Cinder: Manage quota options eac5caa9 Fix lint failures 209e954c Increase connection timeouts for Redis 1916e802 Add flag for rabbitmq fips_mode, defaulting to false 4f938344 Heat: include an independent class to set up [trustee] 71e83c80 Nova: Configure [keystone] parameters 8fe2e2c9 Cinder: Clean up deprecated Dell EMC volume drivers bcb55d62 Horizon: Manage policy files be5ca93a ironic-inspector: Allow arbitrary configurations 94ee6744 ironic-inspector: Include independent classes for ironic/swift options 6cc58e8a Enable policy rule management in nova-compute 87fdaf81 Swift: Define password in unit test hieradata 68e64d3e Remove Mistral/Zaqar hieradata a4fa4fbb Enforce stonith for ComputeInstanceHA nodes 67ce8f75 Designate: Manage [producer_task:*] parameters 89ded136 Add unit tests for Octavia manifests 39aad095 Make reply_ and _fanout queues non HA f6815f34 Support configuring extra cinder RBD options 23a9600a Octavia: configure services endpoints d674f63e Run designate-api under apache 69aa1e27 Add powermax support eb77e9a0 Remove unused tripleo::profile::base::validations 839b4815 MySQL: Remove ineffective systemd drop-in 242044d8 Redis: Remove leftover of Sentinel support 751c6f01 Remove leftover of keepalived support ee567f02 Remove ineffective unit test code bb895154 [Pure Storage] Add new params for FlashArray Cinder driver 5e687093 Remove the unused parameter ecd7f491 Add option to configure snmpd auth type e4e9be76 Make sure resource_op_defaults are set before bundles a9e0ec90 Make sure that rabbitmq_cacert has 'undef' as a default. 9b4212e2 Remove stack_update check in rabbit manifest a30b9f93 drop resource_restart_flag 5b5ee3fd Drop non-bundle manila Diffstat (except docs and test files) ------------------------------------- Puppetfile_extras | 17 +-- manifests/fencing.pp | 15 +++ manifests/haproxy.pp | 18 +-- manifests/pacemaker/resource_restart_flag.pp | 46 -------- manifests/profile/base/aodh/authtoken.pp | 13 ++- manifests/profile/base/barbican/authtoken.pp | 13 ++- manifests/profile/base/cinder.pp | 1 + manifests/profile/base/cinder/api.pp | 15 +-- manifests/profile/base/cinder/authtoken.pp | 13 ++- manifests/profile/base/cinder/volume.pp | 41 ------- .../base/cinder/volume/dellemc_vmax_iscsi.pp | 45 ------- .../profile/base/cinder/volume/dellemc_vxflexos.pp | 57 --------- manifests/profile/base/cinder/volume/pure.pp | 20 ++-- manifests/profile/base/cinder/volume/rbd.pp | 17 ++- manifests/profile/base/cinder/volume/scaleio.pp | 60 ---------- manifests/profile/base/database/mysql.pp | 15 --- manifests/profile/base/designate/api.pp | 70 +++++++++-- manifests/profile/base/designate/authtoken.pp | 13 ++- manifests/profile/base/designate/backend.pp | 2 +- manifests/profile/base/designate/central.pp | 1 + manifests/profile/base/designate/producer.pp | 5 + manifests/profile/base/glance/authtoken.pp | 13 ++- manifests/profile/base/gnocchi/authtoken.pp | 13 ++- manifests/profile/base/heat.pp | 29 ++++- manifests/profile/base/heat/authtoken.pp | 13 ++- manifests/profile/base/horizon.pp | 1 + manifests/profile/base/ironic/authtoken.pp | 13 ++- manifests/profile/base/ironic_inspector.pp | 4 +- .../profile/base/ironic_inspector/authtoken.pp | 13 ++- manifests/profile/base/keepalived.pp | 81 ------------- manifests/profile/base/keystone.pp | 51 ++++---- manifests/profile/base/manila/api.pp | 11 +- manifests/profile/base/manila/authtoken.pp | 13 ++- manifests/profile/base/manila/share.pp | 24 ++++ manifests/profile/base/neutron/agents/bigswitch.pp | 31 ----- manifests/profile/base/neutron/authtoken.pp | 13 ++- manifests/profile/base/neutron/plugins/ml2.pp | 4 - manifests/profile/base/nova.pp | 35 ++++-- manifests/profile/base/nova/api.pp | 1 + manifests/profile/base/nova/authtoken.pp | 13 ++- manifests/profile/base/nova/compute.pp | 5 + manifests/profile/base/novajoin.pp | 86 -------------- manifests/profile/base/novajoin/authtoken.pp | 79 ------------- manifests/profile/base/octavia/authtoken.pp | 13 ++- manifests/profile/base/octavia/health_manager.pp | 3 + manifests/profile/base/octavia/housekeeping.pp | 4 + manifests/profile/base/octavia/worker.pp | 3 + manifests/profile/base/pacemaker.pp | 5 + manifests/profile/base/placement/authtoken.pp | 13 ++- manifests/profile/base/rabbitmq.pp | 33 +++--- manifests/profile/base/snmp.pp | 17 ++- manifests/profile/base/swift/proxy.pp | 2 +- manifests/profile/base/validations.pp | 29 ----- .../profile/pacemaker/database/mysql_bundle.pp | 2 + manifests/profile/pacemaker/manila.pp | 87 -------------- manifests/profile/pacemaker/ovn_dbs_bundle.pp | 3 +- manifests/profile/pacemaker/rabbitmq_bundle.pp | 3 +- manifests/redis_notification.pp | 38 ------ metadata.json | 6 +- .../cinder-rbd-extra-options-c13a1e84b6452fac.yaml | 6 + ...rage_update_cinder_params-94940d1d3ca46877.yaml | 6 + .../remove-stack-action-4f0eaef2405d39da.yaml | 4 + setup.py | 1 + spec/classes/tripleo_config_spec.rb | 2 +- spec/classes/tripleo_firewall_spec.rb | 2 +- spec/classes/tripleo_haproxy_spec.rb | 6 +- spec/classes/tripleo_haproxy_stats_spec.rb | 2 +- spec/classes/tripleo_masquerade_networks_spec.rb | 2 +- spec/classes/tripleo_packages_spec.rb | 2 +- spec/classes/tripleo_profile_base_aodh_api_spec.rb | 2 +- .../tripleo_profile_base_aodh_authtoken_spec.rb | 26 ++++- .../tripleo_profile_base_aodh_evaluator_spec.rb | 2 +- .../tripleo_profile_base_aodh_listener_spec.rb | 2 +- .../tripleo_profile_base_aodh_notifier_spec.rb | 2 +- spec/classes/tripleo_profile_base_aodh_spec.rb | 2 +- spec/classes/tripleo_profile_base_apache_spec.rb | 2 +- .../tripleo_profile_base_barbican_api_spec.rb | 2 +- ...tripleo_profile_base_barbican_authtoken_spec.rb | 26 ++++- spec/classes/tripleo_profile_base_barbican_spec.rb | 2 +- ...file_base_ceilometer_agent_notification_spec.rb | 2 +- ...o_profile_base_ceilometer_agent_polling_spec.rb | 2 +- .../tripleo_profile_base_ceilometer_spec.rb | 2 +- .../tripleo_profile_base_cinder_api_spec.rb | 2 +- .../tripleo_profile_base_cinder_authtoken_spec.rb | 26 ++++- ...tripleo_profile_base_cinder_backup_ceph_spec.rb | 2 +- .../tripleo_profile_base_cinder_backup_gcs_spec.rb | 2 +- .../tripleo_profile_base_cinder_backup_nfs_spec.rb | 2 +- .../tripleo_profile_base_cinder_backup_s3_spec.rb | 2 +- .../tripleo_profile_base_cinder_backup_spec.rb | 2 +- ...ripleo_profile_base_cinder_backup_swift_spec.rb | 2 +- .../tripleo_profile_base_cinder_powerflex_spec.rb | 2 +- .../tripleo_profile_base_cinder_powermax_spec.rb | 2 +- .../tripleo_profile_base_cinder_powerstore_spec.rb | 2 +- .../classes/tripleo_profile_base_cinder_sc_spec.rb | 2 +- .../tripleo_profile_base_cinder_scaleio_spec.rb | 58 --------- .../tripleo_profile_base_cinder_scheduler_spec.rb | 2 +- spec/classes/tripleo_profile_base_cinder_spec.rb | 8 +- .../tripleo_profile_base_cinder_unity_spec.rb | 2 +- .../tripleo_profile_base_cinder_vmax_spec.rb | 57 --------- .../tripleo_profile_base_cinder_vnx_spec.rb | 2 +- ...ipleo_profile_base_cinder_volume_dellsc_spec.rb | 2 +- ...ripleo_profile_base_cinder_volume_iscsi_spec.rb | 2 +- ...ipleo_profile_base_cinder_volume_netapp_spec.rb | 2 +- .../tripleo_profile_base_cinder_volume_nfs_spec.rb | 2 +- ...ipleo_profile_base_cinder_volume_nvmeof_spec.rb | 2 +- ...tripleo_profile_base_cinder_volume_pure_spec.rb | 2 +- .../tripleo_profile_base_cinder_volume_rbd_spec.rb | 13 ++- .../tripleo_profile_base_cinder_volume_spec.rb | 27 +---- .../tripleo_profile_base_cinder_vxflexos_spec.rb | 58 --------- .../tripleo_profile_base_cinder_xtremio_spec.rb | 2 +- ...pleo_profile_base_database_mysql_client_spec.rb | 2 +- .../tripleo_profile_base_database_mysql_spec.rb | 38 +----- .../tripleo_profile_base_database_redis_spec.rb | 2 +- .../tripleo_profile_base_designate_api_spec.rb | 11 +- ...ripleo_profile_base_designate_authtoken_spec.rb | 28 ++++- .../tripleo_profile_base_designate_backend_spec.rb | 2 +- .../tripleo_profile_base_designate_central_spec.rb | 12 +- .../tripleo_profile_base_designate_mdns_spec.rb | 2 +- ...tripleo_profile_base_designate_producer_spec.rb | 17 ++- .../tripleo_profile_base_designate_sink_spec.rb | 2 +- .../classes/tripleo_profile_base_designate_spec.rb | 2 +- .../tripleo_profile_base_designate_worker_spec.rb | 2 +- spec/classes/tripleo_profile_base_etcd_spec.rb | 2 +- .../tripleo_profile_base_glance_api_spec.rb | 2 +- .../tripleo_profile_base_glance_authtoken_spec.rb | 26 ++++- ...pleo_profile_base_glance_backend_cinder_spec.rb | 2 +- ...ripleo_profile_base_glance_backend_file_spec.rb | 2 +- ...tripleo_profile_base_glance_backend_rbd_spec.rb | 2 +- ...ipleo_profile_base_glance_backend_swift_spec.rb | 2 +- .../tripleo_profile_base_gnocchi_api_spec.rb | 2 +- .../tripleo_profile_base_gnocchi_authtoken_spec.rb | 26 ++++- .../tripleo_profile_base_gnocchi_metricd_spec.rb | 2 +- spec/classes/tripleo_profile_base_gnocchi_spec.rb | 2 +- .../tripleo_profile_base_gnocchi_statsd_spec.rb | 2 +- .../tripleo_profile_base_heat_api_cfn_spec.rb | 2 +- spec/classes/tripleo_profile_base_heat_api_spec.rb | 2 +- .../tripleo_profile_base_heat_authtoken_spec.rb | 26 ++++- .../tripleo_profile_base_heat_engine_spec.rb | 2 +- spec/classes/tripleo_profile_base_heat_spec.rb | 63 +++++++++- spec/classes/tripleo_profile_base_horizon_spec.rb | 17 +-- .../tripleo_profile_base_ironic_api_spec.rb | 2 +- .../tripleo_profile_base_ironic_authtoken_spec.rb | 26 ++++- ...profile_base_ironic_inspector_authtoken_spec.rb | 26 ++++- .../tripleo_profile_base_ironic_inspector_spec.rb | 18 ++- spec/classes/tripleo_profile_base_ironic_spec.rb | 2 +- spec/classes/tripleo_profile_base_iscsid_spec.rb | 2 +- spec/classes/tripleo_profile_base_keystone_spec.rb | 58 ++++++++- spec/classes/tripleo_profile_base_lvm_spec.rb | 2 +- .../tripleo_profile_base_manila_api_spec.rb | 2 +- .../tripleo_profile_base_manila_authtoken_spec.rb | 26 ++++- .../tripleo_profile_base_manila_scheduler_spec.rb | 2 +- .../tripleo_profile_base_manila_share_spec.rb | 10 +- spec/classes/tripleo_profile_base_manila_spec.rb | 2 +- .../classes/tripleo_profile_base_memcached_spec.rb | 2 +- .../tripleo_profile_base_metrics_qdr_spec.rb | 2 +- ...o_profile_base_neutron_agents_bigswitch_spec.rb | 48 -------- .../tripleo_profile_base_neutron_authtoken_spec.rb | 26 ++++- .../tripleo_profile_base_neutron_dhcp_spec.rb | 2 +- .../tripleo_profile_base_neutron_l3_spec.rb | 2 +- .../tripleo_profile_base_neutron_ml2_vts_spec.rb | 2 +- .../tripleo_profile_base_neutron_ovs_spec.rb | 2 +- .../tripleo_profile_base_neutron_server_spec.rb | 2 +- spec/classes/tripleo_profile_base_neutron_spec.rb | 2 +- spec/classes/tripleo_profile_base_nova_api_spec.rb | 6 +- .../tripleo_profile_base_nova_authtoken_spec.rb | 28 ++++- ...ripleo_profile_base_nova_compute_ironic_spec.rb | 2 +- ...ipleo_profile_base_nova_compute_libvirt_spec.rb | 2 +- .../tripleo_profile_base_nova_compute_spec.rb | 6 +- .../tripleo_profile_base_nova_conductor_spec.rb | 2 +- .../tripleo_profile_base_nova_libvirt_spec.rb | 2 +- .../tripleo_profile_base_nova_metadata_spec.rb | 2 +- ...pleo_profile_base_nova_migration_client_spec.rb | 2 +- ...ipleo_profile_base_nova_migration_proxy_spec.rb | 2 +- ...pleo_profile_base_nova_migration_target_spec.rb | 2 +- .../tripleo_profile_base_nova_scheduler_spec.rb | 2 +- spec/classes/tripleo_profile_base_nova_spec.rb | 57 ++++++++- .../tripleo_profile_base_nova_vncproxy_spec.rb | 2 +- ...tripleo_profile_base_novajoin_authtoken_spec.rb | 70 ----------- spec/classes/tripleo_profile_base_novajoin_spec.rb | 130 --------------------- .../tripleo_profile_base_octavia_api_spec.rb | 124 +++++++++++--------- .../tripleo_profile_base_octavia_authtoken_spec.rb | 28 ++++- ...leo_profile_base_octavia_health_manager_spec.rb | 83 +++++++++++++ ...ipleo_profile_base_octavia_housekeeping_spec.rb | 83 +++++++++++++ ...ipleo_profile_base_octavia_provider_ovn_spec.rb | 2 +- spec/classes/tripleo_profile_base_octavia_spec.rb | 2 +- .../tripleo_profile_base_octavia_worker_spec.rb | 83 +++++++++++++ .../classes/tripleo_profile_base_pacemaker_spec.rb | 2 +- .../tripleo_profile_base_placement_api_spec.rb | 2 +- ...ripleo_profile_base_placement_authtoken_spec.rb | 26 ++++- .../classes/tripleo_profile_base_placement_spec.rb | 2 +- spec/classes/tripleo_profile_base_qdr_spec.rb | 2 +- spec/classes/tripleo_profile_base_snmp_spec.rb | 36 +++++- .../tripleo_profile_base_swift_proxy_spec.rb | 53 ++++++++- .../tripleo_profile_base_swift_ringbuilder_spec.rb | 2 +- spec/classes/tripleo_profile_base_swift_spec.rb | 2 +- ..._profile_pacemaker_cinder_backup_bundle_spec.rb | 2 +- ..._profile_pacemaker_cinder_volume_bundle_spec.rb | 2 +- ...o_profile_pacemaker_manila_share_bundle_spec.rb | 2 +- .../defines/tripleo_firewall_service_rules_spec.rb | 2 +- spec/defines/tripleo_haproxy_endpoint_spec.rb | 2 +- .../tripleo_haproxy_service_endpoints_spec.rb | 2 +- spec/defines/tripleo_haproxy_userlist_spec.rb | 2 +- ...ripleo_profile_base_database_mysql_user_spec.rb | 2 +- ...profile_base_logging_rsyslog_file_input_spec.rb | 2 +- ...ase_metrics_collectd_sensubility_script_spec.rb | 2 +- ...le_base_neutron_wrappers_dibbler_client_spec.rb | 2 +- ...o_profile_base_neutron_wrappers_dnsmasq_spec.rb | 2 +- ...o_profile_base_neutron_wrappers_haproxy_spec.rb | 2 +- ...rofile_base_neutron_wrappers_keepalived_spec.rb | 2 +- ...eutron_wrappers_keepalived_state_change_spec.rb | 2 +- ...leo_profile_base_neutron_wrappers_radvd_spec.rb | 2 +- spec/fixtures/hieradata/default.yaml | 29 ++--- spec/fixtures/hieradata/step4.yaml | 3 - templates/logrotate/containers_logrotate.conf.erb | 28 ++--- templates/redis/redis-notifications.sh.erb | 30 ----- zuul.d/layout.yaml | 6 +- 216 files changed, 1542 insertions(+), 1707 deletions(-)

1 0

validations-common 1.7.0
by no-reply＠openstack.org 13 Apr '22

13 Apr '22

We contentedly announce the release of: validations-common 1.7.0: A common Ansible libraries and plugins for the validations framework The source is available from: https://opendev.org/openstack/validations-common Download the package from: https://tarballs.openstack.org/validations-common/ For more details, please see below. Changes in validations-common 1.6.0..1.7.0 ------------------------------------------ c6003f2 Removing coverchange job 200e821 Centos 9 jobs for validations common 602c7d9 removing callbacks from validations-common a4eeda4 Update master for stable/1.6 d7821d1 Modifying catalogue execution test to resolve component pipeline issue 9b2bddb New validation for checking presence of running rsyslog service. f819685 Migrate jobs from CentOS 8 to CentOS 8 Stream Diffstat (except docs and test files) ------------------------------------- .zuul.yaml | 33 +- playbooks/coverchange.yaml | 100 --- playbooks/reqcheck.yaml | 3 +- releasenotes/source/1.6.rst | 6 + releasenotes/source/index.rst | 1 + roles/validations/defaults/main.yaml | 1 + roles/validations/files/catalog_vars_override.yaml | 11 + .../validations/tasks/execute_full_catalogue.yaml | 1 + roles/validations/tasks/main.yaml | 9 + roles/validations/vars/main.yaml | 5 +- setup.cfg | 1 - tools/http_server.py | 54 -- validations_common/callback_plugins/__init__.py | 13 - .../callback_plugins/fail_if_no_hosts.py | 29 - validations_common/callback_plugins/http_json.py | 94 --- .../callback_plugins/validation_json.py | 238 ------- .../callback_plugins/validation_output.py | 203 ------ .../callback_plugins/validation_stdout.py | 99 --- validations_common/playbooks/check-rsyslog.yaml | 28 + .../roles/check_rsyslog/defaults/main.yaml | 1 + .../check_rsyslog/molecule/default/converge.yml | 54 ++ .../check_rsyslog/molecule/default/molecule.yml | 53 ++ .../roles/check_rsyslog/tasks/main.yaml | 11 + .../roles/check_rsyslog/tasks/systemctl.yaml | 13 + .../roles/check_rsyslog/tasks/yum.yaml | 11 + .../callback_plugins/test_fail_if_no_hosts.py | 93 --- .../callback_plugins/test_validation_output.py | 742 --------------------- .../callback_plugins/test_validation_stdout.py | 199 ------ 31 files changed, 221 insertions(+), 2523 deletions(-)

1 0

python-tripleoclient 18.0.0
by no-reply＠openstack.org 13 Apr '22

13 Apr '22

We exuberantly announce the release of: python-tripleoclient 18.0.0: TripleO client The source is available from: https://opendev.org/openstack/python-tripleoclient Download the package from: https://tarballs.openstack.org/python-tripleoclient/ For more details, please see below. 18.0.0 ^^^^^^ New Features ************ * Expose the existing --reproduce-command from *openstack tripleo deploy* CLI in the Undercloud CLI commnads. A new CLI option --reproduce-command is available for the *openstack undercloud install* and *openstack undercloud upgrade* commands, which creates an script, named ansible-playbook-command.sh, in the Undercloud's deployment artifacts directory. This script allows running the Ansible playbooks for deployment or upgrade in the same way the CLI command does. * The Admin Authorize command can now be targeted at specific nodes using '--limit'. It can also take a custom static-inventory using ' --static-inventory'. * A new option --daemons for the "openstack overcloud ceph deploy" command has been added. This option may be used to define additional Ceph daemons that should be deployed at this stage. For instance, a generic Ceph daemons definition can be something like the following: --- ceph_nfs: cephfs_data: 'manila_data' cephfs_metadata: 'manila_metadata' ceph_rgw: {} ceph_ingress: tripleo_cephadm_haproxy_container_image: undercloud.ctlplane.mydomain.tld:8787/ceph/haproxy:2.3 tripleo_cephadm_keepalived_container_image: undercloud.ctlplane.mydomain.tld:8787/ceph/keepalived:2.5.1 For each service added to the data structure above, additional options can be defined and passed as extra_vars to the tripleo- ansible flow. If no option is specified, the default values provided by the cephadm tripleo-ansible role will be used. * Two new commands, "openstack overcloud ceph user enable" and "openstack overcloud ceph user disable" are added. The "enable" option will create the cephadm SSH user and distribute their SSH keys to Ceph nodes in the overcloud. The "disable" option may be run after "openstack overcloud ceph deploy" has been run to disable cephadm so that it may not be used to administer the Ceph cluster and no "ceph orch ..." CLI commands will function. This will also prevent Ceph node overcloud scale operations though the Ceph cluster will still be able to read/write data. The "ceph user disable" option will also remove the public and private SSH keys of the cephadm SSH user on overclouds which host Ceph. The "ceph user enable" option may also be used to re-distribute the public and private SSH keys of the cephadm SSH user and re-enable the cephadm mgr module. * A new option --ceph-vip for the "openstack overcloud ceph deploy" command has been added. This option may be used to reserve VIP(s) for each Ceph service specified by the 'service/network' mapping defined as input. For instance, a generic ceph service mapping can be something like the following: --- ceph_services: - service: ceph_nfs network: storage_cloud_0 - service: ceph_rgw network: storage_cloud_0 For each service added to the list above, a virtual IP on the specified network is created to be used as frontend_vip of the ingress daemon. When no subnet is specified, a default *<network>_subnet* pattern is used. If the subnet does not follow the *<network>_subnet* pattern, a subnet for the VIP may be specified per service: --- ceph_services: - service: ceph_nfs network: storage_cloud_0 - service: ceph_rgw network: storage_cloud_0 subnet: storage_leafX When the *subnet* parameter is provided, it will be used by the ansible module, otherwise the default pattern is followed. This feature also supports the fixed_ips mode. When fixed_ip(s) are defined, the module is able to use that input to reserve the VIP on that network. A valid input can be something like the following: --- fixed: true ceph_services: - service: ceph_nfs network: storage_cloud_0 ip_address: 172.16.11.159 - service: ceph_rgw network: storage_cloud_0 ip_address: 172.16.11.160 When the boolean fixed is set to True, the subnet pattern is ignored, and a sanity check on the user input is performed, looking for the ip_address keys associated to the specified services. If the *fixed* keyword is missing, the subnet pattern is followed. * New command "openstack overcloud ceph spec" has been added. This command may be used to create a cephadm spec file as a function of the output of metalsmith and a TripleO roles file. For example, if metalsmith output a file with multiple hosts of differing roles and each role contained various Ceph services, then a cephadm spec file could parse these files and return input compatible with cephadm. The ceph spec file may be then be passed to "openstack overcloud ceph deploy" so that cephadm deploys only those Ceph services on those hosts. This feature should save users from the need to create two different files containing much of the same data and make it easier and less error prone to include Ceph in a deployment without the need to manually create the Ceph spec file. * The cli arguments that control what parts of the deployment to execute have been refactored to better align with the user expected intention, --stack-only: create the stack, download the config. no overcloud node changes --setup-only: ssh admin authorization setup. --config-download-only: run config-download playbook(s) to configure the overcloud. Upgrade Notes ************* * Removed *overcloud container image upload*, *overcloud container image build*, *overcloud container image prepare* and *overcloud container image tag* commands as the *tripleo container* command replaced those in Train and they no longer work. Deprecation Notes ***************** * Ephemeral heat is now used as default for overcloud deployment and assumes the nodes are pre-provisioned using metalsmith. Deprecates existing "--deployed-server" option and adds an additional option " --provision-nodes" for using installed heat and provisioning nodes with heat. * The commands "openstack overcloud profiles list" and "openstack overcloud profiles match" has been deprecated for removal. Since the Compute service is no longer used on the undercloud, the flavors based scheduling is not used. Bug Fixes ********* * Fixes Admin Authorize to work with Ephemeral Heat. * Fixes incorrect handling of root device hints when Software RAID is in use with Ironic. Users may re-introspect and an automatic root device hint would be added, which is incorrect and can lead to a failed deployment due to Software RAID (MD) device names being inconsistent across reboot from being configured to utilized. Ironic ultimately understands these devices and should choose the correct device by default if present. We now log an Warning and do not insert a potentially incorrect root device hint. Operators using a complex set of disks may still need to explicitly set a root device hint should their operational state require it. Other Notes *********** * Stack outputs that are needed by other functionality of the overcloud deployment are now saved in the stack working directory in an outputs subdirectory (default ~/overcloud- deploy/<stack>/outputs). Changes in python-tripleoclient 17.1.0..18.0.0 ---------------------------------------------- 6bdf6f3f Stop configuring install_command in tox. c42ee300 Setting default inventory path for VF interface with ooo client. 299a40da Support passing arbitrary cephadm arguments at bootstrap 80c43280 Overcloud export with ephemeral Heat 719a26aa bnr - Set properly the default inventory file 4458dc93 Add missing hostname package to bindep 88864174 Make --osd-spec and --crush-hierarchy not mutually exclusive 66718d3a Fix positional timeout arg ec411b93 Build standalone ceph_spec with Ansible b682efb9 Move _configure_logging to base Command class 0c488165 Improve tripleo-validations hook in undercloud preflight 34b4d6bf Add --yes to overcloud node provision for output file overwrite 2bfb6f2b Add AuthCloudName to export data 0f787980 Add --daemons option to deployed ceph 5a3b62ce Handle port unprovision for pre-provisioned nodes 6698a170 Mark Python 3.9 as supported runtime 8b70b793 Replace reproducer argument for consistency. 53c47168 Add option to bootstrap cephadm without --image 7ede6055 Fix UX UserWarning notification 348437df Add --reproduce-command option into Undercloud commands. 28b4248d Add Python 3.8 to supported runtime 3aae1ea8 Support Deployed Ceph container push_destination d48cb255 Move zuul jobs layout to centos9 only for master branch 74b15f79 Undercloud: Remove redundant environment file 196cba03 Add --single-host-defaults to 'openstack overcloud ceph deploy' 88ec87ca Add --standalone to overcloud ceph user and deploy f911410b Introduce tripleo --ceph-vip to deployed Ceph a3c8ecf3 Deprecate and unwire enable_nova UC option 1c3d2903 Log deprecation of enable_heat option. 482b0acd Deprecate 'overcloud profiles' commands 134270f2 Move baremetal configure commands from Ansible 4a6df279 Adding --repo-dir argument 295cffef Allow package install to be skipped for image build 1437fd07 Move baremetal clean commands from Ansible 3701f2ac Introduce "openstack overcloud ceph spec" 4ce46dca Exposes the community validation init command 51695e28 Guard against NoneType bd9bf85c Fix ironic command references f7888d00 Abort root device detection if an MD device is found 3ac32b59 Move baremetal provide commands from Ansible 79fa6fbe Handle missing ipv6 boolean in network_data.yaml for Ceph 84055814 Make deployed ceph baremetal file optional 6e0f514c Fix deploy templates arg validation 2ac39534 Add --mon-ip option to deployed ceph b9b9dbd7 Don't run playbooks if role count == 0 f8ee2464 Don't assume json network config in validations 8ab4cc19 Add the ability to enable/disable cephadm SSH user f41c3dbe Remove additional patching to use gitpython with eventlet 3e7f4845 Check old passwords file path during uc validation 59eae4b3 overcloud node extract provisioned - fixed_ips c32a24db Use Python3 yoga unit tests ddfd6d99 Don't set 'subnet' for ctlplane in node extract 02b67f8e Use netaddr when comparing local_ip for changes 538261ee Fix ports cleanup on node unprovision 723bf34c Write clouds.yaml/heatrc for tripleo launch heat f1fd9d09 Use 127.0.0.1 for ephemeral Heat server instead of ctlplane ip 0b90f0dc Skip Heat pod container image pull for default ephemeral heat images f4964907 Pass crush hierarchy data as extra_var 7d3c412e Set Ceph ms_bind options for IPv6 8552b8eb Test coverage for the overcloud_cell submodule 9ad9323b node extract provisioned - use network_config_update 149099c1 Support custom network names with deployed ceph f321bb46 Removed overcloud container commands 6b289250 Make inventory file writable fa0b7546 Replace deprecated assertEquals 43af68d4 bnr - overcloud restore - Handle correctly the ~ on the path 5e7ac07e Replace deprecated assertRaisesRegexp 9fd913f5 Ensure we're using the stackname for the inventory f797e15d Make --deployed-server the default 61744a6c Replace deprecated params in prepare b670a784 Integrating restoration process to client 8ff88f4d Add additional saved stack outputs 1cd6f282 Refactor --stack-only, --setup-only, --config-download-only 276a6def Save needed stack outputs in working_dir cc10ee4d Inspection - console to tty0 and ttyS0 a2b6a9ad Fix overcloud admin authorize 437c064e Remove cyclic import e05b6083 UC/Standalone - Set ip_version in DeployedServerPortMap 35e3278f Drop validate_playbook method from ProvisionNode 881321dd Fix usage of collections.abc dc26adb0 bnr CLI enable the conf. of ReaR with ironic on nodes 7b290d41 Fix the validations_log_basedir overriding 62a0553e Remove no longer used scale lib 19672ed3 Remove update converge 5084da81 Use unittest.mock instead of third party mock c3062ebe Remove --skip-nodes-and-networks 8c457093 Add swap files to .gitignore 87dbe9f6 Fix node scaling for Ephemeral Heat Diffstat (except docs and test files) ------------------------------------- .gitignore | 5 + bindep.txt | 1 + .../add-uc-reproduce-command-65daa4386142fcd1.yaml | 10 + ..._args_for_admin_authorize-2fe6945515dd34a7.yaml | 9 + .../notes/ceph_daemon_option-47a75a2c8b5ce5bb.yaml | 22 + ...ser_disable_and_re_enable-18f3102031a802d0.yaml | 17 + .../ceph_vip_provisioning-dcac72d62c70c57c.yaml | 50 ++ .../deployed_server_default-0c2267c7588056fc.yaml | 7 + ...recate-overcloud-profiles-0bc0a368775844ad.yaml | 8 + .../overcloud_ceph_spec-e1cfd358c4db2b22.yaml | 14 + .../refactor-only-cli-args-cb70ed8ba8b166a9.yaml | 10 + ...md-device-for-root-device-8ad0c1e85292ca0a.yaml | 13 + ...rcloud-container-commands-fe7185ee87aeda3a.yaml | 7 + .../notes/save-stack-outputs-61c2ad9528ae2529.yaml | 5 + requirements.txt | 4 +- setup.cfg | 12 +- test-requirements.txt | 3 +- tox.ini | 1 - tripleoclient/command.py | 11 + tripleoclient/config/standalone.py | 7 + tripleoclient/constants.py | 14 +- tripleoclient/exceptions.py | 11 +- tripleoclient/export.py | 10 + tripleoclient/heat_launcher.py | 17 +- .../v1/overcloud_config/test_overcloud_config.py | 2 +- .../v1/overcloud_deploy/test_overcloud_deploy.py | 51 +- .../test_overcloud_external_update.py | 2 +- .../test_overcloud_external_upgrade.py | 2 +- .../v1/overcloud_image/test_overcloud_image.py | 2 +- .../test_overcloud_netenv_validate.py | 2 +- .../v1/overcloud_roles/test_overcloud_roles.py | 2 +- .../v1/overcloud_update/test_overcloud_update.py | 59 +- .../v1/overcloud_upgrade/test_overcloud_upgrade.py | 4 +- .../test_tripleo_container_image.py | 32 +- .../v2/overcloud_delete/test_overcloud_delete.py | 9 +- .../v2/overcloud_network/test_overcloud_network.py | 2 +- .../v2/overcloud_support/test_overcloud_support.py | 2 +- tripleoclient/utils.py | 339 ++++++++- tripleoclient/v1/container_image.py | 501 ------------- tripleoclient/v1/overcloud_admin.py | 67 +- tripleoclient/v1/overcloud_backup.py | 32 +- tripleoclient/v1/overcloud_deploy.py | 356 ++++----- tripleoclient/v1/overcloud_export.py | 30 +- tripleoclient/v1/overcloud_external_update.py | 5 +- tripleoclient/v1/overcloud_external_upgrade.py | 5 +- tripleoclient/v1/overcloud_image.py | 10 +- tripleoclient/v1/overcloud_node.py | 143 ++-- tripleoclient/v1/overcloud_profiles.py | 10 + tripleoclient/v1/overcloud_restore.py | 159 ++++ tripleoclient/v1/overcloud_update.py | 54 +- tripleoclient/v1/overcloud_upgrade.py | 9 +- tripleoclient/v1/tripleo_deploy.py | 9 +- tripleoclient/v1/tripleo_launch_heat.py | 16 +- tripleoclient/v1/tripleo_validator.py | 30 +- tripleoclient/v1/undercloud.py | 9 + tripleoclient/v1/undercloud_backup.py | 6 +- tripleoclient/v1/undercloud_config.py | 25 +- tripleoclient/v1/undercloud_preflight.py | 44 +- tripleoclient/v2/overcloud_ceph.py | 800 ++++++++++++++++++++- tripleoclient/v2/overcloud_delete.py | 2 +- tripleoclient/v2/overcloud_node.py | 81 ++- tripleoclient/v2/tripleo_container_image.py | 17 +- tripleoclient/workflows/baremetal.py | 216 +----- tripleoclient/workflows/deployment.py | 77 +- tripleoclient/workflows/roles.py | 12 +- tripleoclient/workflows/scale.py | 231 ------ tripleoclient/workflows/tripleo_baremetal.py | 526 ++++++++++++++ zuul.d/layout.yaml | 8 +- 105 files changed, 4615 insertions(+), 2662 deletions(-) Requirements updates -------------------- diff --git a/requirements.txt b/requirements.txt index 7299c5bd..8befe347 100644 --- a/requirements.txt +++ b/requirements.txt @@ -14 +14 @@ osc-lib>=2.3.0 # Apache-2.0 -tripleo-common>=16.0.0 # Apache-2.0 +tripleo-common>=16.3.0 # Apache-2.0 @@ -17 +17 @@ ansible-runner>=1.4.5 # Apache 2.0 -validations-libs>=1.2.0 # Apache-2.0 +validations-libs>=1.5.0 # Apache-2.0 diff --git a/test-requirements.txt b/test-requirements.txt index ecce57ad..f33be701 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -7 +6,0 @@ fixtures>=3.0.0 # Apache-2.0/BSD -mock>=3.0.0 # BSD @@ -12 +11 @@ testscenarios>=0.4 # Apache-2.0/BSD -validations-libs>=1.0.4 # Apache-2.0 \ No newline at end of file +validations-libs>=1.5.0 # Apache-2.0

1 0

tripleo-image-elements 14.2.0
by no-reply＠openstack.org 13 Apr '22

13 Apr '22

We are delighted to announce the release of: tripleo-image-elements 14.2.0: Disk image builder elements for deploying OpenStack. The source is available from: https://opendev.org/openstack/tripleo-image-elements Download the package from: https://tarballs.openstack.org/tripleo-image-elements/ For more details, please see below. Changes in tripleo-image-elements 14.1.0..14.2.0 ------------------------------------------------ cf9dd68e delorean-repo remove yum_plugin_priorities_package a2d68fae Use Python3 yoga unit tests 2ca8bd13 Add Python3 xena unit tests d1e9b054 Update master for stable/wallaby 14c47f49 Double the size of /boot/efi partition Diffstat (except docs and test files) ------------------------------------- elements/delorean-repo/pkg-map | 12 ------------ .../delorean-repo/pre-install.d/03-install-yum-priorities | 5 ----- elements/overcloud-partition-uefi/block-device-default.yaml | 2 +- releasenotes/source/index.rst | 1 + releasenotes/source/wallaby.rst | 6 ++++++ zuul.d/layout.yaml | 2 +- 6 files changed, 9 insertions(+), 19 deletions(-)

1 0

tripleo-validations 15.2.0
by no-reply＠openstack.org 13 Apr '22

13 Apr '22

We are happy to announce the release of: tripleo-validations 15.2.0: A collection of Ansible playbooks to detect and report potential issues during TripleO deployments The source is available from: https://opendev.org/openstack/tripleo-validations Download the package from: https://tarballs.openstack.org/tripleo-validations/ For more details, please see below. Changes in tripleo-validations 15.1.0..15.2.0 --------------------------------------------- ff4cbe6 Validating that RetryFilter is not in nova 8692b4b Removing leftover README docs from roles fe0ca27 Redefining the irrelevant files list to ensure execution graph stability 30b234a Validate libvirtd is not running on the undercloud 2493726 Getting instance shutdown xml issue b0d4d49 Move zuul jobs layout to centos9 only for master branch 16dfbae Substituting 'localhost' for wildcard '*' in image-serve validation 6de2be5 oslo_config_validator: Adding possibility to override namespaces config ebcab3d oslo_config_validator: Defaulting config_invalidations to empty list 9068ede oslo_config_validator: Nova port data changes settings have wrong values 7441ea3 Add FIPS validation 01ae2b4 feat(removal): tox-ansible support 8989c8c Instruct container-status validation to accept 137, 142 and 143 exit code status 3043ad8 oslo-config-validator: container run task should never fail 12bc0d0 Remove content of TLS-Everywhere molecule.conf 7c591cb Migrate jobs from CentOS 8 to CentOS 8 Stream 23890fc Remove pre-deployment validation 32e9e9e Bumping the ansible-lint version to 5.3.2 in order to resolve CI failure 973d188 Simplify and consolidate files 3717245 Remove domain equivalence check 52f3fbd Remove references to novajoin-server and novajoin-notifier 388f7e3 Remove check for certmonger user service 995bf8c Make sure fact is available to find hostname 7c9ae48 Interface xpath attribute read issue bc1d40a fix(molecule): Add ability to run molecule on Fedora 9cbe84f Fixing formatting of the nfv_ovsdpdk_zero_packet_loss role docs 6cbeeb4 undercloud-debug validation documentation improvement 772d98c fix(ci): Install python3 package first dd088d7 Use centos-8 stream for molecule jobs abe513c Optimize linters executions from tox and pre-commit 5278602 Removing validations.yml playbook from job definition 33e57db Adding ironic's json_rpc to known namespaces a6a8c70 Multinode and provider jobs fd80bfa Remove run-validations.sh script 4512793 Change ansible_hostname to use ansible_facts Diffstat (except docs and test files) ------------------------------------- .config/molecule/Dockerfile | 12 +- .config/molecule/config.yml | 16 +- .coveragerc | 2 +- .dockerignore | 2 +- .pre-commit-config.yaml | 3 +- LICENSE | 1 - README.rst | 1 - ansible-collections-requirements.yml | 1 + babel.cfg | 1 - bindep.txt | 27 ++- ci/playbooks/pre.yml | 7 + .../modules/modules-ceph_pools_pg_protection.rst | 1 - .../modules-check_cpus_aligned_with_dpdk_nics.rst | 1 - .../modules/modules-check_ironic_boot_config.rst | 1 - .../modules-check_other_processes_pmd_usage.rst | 1 - .../modules-convert_range_to_numbers_list.rst | 1 - .../modules/modules-get_dpdk_nics_numa_info.rst | 1 - .../modules/modules-ovs_dpdk_pmd_cpus_check.rst | 1 - .../modules/modules-pmd_threads_siblings_check.rst | 1 - .../role-check_nfv_ovsdpdk_zero_packet_loss.rst | 13 +- .../role-collect_flavors_and_verify_profiles.rst | 1 - .../roles/role-ironic_boot_configuration.rst | 1 - .../roles/role-undercloud_disabled_services.rst | 6 + .../roles/role-undercloud_heat_purge_deleted.rst | 42 ++++- .../roles/role-undercloud_service_status.rst | 42 ++++- playbooks/collect-flavors-and-verify-profiles.yaml | 1 - playbooks/fips-enabled.yaml | 19 ++ playbooks/oslo-config-validator.yaml | 16 ++ playbooks/undercloud-debug.yaml | 3 + playbooks/undercloud-disabled-services.yaml | 22 +++ .../add-ceph-health-check-000bab9581c759d3.yaml | 2 +- .../molecule/default/molecule.yml | 8 +- .../tasks/check_nfv_instances.yml | 17 +- .../tasks/main.yml | 6 +- .../tasks/validate_instance.yml | 12 +- .../molecule/default/converge.yml | 12 +- .../molecule/default/molecule.yml | 2 +- .../vars/main.yml | 1 - roles/container_status/tasks/main.yaml | 2 +- roles/fips_enabled/molecule/default/converge.yml | 60 ++++++ roles/fips_enabled/molecule/default/molecule.yml | 3 + roles/fips_enabled/molecule/default/prepare.yml | 19 ++ roles/fips_enabled/tasks/main.yml | 29 +++ roles/fips_enabled/vars/main.yml | 29 +++ roles/image_serve/molecule/default/molecule.yml | 8 +- roles/image_serve/tasks/main.yaml | 4 +- roles/oslo_config_validator/defaults/main.yml | 4 + .../molecule/default/molecule.yml | 2 +- .../molecule/mocked_failure/molecule.yml | 2 +- .../tasks/build_validation_config.yml | 20 +- .../oslo_config_validator/tasks/container_run.yml | 3 +- .../tasks/invalidate_config.yml | 2 +- .../tasks/validate_config.yml | 2 +- .../molecule/default/molecule.yml | 2 +- .../molecule/deprecated_services/molecule.yml | 2 +- .../molecule/down_services/molecule.yml | 2 +- roles/overcloud_service_status/resources/README.md | 1 - roles/repos/README.md | 41 ----- roles/tls_everywhere/molecule/default/molecule.yml | 17 -- roles/tls_everywhere/tasks/common.yaml | 16 +- .../tasks/overcloud-post-deployment.yaml | 28 --- .../tasks/pre-deployment-containerized.yaml | 203 --------------------- .../tasks/pre-deployment-non-containerized.yaml | 193 -------------------- roles/tls_everywhere/tasks/pre-deployment.yaml | 104 +++++------ roles/tls_everywhere/tasks/prep.yaml | 79 -------- roles/undercloud_debug/README.md | 38 ---- roles/undercloud_debug/defaults/main.yml | 4 +- roles/undercloud_debug/tasks/main.yml | 2 +- roles/undercloud_debug/vars/main.yaml | 3 + .../undercloud_disabled_services/defaults/main.yml | 3 + roles/undercloud_disabled_services/tasks/main.yml | 18 ++ roles/undercloud_disabled_services/vars/main.yaml | 8 + roles/undercloud_disk_space/README.md | 36 ---- roles/undercloud_heat_purge_deleted/README.md | 38 ---- roles/undercloud_process_count/README.md | 37 ---- roles/undercloud_service_status/README.md | 38 ---- roles/undercloud_tokenflush/README.md | 37 ---- .../validation_init/molecule/default/molecule.yml | 2 +- .../molecule/no_molecule_test/molecule.yml | 2 +- scripts/run-local-test | 7 +- scripts/run-validations.sh | 106 ----------- setup.cfg | 1 - test-requirements.txt | 2 +- tox.ini | 59 +----- zuul.d/base.yaml | 8 +- zuul.d/layout.yaml | 65 +++++-- zuul.d/molecule.yaml | 13 ++ 132 files changed, 917 insertions(+), 1287 deletions(-) Requirements updates -------------------- diff --git a/test-requirements.txt b/test-requirements.txt index 77fda49..a4cccb8 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -5 +5 @@ -ansible>=2.8,!=2.8.9,!=2.9.12,<2.10.0 # GPLv3+ +ansible-core<2.12.0 # GPLv3+

1 0

tripleo-heat-templates 16.0.0
by no-reply＠openstack.org 13 Apr '22

13 Apr '22

We are excited to announce the release of: tripleo-heat-templates 16.0.0: Heat templates for deploying OpenStack with OpenStack. The source is available from: https://opendev.org/openstack/tripleo-heat-templates Download the package from: https://tarballs.openstack.org/tripleo-heat-templates/ For more details, please see below. 16.0.0 ^^^^^^ New Features ************ * Add parameter to set the auth type for the snmpd_user. Possible options are MD5 (which is what was hardcoded before and is the default now) and SHA. This should be set to SHA on FIPS environments. * Add IronicDefaultBootInterface parameter to allow users to set / override the default boot interface used by ironic. This may not work if a hardware type does not support the set boot interface. This overrides create-time defaults. The ordered union of the enabled boot interfaces and hardware type determines, under normal circumstances, what the default will be. * Since genisoimage was removed from CentOS9 / RHEL9, the nova's default "mkisofs_cmd" option will not work anymore. In RHEL/CentOS realm, "mkisofs" is an alias to alternatives that either map to "xorriso" (9) or "genisoimage" (8). * * Added the Octavia TLS parameters. * RabbitMQ can be configured to run in FIPS mode via the new configuration option RabbitFIPS. The default value is false. * Admin endpoint of Keystone listens on Internal API network by default. * Logging for the designate bind backend is now more fully configured. DNS query logging can be enabled by setting *DesignateBindQueryLogging* to *true*. * Neutron can now be configured to support secure RBAC using *EnforceSecureRbac*. Note, you may not be able to use this until Neutron upstream has support for common RBAC personas (https://docs.openstack.org/keystone/latest/admin/service-api- protection.html#roles-definitions). * Keystone can now be configured to support secure RBAC personas (https://docs.openstack.org/keystone/latest/admin/service-api- protection.html#roles-definitions) with the *EnforceSecureRbac* setting. Note that deployments with mixed permission models will have unexpected side-effects. Setting this option won't have meaningful effect until all services in your deployment support secure RBAC personas. * The new parameter "EnforceSecureRbac" has been added to enforce authorization based on common RBAC personas. Currently in glance the support is only available for project-admin, project-member and project-reader personas and system personas will come in a later release. * The new "KeystoneNotificationDriver" parameter has been added. This parameter overrides the global "NotificationDriver" parameter and allows customizing notification driver only in Keystone, which is required to use notification listner function in Barbican. * Add *NovaShowHostStatus* to allow overriding API policies to access the compute host status in the requested Nova server details. The default value 'hidden' allows only admins to access it. Setting it to 'all' ('unknown-only') without additional fine-grained tuning of *NovaApiHostStatusPolicy* shows the full (limited) *host_status* to the system/project readers. Add *NovaApiHostStatusPolicy* that defines a custom API policy for *os_compute_api:servers:show:host_status and `os_compute_api:servers:show:host_status:unknown-only*. These rules, or roles, replace the admins-only policies based on the given *NovaShowHostStatus*: 'unknown-only' shows the limited host status UNKNOWN whenever a heartbeat was not received within the configured threshold, and 'all' also reveals UP, DOWN, or MAINTENANCE statuses in the Nova server details. Finally, *NovaShowHostStatus*: 'hidden' puts it back being visible only for admins. Additional policies specified using *NovaApiPolicies* get merged with this policy. * A heat parameter "IronicPowerStateChangeTimeout" has been added which sets the number of seconds to wait for power operations to complete, i.e., so that a baremetal node is in the desired power state. If timed out, the power operation is considered a failure. The default is 60 seconds, which is the same as the current Ironic default. * Added "pure_iscsi_cidr" and "pure_host_personality" and "eradicate_on_delete" support for the Pure Storage FlashArray Cinder driver. * Added "NovaDisableComputeServiceCheckForFfu" parameter to configure "nova::workarounds::disable_compute_service_check_for_ffu" to disable the service version check workaround for FFU. * Adding Hugepages role parameter Hugepages management was always a manual step done by operators via the TripleO parameter "KernelArgs". This is error prone and causing confusion. The new "Hugepages" parameter allow operators to define hugepages as dictionnary, making it easier to read and follow. To prevent unvolontary changes, there's multiple validations before applying a change: * We convert the current running configurations to an actual dictionnary that we validate the new format against * If no change is necessary, even though the format might not be the same, there's no kernel_args update. * By default, we don't remove hugepages in places except when operators specifically set the "ReconfigureHugepages" to true. This change is also opening the door to more automations and automatic tuning. Upgrade Notes ************* * Support for the following three volume drivers have been removed. * Dell EMC ScaleIO * Dell EMC VxFlexOS * Dell EMC VMAX * The following services should be removed from roles data during upgrade. * "OS::TripleO::Services::CinderBackendScaleIO" * "OS::TripleO::Services::CinderBackendDellEMCVxFlexOS" * "OS::Tripleo::Services::CinderBackendDellEMCVMAXISCSI" * Redis is now disabled by default in new deployments, so existing deployments have to delete the redis resource in pacemaker prior to upgrade, or include the new environment file ha-redis.yaml if they still implicitely depend on redis. * Support for networking-bigswitch has been removed, because the plugin is no longer maineined. * Support for the novajoin service has been removed. * The "OS::TripleO::Service::Novajoin" resource has been removed. It should be removed from roles data before upgrade. * The default boot mode for ironic deployed nodes is now "uefi" when no boot mode is explicitly set in the node's driver_info, capabilities, or instance_info configuration. To restore the previous default, set the heat parameter "IronicDefaultBootMode" to "bios". * The default UEFI iPXE bootfile is now *snponly.efi*. The boolean parameter *IronicIPXEUefiSnpOnly* was added to allow custom configuration. When set to *true* snponly is used, when *false* the previous default ipxe.efi is used. See bug: 1959726 (https://bugs.launchpad.net/tripleo/+bug/1959726) Deprecation Notes ***************** * The MlnxSDNUsername and MlnxSDNPassword have been deprecated and have no effect * The "MysqlIncreaseFileLimit" parameter has been deprecated and has no effect now. * The "IronicIpVersion" parameter has been deprecated and has no effect. * Using environments/enable-designate.yaml has been deprecated in favor of environments/services/designate.yaml, the current location for environment files that enable TripleO components. * With the switch to ephemeral heat for the overcloud, the UndercloudMinion is no longer viable. Deploying UndercloudMinion is not supported anymore and environments files to enable its deployment are dropped. Bug Fixes ********* * Adds the port used for directly accessing Ironic-Inspector using TLS, 13050, to the list of ports to permit inbound connections on. * Rsyslog config for haproxy (https://bugs.launchpad.net/tripleo/+bug/1953672) * Before this patch, invalid certificates would be detected close to the end of the deployment. In small environments, this comes fast but in an environment with a large number of nodes, failures would come really late after a few hours of deployment. With this validation, it now fails before step1 at host_prep_steps if the certificate is smaller than 512 bytes if UsePublicTLS is set to true and PublicSSLCertificateAutogenerated is set to false. It will also use openssl to verify the state of the certificate and fail if the certificate is invalid or expired. * When we install libvirt on a host, the system parameter "fs.aio- max- nr" is to 1048576. Since we containerized libvirtd, we lost this system parameter. We now make sure it's defined by adding it from the nova-libvirt-common template. * Enable Swift replicators in single replica mode to ensure cleanup of old tombstone (.ts) files. Sleep interval between replication runs is set to 24 hours to prevent unneeded load on the systems if no replication is needed. Other Notes *********** * A new param MlnxSDNToken has been added to authenticate sdn controller * Steps are taken to minimize chances of confusion between the default block storage volume type established by the CinderDefaultVolumeType parameter, and cinder's own __DEFAULT__ volume type. In a new deployment where no volumes exist, cinder's __DEFAULT__ type is deleted because it is redundant. In an upgrade scenerio, if volumes exist then the __DEFAULT__ type's description is updated to indicate the actual default volume type is the one established by the CinderDefaultVolumeType parameter. * "OvsDpdkDriverType" is now deprecated. Note that is had no effect since we upgraded to OVS 2.6, where we stopped supporting the configuration of DPDK driver in puppet-vswitch. Since then, we couldn't change the driver; so we can safely deprecate this parameter and remove it in a future release. * "podman image prune" is no longer used on the undercloud to remove unused images during the undercloud update/upgrade. With the usage of ephemeral Heat, not all images will always be used by running or stopped containers, so "podman image prune" should not be used to clean up the local container image storage. Images that are no longer being used can still be removed individually with "podman rmi". Changes in tripleo-heat-templates 15.1.0..16.0.0 ------------------------------------------------ 5136dd9d8 Have Ceph log to a file for scenario 001/004 720dd1482 Add HostnameFormatDefault for Ceph related roles 07adbb7b7 Update .gitignore de668b4ec Use FQCN for ansible builtin tasks 4d23590ca Ceilometer: Remove incomplete cache parameters 6f8a5bc1e Memcached: Allow puppet to be aware IPv6 is used e66f495b1 Include redis templates in Octavia configuration 15744039d Increase stop_grace_period for Octavia controller services 0fa959acb Add support for ovn bgp agent 20230cd59 Remove support for the novajoin service df569e638 Fix typo in HciCephObject role tag 115439e6b Add missing option for rgw/swift compatibility 5d1e6f8c0 Added log volumes for ceilometer-agent-ipmi d3d20bb44 Etcd: Update cluster membership when replacing a node 881334004 Ironic: Use generated dnsmasq conf file 875155550 Add Octavia TLS parameters 0d4fbc86a Remove support for Nuage core plugin e99a251ad Use consistent indent in .sh files 5249a06d4 Nova: Fix missing cache backend d0ca9fe63 Fix trailing slashes in bind-mounts and linting 35eb903a8 Fix network-environment.yaml ipv6 {{network.name}}Routes 5bf166be6 Drop services not used for undercloud role 243f80b8b Octavia: Add missing region_name parameters f59346887 Cinder: Remove leftover of Dell EMC VMAX driver support a2674a176 Update Ceph client service to handle external Ceph 4dc74ac16 Add CephIngress resource fa69bfc1e Disable GSSAPIAuthentication by default f97c99bc2 Use puppet parameters instead of hieradata key b35015b30 Fix sshd host_prep_tasks 309c89e90 Only run mysql upgrade commands when needed 263fee246 Ensure db initialization is not executed by puppet 087d67733 Designate: Ensure pool management by puppet is disabled 1d77d9af2 Don't add conntrack entries for vxlan 67969af3d Remove support for networking-bigswitch 7ec40a3c5 Added NovaDisableComputeServiceCheckForFfu var a8b849f03 Remove unused deployed_server_port_map output 219817528 Remove Nova from undercloud during upgrades 1395d1c49 Update Barbican Orders policy for secure-rbac 7ca6a836f rsyslog: Add missing logging sources for gnocchi services e07098b53 rsyslog: Add missing logging sources for aodh services a1b967faf Add support for additional log sources for rsyslog 7f8876ce7 Sync updated DB root password in running container 2329e416e Required DDP package is not loaded issue 88f2dfbba Update of OVN controllers as an external task. e1de2bcb7 Add CephNfs service on roles providing "external" network connectivity 9ed9c8da5 Horizon: Fix the wrong policy parameters b1e1df2b7 Enable designate-dashboard ae866ab47 Adding Hugepages role parameter c275d7870 Do not run puppet in docker_config 0c3ea4c28 Allow nic-config conversion without Heat 27b8210fd Align defaults for SoftwareConfigTransport 64a19091a Run the SSL verification at step2 18e7522d6 Fix ca-certs-baremetal-puppet.yaml description in header 71ed74176 Update Barbican Secure-RBAC policy 9cb551201 Cleanup openldap certs database 19b0b7429 Remove "ceph" tags for the TripleO cephadm branch d72a23759 Expose tripleo_cephadm_default_container boolean e93b454d6 Redis: Hard-code paths of configuration files 5746310b6 Replace dnf by tripleo_dnf_stream for updates. cd7d10133 Move zuul jobs layout to centos9 only for master branch daa48254e Exclude /etc/openldap to avoid overriding ro file 7e8d88afa Allow deployments to run when selinux is disabled fceeb2fbd Fix AnyErrorsFatal type 85ccef292 Fix Redis config generation when fd limit changes 3ae6ce355 Don't bind host's /run in multipathd container d5701e6ce Validate SSLCertificate is defined a3fa2a052 Nova: Use cross_az_attach from nova::cinder 19c11813d Fix ironic boot interface for undercloud ceed5ac9e Fix OS_CLOUD for multistack and nova az tasks acf032a09 Designate: miniDNS and bind9 instances on the proper networks d3a6e7a99 Start the neutron metadata agent with cgroupns host bd13adefd Add parameter IronicIPXEUefiSnpOnly 7eb280ace Skip podman purge on Undercloud 33d4b44ae Remove unused environment file 7bb44f26b Enable clean-up service for novajoin by default 17004426a Drop Nova and NovaJoin services from UC role data b2b9e983c Add heat::trustee parameters ec33ab404 Disable heat by default in favor of ephemeral-heat. caed5081e Keystone: Use system-admin to create resources c2d110257 Use Internal API by default for Keystone admin endpoint c3affa49a Nova: Use internal endpoint to access Keystone 97c1306b2 Defining fs.aio-max-nr for hosts with libvirt service ff7bc29c7 Added rabbit FIPS flag to FIPS env fle 3f7db6a9a Placement: Enable proxy headers parsing 8e28fde39 Allow neutron to configure secure RBAC options 9aa90bd1a Skip 'ensure dnf modules' for CS9 on undercloud-upgrade 59edff435 Add RabbitFIPS parameter dde9a258d Update dervice_pci script to handle pci address formats 6ff47463b Configure logging for designate bind backend ebab335f3 Role specific container support db63209ae Revert "Update cell0 db connection, if required" e36f44cad Check if passthrough user_config is decoded properly from hiera data ed560e46c Pass OS_CLOUD env when migrating to heat ephemeral. cef35a45a Fix cloud-init detection rules 97a2bd2ca Reduce frequency of task retries 5b9648dd9 Disable libvirtd and stop it 2caf85f84 fix path typo 72e75597c Fix ignored OctaviaControlSecurityGroup dfeb0e643 Nova: Configure [keystone] parameters a1f6142b9 Missing OVN Parameters 9b5dba49e Cinder: Remove support for deprecated Dell EMC volume drivers d57f9a877 Add ironic-inspector TLS endpoint port to be reachable 277ef9bbc README: Remove OVN row f63176e97 Horizon: Manage policy files 4362c14ce Disable metrics_qdr binding in HAProxyEdge b4a9058b8 Make sure libvirt guests shut down before network 2a27e8bdb Enable policy rule management in nova-compute a170d70e2 Add OVNContainerCpusetCpus 5326c3d5e Move *NetworkConfigTemplate to parameter_defaults 81d546a23 Add show unknown only host_status to scn002 b11c78a02 Add show all host_status policy to scn001 2b9461e97 Fix remaining usage of internal url for www_authenticate_uri 3a04690cd Enable notification from Keystone when Barbican is enabled 4e078fc42 Handle ping test ips when not available 392abfd2a Include subnet in unbound colloc port creation to ensure IP allocation b49da7236 Allow keystone to configure secure RBAC options dfd28f7b1 Revert "Revert "Add chrony waitsync back in"" 98e9b2983 Align services of ControllerSriov role 21bd42b4f Revert "Add chrony waitsync back in" 925af6378 Add generated deployed network environment 4f7e4fd18 Fix killscript regex match for libpod-conmon-* 62ded067d Fix IPv6 router on UC re-install 8d46c9c38 Add chrony waitsync back in 160936df1 Use public endpoint for [keystone_authtoken] www_authenticate_uri 3e4135aa3 Add CephAdmVerbose variable 6d142165f IDM server registration is fixed to one server only ee617c09a Add missing services to ControllerNovaStandalone role 15ff29cf1 Fix IronicImageDownloadSource on undercloud 71012af59 Replace deprecated octavia::controller::port_detach_timeout 4c1206938 Remove hieradata for Redis Sentinel 423644945 Check that redis is removed prior to FFU 98d731768 Use Python3 yoga unit tests 157d0c112 Start the l3 agent with cgroupns: host 97da97eda Fix external-ceph deployment directory reference 008b55afa fix InternalApi subnet for ControllerNovaStandalone role d8475ede4 Remove tripleo_ovn_mac_port_name port tag eae88fe0a Sync neutron-ovs-dvr.yaml copies 3983bc744 Update cell0 db connection, if required cb24c0bff Revert "Fix the wrong parameter name to disable management of libvirt services" c3bb91338 Missing rsyslog parameters for HAProxy 20368af84 Fix the wrong parameter name to disable management of libvirt services 9d4d7f9a6 Manage octavia flavor in tripleo-ansible 9d06a3c7e Exec libvirtd in a transient scope a77d5ebde Make tools scripts executable 2e4f35b07 Add templates for custom network ci job a88c32f51 Replace deprecated manila::sql_connection 5e77f8198 Manila: Use internal endpoints to access other services e78fbfb99 Nova: Use internal endpoint to access Neutron API efdbece13 Run designate-api under apache a035de7d3 Remove setype for /var/log/containers creation 98af86994 Parameters for API policies to show a host status 7a99ae23e Introduce a new linter for yaml-validate, and correct issues 613dd92d8 Add a configuration option to enable secure RBAC in Heat 1f868ba53 Ensure we bind-mount /dev instead of /dev/ 579102e54 Sc001: Enable glance image import methods 4df0b3519 Neutron: Use internal endpoint when accessing Placement API 3b80985e5 Assign project-scoped service role for token validation e6f24185b CoreServices list has to be flatten 08c5e74d3 Placement: Define root path explicitly 0436025d8 Add IronicDefaultBootInterface parameter 3055a4f11 Use only internal endpoints in Octavia controller services 1127ac015 Accept lists for Manila*ShareDataPools and Manila*EthernetPorts 7e1ee7511 set manila context-is-admin policy rule for secure-rbac dbf5d36fd Add timestamps to nova/placement wait for scripts 969043bef Correct the multiple_nics_vlans_dvr.j2 file path 06787c853 Add support for powermax. 6dc38e414 Fix doc link 531aecc4b Fix convert_v1_net_data.py - ipv6 property 3a0b86e4e Add ephemeral Heat entry to clouds.yaml 047499937 Fix condition to add per subnet routes parameter ee846d21e [Neutron] Add custom env file to set dns_domain_name 0555ee4df [Pure Storage] Set default parameter for iscsi cidr 368102b14 Deprecate ineffective MysqlIncreaseFileLimit efc328c66 Make PingTestGatewayIPsMap a map of flatten lists 1f79df6da Update project personas policies in custom neutron policy 70720d21d [Pure Storage] Add new FlashArray Cinder driver params 632afe18c Add rgw max attributes constraints c72579637 neutron: Stop setting the allow_overlapping_ips parameter 925e2db46 Keystone: Remove unused container_puppet_tasks 8cb2fd898 Fix logic related to CinderEtcdLocalConnect parameter 7f04caaf4 Use a designate specific directory for the bind persistent storage 0265f9572 Clean up update converge file 1314f345f [ovn] Deleting ovn agents during scale down tasks 61a1dcc3b Remove double slashes in path a287ebc42 Add socket keepalive options for the pymemcache backend 839ddccdb Implement project personas in custom barbican policy file 0fe7045fa Deprecate env/enable-designate in favor of env/services/designate.yaml b3863568a Fix set_fact on the CephMgrAnsibleVars 52ed0f05b Remove old non-ha container removal tasks 6d8091240 task-core basic framework 5d830980e Add ping test for all networks gateway IPs d98009ae4 Change authentication method for Mellanox sdn controller d33865cde Remove mariadb-server packages from the host f2fd2a856 Add ovn_chassis_mac_map to ExtraConfig role 273b41a5d Use ServiceNetMap to filter PublicNetwork in haproxy-tls f6eddad78 Don't use service_net_map_replace in krb-svc-principals 65151adc1 Add parameter IronicPowerStateChangeTimeout 48ed6294c Do not error out when a network is ipv6 only 040859a73 Clean up implementation to manage volume type by puppet 82a0781b4 Revert "Fix TLS-e with custom network names" 4bf486603 Clear up confusion on cinder's default volume type 4ba798c57 Add environment file for FIPS deployments e2f6aec3e Add auth type for snmpd readonly user 6bae260bc Fix TLS-e with custom network names 26b05056e Adding NovaMkisofsCmd parameter to nova-compute 20311a0a5 Flatten yaql list expressions f8e7bf2bb Do not set rabbitmq SSL CA certs when InternalTLSCAFile is '' 6b50e1622 Flatten yaql list expressions b3e5e03d6 Drop UndercloudMinion environments 6b4a4389f Remove ganesha_vip extra config workaround 716fe9bc6 Deprecate `OvsDpdkDriverType` parameter 015fc41bd Sc04: Enable glance sparse image upload ba7f896c5 Revert "Enable fernet token cache by default" 9193090b1 Allow configuring secure RBAC in glance 1cbd03a13 Use double quotes for string comparisons policies in glance 34b7d28e6 Drop non-bundle manila from puppet-config 76adfd420 Use true/false for boolean values 4d6dc5308 Refactor usage of QemuMemoryBackingDir f834c26d5 Enable new SELinux boolean for vTPM support f664302c3 Enable new SELinux boolean for vTPM support 40d5282eb follow-up: Enable support for Libvirt modular daemons 42d746921 Introduce ApplyCephConfigOverridesOnUpdate 3d2fec12b Implement project personas in custom cinder policy file 9e30f281f Remove network_virtual_ips hard-coded name filter c0b778301 GaneshaNetwork - fallback -> external -> ctlplane 2202412db Implement project personas in custom neutron policy file 433cc9375 Implement project personas in custom keystone policy file b522254bc Remove six library b30b3cc82 Implement project personas in custom placement policy file 5a43e8a30 Use EnableInternalTLS to set pssl in nb and sb 4477e2862 Implement project personas in custom manila policy file 716492274 Deprecate IronicIpVersion 9d6f24131 Set default value of IronicDefaultBootMode to uefi 9be1b7746 Run Swift replicators in single replica mode 762f5056d Allow Swift to configure secure RBAC options 93d06c2b9 Cinder: Update puppet parameters to set castellan options ccacb548e Enable enable_proxy_headers_parsing in Designate API 5e5472337 Add note indicating only Controllers use network VIPs e618ad8d3 Honor the ExternalSwiftUserTenant parameter Diffstat (except docs and test files) ------------------------------------- .gitignore | 17 +- README.rst | 2 - ci/custom_ci_roles_data.yaml | 263 ++++ ci/custom_names_network_data.yaml | 60 + ci/custom_names_vip_data.yaml | 6 + .../multiple-nics/custom-network-environment.yaml | 27 + ci/environments/neutron_dns_domain.yaml | 2 + ci/environments/scenario000-standalone.yaml | 2 - ci/environments/scenario001-standalone.yaml | 27 +- ci/environments/scenario002-standalone.yaml | 1 + ci/environments/scenario004-standalone.yaml | 14 +- common/common-container-setup-tasks.yaml | 3 +- common/container-puppet.sh | 4 +- common/deploy-steps-playbooks-common.yaml | 20 +- common/deploy-steps-tasks-step-0.j2.yaml | 6 + common/deploy-steps-tasks-step-1.yaml | 28 +- common/deploy-steps-tasks.yaml | 8 +- common/deploy-steps.j2 | 84 +- common/generate-config-tasks.yaml | 2 +- common/host-container-puppet-tasks.yaml | 4 +- common/services/deployment-bootstrap.yaml | 71 + common/services/deployment-host-prep.yaml | 52 + common/services/deployment-legacy-deploy.yaml | 31 + common/services/deployment-network.yaml | 41 + common/services/deployment-post-deploy.yaml | 42 + common/services/deployment-state.yaml | 104 ++ common/services/role.role.j2.yaml | 21 +- .../nova_wait_for_api_service.py | 27 +- .../nova_wait_for_compute_service.py | 27 +- .../pacemaker_restart_bundle.sh | 28 +- container_config_scripts/pacemaker_wait_bundle.sh | 94 +- .../placement_wait_for_service.py | 26 +- deployment/README.rst | 3 + deployment/aodh/aodh-api-container-puppet.yaml | 40 +- .../aodh/aodh-evaluator-container-puppet.yaml | 34 +- .../aodh/aodh-listener-container-puppet.yaml | 33 +- .../aodh/aodh-notifier-container-puppet.yaml | 33 +- .../barbican/barbican-api-container-puppet.yaml | 47 +- deployment/barbican/barbican-client-puppet.yaml | 8 +- .../ceilometer-agent-central-container-puppet.yaml | 25 +- .../ceilometer-agent-compute-container-puppet.yaml | 31 +- .../ceilometer-agent-ipmi-container-puppet.yaml | 25 +- ...ometer-agent-notification-container-puppet.yaml | 29 +- .../ceilometer-base-container-puppet.yaml | 13 +- deployment/cephadm/ceph-base.yaml | 25 +- deployment/cephadm/ceph-client.yaml | 30 +- deployment/cephadm/ceph-external.yaml | 2 - deployment/cephadm/ceph-grafana.yaml | 2 - deployment/cephadm/ceph-ingress.yaml | 72 + deployment/cephadm/ceph-mgr.yaml | 32 +- deployment/cephadm/ceph-nfs.yaml | 6 +- deployment/cephadm/ceph-osd.yaml | 2 - deployment/cephadm/ceph-rbdmirror.yaml | 2 - deployment/cephadm/ceph-rgw.yaml | 8 +- deployment/certs/ca-certs-baremetal-puppet.yaml | 2 +- deployment/cinder/cinder-api-container-puppet.yaml | 78 +- .../cinder-backend-dellemc-vmax-iscsi-puppet.yaml | 82 - deployment/cinder/cinder-backend-pure-puppet.yaml | 30 + .../cinder/cinder-backup-container-puppet.yaml | 29 +- .../cinder/cinder-backup-pacemaker-puppet.yaml | 49 +- .../cinder/cinder-common-container-puppet.yaml | 12 +- .../cinder/cinder-scheduler-container-puppet.yaml | 29 +- .../cinder/cinder-volume-container-puppet.yaml | 24 +- .../cinder/cinder-volume-pacemaker-puppet.yaml | 49 +- deployment/database/mysql-base.yaml | 3 +- deployment/database/mysql-container-puppet.yaml | 26 +- deployment/database/mysql-pacemaker-puppet.yaml | 102 +- deployment/database/redis-base-puppet.yaml | 16 - deployment/database/redis-container-puppet.yaml | 32 +- deployment/database/redis-pacemaker-puppet.yaml | 50 +- .../cinder-backend-dellemc-vxflexos-puppet.yaml | 172 --- .../cinder/cinder-backend-scaleio-puppet.yaml | 153 -- deployment/deprecated/multipathd-container.yaml | 26 +- .../nova/nova-libvirt-container-puppet.yaml | 42 +- .../novajoin/ipaclient-baremetal-ansible.yaml | 191 --- .../novajoin/novajoin-container-puppet.yaml | 273 ---- .../designate/designate-api-container-puppet.yaml | 78 +- deployment/designate/designate-base.yaml | 21 +- deployment/designate/designate-bind-container.yaml | 48 +- .../designate-central-container-puppet.yaml | 23 +- .../designate/designate-mdns-container-puppet.yaml | 31 +- .../designate-producer-container-puppet.yaml | 22 +- .../designate/designate-sink-container-puppet.yaml | 22 +- .../designate-worker-container-puppet.yaml | 22 +- deployment/etcd/etcd-container-puppet.yaml | 195 ++- deployment/frr/frr-container-ansible.yaml | 198 ++- deployment/glance/glance-api-container-puppet.yaml | 45 +- .../gnocchi/gnocchi-api-container-puppet.yaml | 28 +- .../gnocchi/gnocchi-metricd-container-puppet.yaml | 34 +- .../gnocchi/gnocchi-statsd-container-puppet.yaml | 34 +- deployment/haproxy/haproxy-container-puppet.yaml | 38 +- .../haproxy/haproxy-edge-container-puppet.yaml | 1 + .../haproxy-internal-tls-certmonger.j2.yaml | 24 +- deployment/haproxy/haproxy-pacemaker-puppet.yaml | 87 +- deployment/heat/heat-api-cfn-container-puppet.yaml | 25 +- deployment/heat/heat-api-container-puppet.yaml | 29 +- deployment/heat/heat-base-puppet.yaml | 23 +- deployment/heat/heat-engine-container-puppet.yaml | 29 +- .../heat/heat-ephemeral-container-ansible.yaml | 60 +- deployment/horizon/horizon-container-puppet.yaml | 27 +- .../image-serve/image-serve-baremetal-ansible.yaml | 2 +- deployment/ipa/ipaservices-baremetal-ansible.yaml | 10 +- deployment/ironic/ironic-api-container-puppet.yaml | 25 +- .../ironic/ironic-conductor-container-puppet.yaml | 54 +- .../ironic/ironic-inspector-container-puppet.yaml | 29 +- .../ironic-neutron-agent-container-puppet.yaml | 22 +- deployment/ironic/ironic-pxe-container-puppet.yaml | 31 +- deployment/iscsid/iscsid-container-puppet.yaml | 16 +- deployment/kernel/kernel-baremetal-ansible.yaml | 22 +- .../kernel-boot-params-baremetal-ansible.yaml | 33 + deployment/keystone/keystone-container-puppet.yaml | 102 +- deployment/logging/files/barbican-api.yaml | 22 +- deployment/logging/files/glance-api.yaml | 22 +- deployment/logging/files/heat-engine.yaml | 22 +- deployment/logging/files/keystone.yaml | 22 +- deployment/logging/files/neutron-api.yaml | 22 +- deployment/logging/files/nova-api.yaml | 22 +- deployment/logging/files/nova-common.yaml | 19 +- deployment/logging/files/nova-libvirt.yaml | 40 +- deployment/logging/files/nova-metadata.yaml | 22 +- deployment/logging/files/placement-api.yaml | 22 +- deployment/logging/rsyslog-container-puppet.yaml | 34 +- .../logging/rsyslog-sidecar-container-puppet.yaml | 18 +- deployment/logging/stdout/barbican-api.yaml | 34 +- deployment/logging/stdout/haproxy.yaml | 26 +- deployment/logging/stdout/heat-api-cfn.yaml | 34 +- deployment/logging/stdout/heat-api.yaml | 34 +- deployment/logging/stdout/keystone.yaml | 34 +- deployment/logging/stdout/nova-api.yaml | 34 +- deployment/logging/stdout/nova-common.yaml | 2 + deployment/logging/stdout/nova-libvirt.yaml | 95 ++ deployment/logging/stdout/nova-metadata.yaml | 34 +- deployment/logging/stdout/placement-api.yaml | 34 +- .../logrotate-crond-container-puppet.yaml | 29 +- deployment/manila/manila-api-container-puppet.yaml | 46 +- deployment/manila/manila-backend-powermax.yaml | 80 + deployment/manila/manila-backend-unity.yaml | 8 +- deployment/manila/manila-backend-vmax.yaml | 8 +- deployment/manila/manila-backend-vnx.yaml | 8 +- deployment/manila/manila-base.yaml | 2 +- .../manila/manila-scheduler-container-puppet.yaml | 29 +- deployment/manila/manila-share-common.yaml | 4 +- .../manila/manila-share-container-puppet.yaml | 27 +- .../manila/manila-share-pacemaker-puppet.yaml | 36 +- .../memcached/memcached-container-puppet.yaml | 46 +- .../messaging/rpc-qdrouterd-container-puppet.yaml | 22 +- deployment/metrics/collectd-container-ansible.yaml | 22 +- deployment/metrics/collectd-container-puppet.yaml | 24 +- deployment/metrics/qdr-container-ansible.yaml | 15 +- deployment/metrics/qdr-container-puppet.yaml | 22 +- .../multipathd/multipathd-container-ansible.yaml | 23 +- .../neutron/derive_pci_passthrough_whitelist.py | 502 ++++-- deployment/neutron/kill-script | 2 +- .../neutron-agents-ib-config-container-puppet.yaml | 46 +- .../neutron/neutron-api-container-puppet.yaml | 47 +- deployment/neutron/neutron-base.yaml | 1 - .../neutron-bgpvpn-api-container-puppet.yaml | 16 +- .../neutron-bigswitch-agent-baremetal-puppet.yaml | 37 - .../neutron/neutron-dhcp-container-puppet.yaml | 35 +- .../neutron/neutron-l2gw-api-container-puppet.yaml | 18 +- .../neutron/neutron-l3-container-puppet.yaml | 30 +- .../neutron/neutron-metadata-container-puppet.yaml | 30 +- .../neutron-mlnx-agent-container-puppet.yaml | 52 +- .../neutron-ovs-agent-container-puppet.yaml | 95 +- .../neutron-ovs-dpdk-agent-container-puppet.yaml | 8 +- ...eutron-plugin-ml2-ansible-container-puppet.yaml | 16 +- ...tron-plugin-ml2-cisco-vts-container-puppet.yaml | 16 +- .../neutron-plugin-ml2-container-puppet.yaml | 16 +- ...lugin-ml2-mlnx-sdn-assist-container-puppet.yaml | 38 +- .../neutron-plugin-nsx-container-puppet.yaml | 18 +- deployment/neutron/neutron-plugin-nuage.yaml | 96 -- .../neutron/neutron-sfc-api-container-puppet.yaml | 18 +- .../neutron-sriov-agent-container-puppet.yaml | 19 +- deployment/nova/nova-api-container-puppet.yaml | 89 +- deployment/nova/nova-az-config.yaml | 23 +- deployment/nova/nova-base-puppet.yaml | 106 +- .../nova/nova-compute-common-container-puppet.yaml | 2 +- deployment/nova/nova-compute-container-puppet.yaml | 56 +- .../nova/nova-conductor-container-puppet.yaml | 30 +- deployment/nova/nova-ironic-container-puppet.yaml | 32 +- ...a-virt-common.yaml => nova-libvirt-common.yaml} | 22 +- .../nova/nova-libvirt-guests-container-puppet.yaml | 6 +- deployment/nova/nova-manager-container-puppet.yaml | 15 +- .../nova/nova-metadata-container-puppet.yaml | 25 +- .../nova-migration-target-container-puppet.yaml | 24 +- .../nova-modular-libvirt-container-puppet.yaml | 98 +- .../nova/nova-scheduler-container-puppet.yaml | 31 +- .../nova/nova-vnc-proxy-container-puppet.yaml | 37 +- .../octavia/octavia-api-container-puppet.yaml | 82 +- deployment/octavia/octavia-base.yaml | 12 +- .../octavia/octavia-deployment-config.j2.yaml | 23 +- .../octavia-health-manager-container-puppet.yaml | 32 +- .../octavia-housekeeping-container-puppet.yaml | 26 +- .../octavia/octavia-worker-container-puppet.yaml | 33 +- .../openvswitch-dpdk-baremetal-ansible.yaml | 11 +- ...vswitch-dpdk-netcontrold-container-ansible.yaml | 16 +- .../ovn/ovn-controller-container-puppet.yaml | 233 ++- deployment/ovn/ovn-dbs-cluster-ansible.yaml | 30 +- deployment/ovn/ovn-dbs-container-puppet.yaml | 47 +- deployment/ovn/ovn-dbs-pacemaker-puppet.yaml | 49 +- deployment/ovn/ovn-metadata-container-puppet.yaml | 28 +- .../pacemaker/clustercheck-container-puppet.yaml | 22 +- .../pacemaker/pacemaker-baremetal-puppet.yaml | 25 +- .../pacemaker-remote-baremetal-puppet.yaml | 6 +- .../placement/placement-api-container-puppet.yaml | 32 +- deployment/podman/podman-baremetal-ansible.yaml | 22 + deployment/qdr/qdrouterd-container-puppet.yaml | 22 +- deployment/rabbitmq/rabbitmq-container-puppet.yaml | 38 +- ...rabbitmq-messaging-notify-container-puppet.yaml | 24 +- ...rabbitmq-messaging-notify-pacemaker-puppet.yaml | 51 +- .../rabbitmq-messaging-pacemaker-puppet.yaml | 51 +- .../rabbitmq-messaging-rpc-container-puppet.yaml | 24 +- .../rabbitmq-messaging-rpc-pacemaker-puppet.yaml | 51 +- deployment/snmp/snmp-baremetal-puppet.yaml | 5 + deployment/sshd/sshd-baremetal-ansible.yaml | 6 +- deployment/sshd/sshd-baremetal-puppet.yaml | 2 +- .../external-swift-proxy-baremetal-puppet.yaml | 2 + deployment/swift/swift-proxy-container-puppet.yaml | 42 +- .../swift/swift-ringbuilder-container-puppet.yaml | 18 +- .../swift/swift-storage-container-puppet.yaml | 155 +- deployment/timesync/chrony-baremetal-ansible.yaml | 6 +- .../tripleo-packages-baremetal-puppet.yaml | 33 +- deployment/unbound/unbound-container-ansible.yaml | 39 +- deployment/undercloud/minion-rabbitmq-puppet.yaml | 65 - deployment/undercloud/undercloud-upgrade.yaml | 41 +- environments/cinder-dellemc-vmax-iscsi-config.yaml | 12 - environments/cinder-dellemc-vxflexos-config.yaml | 39 - environments/cinder-pure-config.yaml | 3 + environments/cinder-scaleio-config.yaml | 39 - ...ontainerized-control-plane-dellemc-scaleio.yaml | 35 - environments/deployed-network-environment.j2.yaml | 65 + environments/deployed-networks.yaml | 2 +- environments/disable-neutron.yaml | 1 - environments/docker-ha.yaml | 1 - environments/enable-designate.yaml | 15 +- environments/enable-secure-rbac.yaml | 1598 +++++++++----------- environments/external-ceph.yaml | 2 +- environments/fips.yaml | 9 + environments/ha-redis.yaml | 6 + environments/lifecycle/update-converge.yaml | 7 - environments/manila-cephfsganesha-config.yaml | 1 + environments/manila-powermax-config.yaml | 20 + environments/net-multiple-nics-vlans.j2.yaml | 2 +- environments/network-environment-v6.j2.yaml | 4 +- environments/network-environment.j2.yaml | 9 +- environments/neutron-ml2-bigswitch.yaml | 31 - environments/neutron-ml2-mlnx-sdn.yaml | 3 +- environments/neutron-ovs-dvr.yaml | 13 +- environments/rhsm.yaml | 2 +- environments/services-baremetal/barbican.yaml | 3 + environments/services-baremetal/octavia.yaml | 2 +- environments/services/barbican.yaml | 3 + environments/services/designate.yaml | 20 + environments/services/frr.yaml | 4 + environments/services/neutron-ovn-dpdk.yaml | 3 + environments/services/neutron-ovn-sriov.yaml | 2 + environments/services/neutron-ovs-dpdk.yaml | 1 - environments/services/neutron-ovs-dvr.yaml | 6 +- environments/services/novajoin.yaml | 5 - environments/services/octavia.yaml | 2 +- .../services/undercloud-remove-novajoin.yaml | 4 - environments/ssl/tls-endpoints-public-dns.yaml | 1 - environments/ssl/tls-endpoints-public-ip.yaml | 1 - environments/ssl/tls-everywhere-endpoints-dns.yaml | 3 - environments/undercloud-enable-nova.yaml | 6 - environments/undercloud.yaml | 14 +- environments/undercloud/undercloud-minion.yaml | 289 ---- .../update-from-keystone-admin-internal-api.yaml | 6 - .../krb-service-principals/role.role.j2.yaml | 22 +- .../post_deploy/undercloud_ctlplane_network.py | 73 +- firstboot/userdata_timesync.yaml | 1 + network/endpoints/endpoint_map.yaml | 384 ----- network/network.j2 | 8 +- network/ports/ovn_mac_addr_port.yaml | 4 - network_data.yaml | 3 +- network_data_dashboard.yaml | 3 +- network_data_ganesha.yaml | 3 +- network_data_routed.yaml | 3 +- network_data_subnets_routed.yaml | 3 +- overcloud-resource-registry-puppet.j2.yaml | 17 +- overcloud.j2.yaml | 26 +- .../pre_deploy/compute/neutron-ml2-bigswitch.yaml | 52 - .../controller/neutron-ml2-bigswitch.yaml | 84 - puppet/role.role.j2.yaml | 21 +- ...pe-for-snmp-readonly-user-c90c9e5a12c92893.yaml | 6 + ...-boot-interface-parameter-f07c1fe24c7cb543.yaml | 8 + ...ironic-inspector-tls-port-4e59d0c2b2922f68.yaml | 5 + .../add-novamkisofscmd-param-6dbb64e4497a8ce6.yaml | 7 + .../add-octavia-tls-settings-7583df511c53b27a.yaml | 4 + .../add-rabbit-fips-option-ddf5a0d7e37d8e5d.yaml | 5 + .../notes/add_token_auth-fb9f0dfe8e70a4c1.yaml | 10 + ...g-1953672-haproxy-rsyslog-6f8e386f8909a253.yaml | 4 + .../certificiate-validation-1b08ab8cf40b7cad.yaml | 11 + ...ge-keystone-admin-network-a29499018c323cea.yaml | 4 + ...arify-default-volume-type-c77e7a7ddafdf172.yaml | 12 + .../dellemc-driver-cleanup-4a1febdc51ec674c.yaml | 14 + ...te-MysqlIncreaseFileLimit-20548c5f7234d14c.yaml | 5 + ...precate-ironic-ip-version-27e24f03da6ddd59.yaml | 4 + ...gnate-enable-bind-logging-642e77541645519b.yaml | 6 + ...esignate-environment-file-bd08eef69758a996.yaml | 6 + .../notes/dpdk_driver_remove-76d61711c19cd099.yaml | 7 + ...e-secure-rbac-for-neutron-842bd41339a48f26.yaml | 8 + ..._secure_rbac_for_keystone-62685484ef589726.yaml | 9 + ...e_rbac_support_for_glance-167d53c491cd326c.yaml | 8 + ...-fs.aio-max.nr-on-compute-06447122b8e12c71.yaml | 7 + ...stone-notification-driver-0c71165430eb57ef.yaml | 7 + ...nova_api_show_host_status-f0dfaf4c2b0c536f.yaml | 19 + .../notes/power_state-457f12af30b9e341.yaml | 8 + ...ure_storage_update_params-4de801b1ed2d0744.yaml | 6 + ...redis_disabled_by_default-9992b2bae9b149cd.yaml | 7 + ...ute_service_check_for_ffu-19a91d20e146056c.yaml | 6 + ...move-networking-bigswitch-9ae5c280990284a2.yaml | 5 + .../notes/remove-novajoin-3ccef190c99c419b.yaml | 8 + .../remove-undercloud-minion-198ce8ea01c4e366.yaml | 7 + ...p-podman-purge-undercloud-a3a30b5ac3a0951b.yaml | 9 + ...ft-single-replica-cleanup-fdf72b9e462185c7.yaml | 6 + .../tripleo-kernel-hugepages-424c19a4b1579af8.yaml | 23 + .../notes/uefi-boot-mode-a8b1b416a0e9cdc4.yaml | 7 + .../uefi_ipxe_bootfile_name-f2c9cc8971dc1ed8.yaml | 9 + requirements.txt | 1 - roles/CephAll.yaml | 1 + roles/CephStorage.yaml | 1 + roles/Compute.yaml | 1 + roles/ComputeAlt.yaml | 1 + roles/ComputeDVR.yaml | 1 + roles/ComputeHCI.yaml | 1 + roles/ComputeHCIOvsDpdk.yaml | 1 + roles/ComputeHCISriov.yaml | 1 + roles/ComputeInstanceHA.yaml | 1 + roles/ComputeLocalEphemeral.yaml | 1 + roles/ComputeOvsDpdk.yaml | 1 + roles/ComputeOvsDpdkRT.yaml | 1 + roles/ComputeOvsDpdkSriov.yaml | 1 + roles/ComputeOvsDpdkSriovRT.yaml | 1 + roles/ComputePPC64LE.yaml | 1 + roles/ComputeRBDEphemeral.yaml | 1 + roles/ComputeRealTime.yaml | 1 + roles/ComputeSriov.yaml | 1 + roles/ComputeSriovIB.yaml | 1 + roles/ComputeSriovRT.yaml | 1 + roles/ComputeVdpa.yaml | 1 + roles/Controller.yaml | 5 +- roles/ControllerAllNovaStandalone.yaml | 1 + roles/ControllerNoCeph.yaml | 3 - roles/ControllerNovaStandalone.yaml | 26 +- roles/ControllerOpenstack.yaml | 2 + roles/ControllerSriov.yaml | 11 +- roles/ControllerStorageDashboard.yaml | 5 +- roles/ControllerStorageNfs.yaml | 4 +- roles/DistributedCompute.yaml | 1 + roles/DistributedComputeHCI.yaml | 1 + roles/DistributedComputeHCIDashboard.yaml | 1 + roles/DistributedComputeHCIScaleOut.yaml | 1 + roles/DistributedComputeScaleOut.yaml | 1 + roles/HciCephAll.yaml | 1 + roles/HciCephObject.yaml | 2 +- roles/Standalone.yaml | 4 +- roles/Undercloud.yaml | 35 - roles/UndercloudMinion.yaml | 33 - roles_data.yaml | 7 +- roles_data_undercloud.yaml | 36 +- sample-env-generator/enable-services.yaml | 29 - sample-env-generator/ssl.yaml | 5 - sample-env-generator/undercloud-minion.yaml | 284 ---- scripts/undercloud-upgrade-ephemeral-heat.py | 24 +- tools/convert_heat_nic_config_to_ansible_j2.py | 17 +- tools/convert_nic_config.py | 5 +- tools/convert_v1_net_data.py | 1 + tools/merge-new-params-nic-config-script.py | 5 +- tools/process-templates.py | 5 +- tools/yaml-validate.py | 99 +- tox.ini | 4 +- zuul.d/layout.yaml | 4 +- 377 files changed, 9015 insertions(+), 5122 deletions(-) Requirements updates -------------------- diff --git a/requirements.txt b/requirements.txt index bda47437c..180423b34 100644 --- a/requirements.txt +++ b/requirements.txt @@ -7 +6,0 @@ Jinja2>=2.10 # BSD License (3 clause) -six>=1.10.0 # MIT

1 0

tripleo-common 16.4.0
by no-reply＠openstack.org 13 Apr '22

13 Apr '22

We are chuffed to announce the release of: tripleo-common 16.4.0: A common library for TripleO workflows. The source is available from: https://opendev.org/openstack/tripleo-common Download the package from: https://tarballs.openstack.org/tripleo-common/ For more details, please see below. 16.4.0 ^^^^^^ New Features * Split off Ceph related container images This change releases an update on the default tripleo_containers jinja template, splitting off the Ceph related container images. With this new approach pulling the ceph containers is optional, and can be avoided by setting the *ceph_images* boolean to False. e.g., passing something like the following: parameter_defaults: ContainerImagePrepare: - push_destination: true set: name_prefix: openstack- name_suffix: '' namespace: quay.io/tripleomaster neutron_driver: ovn rhel_containers: false tag: current-tripleo ceph_images: false ContainerImagePrepareDebug: true ContainerImageRegistryCredentials: {} avoid the ceph containers being pulled in the undercloud. To make this possible, a new jinja template processing approach has been introduced, and a template basedir parameter (required by the jinja loader) has been added to the BaseImageManager. Finallym, two more *ceph_* prefixed containers, required to deploy the Ceph Ingress daemon are added, and they are supposed to match the tripleo-heat- templates *OS::TripleO::Services::CephIngress* service. The Ingress daemon doesn't use the Ceph daemon container, hence *tripleo container image prepare* should be executed to pull the new container images/tags in the undercloud as made for the Ceph Dashboard and the regular Ceph image. Changes in tripleo-common 16.3.0..16.4.0 ---------------------------------------- d76e4435 Run the ovn-bgp-agent with user ovn-bgp instead of neutron 4a3cead9 Update prometheus and alertmanager containers 854cf9fa Bump Ceph container daemons to v6.0.7 60b48b2e Remove rhel specific packages for ironic-conductor e2bc5ddd Revert "Add ceph_spec library to tripleo-common" 1513e313 Export default location of password file 1a73f956 Remove tftp healthcheck from ironic-pxe image fc36d5a6 Mark Python 3.9 as supported runtime 80b294ba Ensure failures on the undercloud leads to a complete stop a65535ed ovn-bgp-agent image support 82a80c72 Auto-detect partition types for mounting more images 6f67c15f Mariadb: auth_ed25519 with FIPS crypto 77130ddc HA: do not rotate cluster passwords a5f84875 Move zuul jobs layout to centos9 only for master branch 08a8118f Split off Ceph related container images 01bb19a9 Don't install openstack-selinux in containers 096c6eee Add exception handler for node attributes 2cd1fbd8 Fix reference to undefined variables when heat-config times out b09fb3fe Reinstall centos-stream-release from centos repos a74fcf72 fixup if guard for tcib_release edc0199b Base container - Fix bash condition for rhel case fcbe594e Add exception handler for role networks dbc7916f Update how callbacks are injected within ansible 19647e57 Remove selinux-permissive from rhel8 image bf725978 Add configs for RHEL 9 image 8df691d0 Remove remove-machine-id element 38ecd5db Remove remaining reference to the six library Diffstat (except docs and test files) ------------------------------------- container-images/ceph.j2 | 55 ++++ .../container_image_prepare_defaults.yaml | 32 ++- container-images/kolla/base/uid_gid_manage.sh | 1 + container-images/tcib/base/base.yaml | 11 +- .../ironic-conductor/ironic-conductor.yaml | 4 - .../os/nova-base/nova-compute/nova-compute.yaml | 2 +- .../os/nova-base/nova-libvirt/nova-libvirt.yaml | 2 +- .../tcib/base/ovn-bgp-agent/ovn_bgp_agent.yaml | 8 + container-images/tripleo_containers.yaml | 20 +- container-images/tripleo_containers.yaml.j2 | 59 ++-- healthcheck/ironic-pxe | 5 +- healthcheck/ovn-bgp-agent | 12 + ...oud-hardened-images-uefi-python3-rt-kernel.yaml | 1 - .../overcloud-hardened-images-uefi-rhel9.yaml | 18 ++ image-yaml/overcloud-images-ceph-rhel9.yaml | 10 + image-yaml/overcloud-images-ceph.yaml | 1 - image-yaml/overcloud-images-python3.yaml | 1 - image-yaml/overcloud-images-rhel8.yaml | 1 - image-yaml/overcloud-images-rhel9.yaml | 22 ++ image-yaml/overcloud-realtime-compute-python3.yaml | 1 - ...split_off_ceph_containers-e1a66fa39076c2cf.yaml | 38 +++ scripts/tripleo-mount-image | 88 ++++-- setup.cfg | 1 + tripleo_common/constants.py | 37 +++ tripleo_common/image/base.py | 3 +- tripleo_common/image/kolla_builder.py | 22 +- tripleo_common/inventory.py | 16 +- tripleo_common/templates/deployments.yaml | 6 +- tripleo_common/utils/ansible.py | 2 +- tripleo_common/utils/ceph_spec.py | 303 --------------------- tripleo_common/utils/nodes.py | 7 + tripleo_common/utils/passwords.py | 31 +++ tripleo_common/utils/plan.py | 4 +- zuul.d/layout.yaml | 8 +- 39 files changed, 470 insertions(+), 431 deletions(-)

1 0

tripleo-upgrade 9.0.0
by no-reply＠openstack.org 13 Apr '22

13 Apr '22

We are psyched to announce the release of: tripleo-upgrade 9.0.0: tripleo-upgrade - An ansible role for upgrade and update a TripleO deployment The source is available from: https://opendev.org/openstack/tripleo-upgrade Download the package from: https://tarballs.openstack.org/tripleo-upgrade/ For more details, please see below. Changes in tripleo-upgrade 8.1.0..9.0.0 --------------------------------------- 13d7a4c Disable auto discovery 4958251 Make the network_data search more inclusive 2655889 Run control plane update first, next compute and cephstorage last 1bbaeef Fix ping_results_*.log file name 3ab719d Add the update of the OVN controllers before Update Run step. 305d9fb Ensure migrate all the VMs before upgrade the compute acea992 Move zuul jobs layout to centos9 only for master branch 9b2a321 Generate tripleo ansible inventory for Validation a90df48 Remove stein and ceph3 parameters for T to W. 95df601 Set ephemeral-heat option to true by default for Wallaby+ a315ac3 Fast and furious upgrade 55d408d Migrate jobs from CentOS 8 to CentOS 8 Stream d4bde4d Fix services stack export to respect overcloud stack name f272473 Set tripleo-upgrade to use ansible-core 521cfb9 Fixes readme file ad48924 Remove py2 compatibility 644885d [fix] remove condition of migration.timeout 33905d9 Update master for stable/wallaby 69bd654 Improve patch download 790d318 [FFWD upgrade] Adding support of live/cold migration with external workload 898db61 setup.cfg: Replace dashes with underscores Diffstat (except docs and test files) ------------------------------------- README.rst | 74 +++++++------- ansible-requirements.txt | 2 +- defaults/main.yml | 24 +++-- filter_plugins/tripleo_upgrade.py | 9 +- infrared_plugin/main.yml | 14 ++- infrared_plugin/plugin.spec | 11 +++ molecule/molecule-requirements.txt | 2 +- releasenotes/source/index.rst | 1 + releasenotes/source/wallaby.rst | 6 ++ setup.cfg | 6 +- setup.py | 1 + tasks/common/auxilary-facts.yaml | 4 +- tasks/common/configure_uc_containers.yml | 20 ---- tasks/common/load_roles_from_inventory.yaml | 11 ++- tasks/common/validation_group_run.yaml | 4 +- .../create-overcloud-ffu-hosts-scripts.yaml | 2 +- .../create-overcloud-ffu-scripts.yaml | 108 ++++++++++++--------- tasks/fast-forward-upgrade/main.yml | 7 ++ .../overcloud_upgrade_fast_and_furious.yaml | 21 ++++ .../overcloud_upgrade_hosts.yaml | 2 +- tasks/update/create-overcloud-update-scripts.yaml | 7 ++ tasks/update/main.yml | 11 +++ tasks/upgrade/overcloud_upgrade_converge.yml | 11 --- .../overcloud_system_upgrade.sh.j2 | 43 ++++++++ .../overcloud_upgrade_run.sh.j2 | 5 +- templates/l3_agent_start_ping.sh.j2 | 2 +- templates/node_upgrade_pre.sh.j2 | 6 +- templates/overcloud_update_prepare.sh.j2 | 3 - templates/overcloud_upgrade_converge.sh.j2 | 3 - templates/overcloud_upgrade_prepare.sh.j2 | 3 - templates/ovn-external-update.sh.j2 | 64 ++++++++++++ templates/workarounds.sh.j2 | 7 +- zuul.d/layout.yaml | 15 +-- 33 files changed, 337 insertions(+), 172 deletions(-) Requirements updates -------------------- diff --git a/ansible-requirements.txt b/ansible-requirements.txt index a1b6838..f5398ac 100644 --- a/ansible-requirements.txt +++ b/ansible-requirements.txt @@ -5 +5 @@ -ansible +ansible-core<2.12

1 0

tripleo-operator-ansible 0.8.0
by no-reply＠openstack.org 13 Apr '22

13 Apr '22

We are glad to announce the release of: tripleo-operator-ansible 0.8.0: Operator ansible assets for the TripleO project. The source is available from: https://opendev.org/openstack/tripleo-operator-ansible Download the package from: https://tarballs.openstack.org/tripleo-operator-ansible/ For more details, please see below. Changes in tripleo-operator-ansible 0.7.1..0.8.0 ------------------------------------------------ fbcd961 Add tripleo_ceph_deploy role 253618d Add tripleo_ceph_user role 917e0a0 Add tripleo_ceph_spec role 63f0ba7 Add --reproduce-command in UC commands. 20af773 Move zuul jobs layout to centos9 only for master branch 1d330c9 Add tripleo_upgrade role. ade61b2 Bump ansible-lint to 5.3.2 42f5d4f Add overcloud deploy disable-protected-resource-types option 36778dd Generate node unprovision script if wanted 98cc0ab Add default stack to some roles e9dfa53 Added Ephemeral Heat CLI in overcloud_deploy role fae3c7d Modified shell_args plugin for nested lists. da44a72 Overcloud post-installation playbook Diffstat (except docs and test files) ------------------------------------- .ansible-lint | 7 + .pre-commit-config.yaml | 17 +- playbooks/overcloud-post-installation.yml | 93 +++++ plugins/filter/shell_args.py | 20 +- roles/tripleo_ceph_deploy/README.md | 91 +++++ roles/tripleo_ceph_deploy/defaults/main.yml | 41 ++ roles/tripleo_ceph_deploy/meta/main.yml | 45 +++ .../molecule/default/converge.yml | 30 ++ .../molecule/default/molecule.yml | 19 + .../molecule/default/prepare.yml | 8 + roles/tripleo_ceph_deploy/tasks/main.yml | 102 +++++ roles/tripleo_ceph_spec/README.md | 79 ++++ roles/tripleo_ceph_spec/defaults/main.yml | 19 + roles/tripleo_ceph_spec/meta/main.yml | 45 +++ .../molecule/default/converge.yml | 28 ++ .../molecule/default/molecule.yml | 19 + .../tripleo_ceph_spec/molecule/default/prepare.yml | 8 + roles/tripleo_ceph_spec/tasks/main.yml | 64 ++++ roles/tripleo_ceph_user/README.md | 101 +++++ roles/tripleo_ceph_user/defaults/main.yml | 16 + roles/tripleo_ceph_user/meta/main.yml | 45 +++ .../molecule/default/converge.yml | 25 ++ .../molecule/default/molecule.yml | 19 + .../tripleo_ceph_user/molecule/default/prepare.yml | 8 + roles/tripleo_ceph_user/tasks/main.yml | 58 +++ roles/tripleo_deploy/README.md | 2 +- roles/tripleo_overcloud_deploy/README.md | 6 + roles/tripleo_overcloud_deploy/defaults/main.yml | 6 + .../molecule/default/converge.yml | 84 +++++ roles/tripleo_overcloud_deploy/tasks/main.yml | 9 + .../README.md | 2 +- .../defaults/main.yml | 2 +- .../molecule/default/converge.yml | 4 +- .../defaults/main.yml | 2 +- roles/tripleo_overcloud_node_provision/README.md | 2 +- .../defaults/main.yml | 2 +- .../molecule/default/converge.yml | 10 +- roles/tripleo_overcloud_node_unprovision/README.md | 4 +- .../defaults/main.yml | 4 +- .../molecule/default/converge.yml | 5 +- .../tasks/main.yml | 12 +- roles/tripleo_undercloud_install/README.md | 1 + roles/tripleo_undercloud_install/defaults/main.yml | 1 + .../molecule/default/converge.yml | 11 + roles/tripleo_undercloud_install/tasks/main.yml | 1 + roles/tripleo_undercloud_upgrade/README.md | 1 + roles/tripleo_undercloud_upgrade/defaults/main.yml | 1 + .../molecule/default/converge.yml | 11 + roles/tripleo_undercloud_upgrade/tasks/main.yml | 1 + roles/tripleo_upgrade/README.md | 85 +++++ roles/tripleo_upgrade/defaults/main.yml | 43 +++ roles/tripleo_upgrade/meta/main.yml | 44 +++ .../tripleo_upgrade/molecule/default/converge.yml | 420 +++++++++++++++++++++ .../tripleo_upgrade/molecule/default/molecule.yml | 19 + roles/tripleo_upgrade/molecule/default/prepare.yml | 8 + roles/tripleo_upgrade/tasks/main.yml | 107 ++++++ zuul.d/layout.yaml | 19 +- zuul.d/molecule.yaml | 66 ++++ 61 files changed, 1983 insertions(+), 36 deletions(-)

1 0

tripleo-puppet-elements 15.2.0
by no-reply＠openstack.org 13 Apr '22

13 Apr '22

We enthusiastically announce the release of: tripleo-puppet-elements 15.2.0: Puppet building rules for OpenStack images. The source is available from: https://opendev.org/openstack/tripleo-puppet-elements Download the package from: https://tarballs.openstack.org/tripleo-puppet-elements/ For more details, please see below. Changes in tripleo-puppet-elements 15.1.0..15.2.0 ------------------------------------------------- fce5d94 Update overcloud-base element pkg-map 29988ab Update overcloud-agent element pkg-map a60be92 Revert "Add remove-machine-id element" 524f328 Use Python3 yoga unit tests 1e3b5a1 Migrate from testr to stestr d11a705 Only install required/supported fence agents 1a83d5a Drop ansible-playbook-3 symlink Diffstat (except docs and test files) ------------------------------------- .gitignore | 15 +++++++++++--- .stestr.conf | 3 +++ .testr.conf | 8 -------- elements/overcloud-agent/pkg-map | 24 +--------------------- .../post-install.d/51-ansible-symlink | 14 ------------- .../install.d/package-installs-overcloud-base | 1 - elements/overcloud-base/pkg-map | 20 ------------------ .../pre-install.d/01-install-yum-priorities | 7 ------- elements/overcloud-controller/pkg-map | 4 ++-- elements/remove-machine-id/README.md | 9 -------- .../post-install.d/70-remove-machine-id | 10 --------- test-requirements.txt | 2 +- tox.ini | 3 +-- zuul.d/layout.yaml | 2 +- 14 files changed, 21 insertions(+), 101 deletions(-) Requirements updates -------------------- diff --git a/test-requirements.txt b/test-requirements.txt index abd86cf..837159f 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -8 +8 @@ oslotest -testrepository>=0.0.18 +stestr>=2.0.0 # Apache-2.0

1 0