We are jazzed to announce the release of: tripleo-heat-templates 10.0.0: Heat templates for deploying OpenStack with OpenStack. This release is part of the stein release series. The source is available from: http://git.openstack.org/cgit/openstack/tripleo-heat-templates Download the package from: https://tarballs.openstack.org/tripleo-heat-templates/ Please report issues through launchpad: https://bugs.launchpad.net/tripleo For more details, please see below. 10.0.0 ^^^^^^ New Features ************ * Allow plugins that support it to create VLAN transparent networks The vlan_transparent determines if plugins that support it to create VLAN transparent networks or not * We now provide an example set of environment files that can be used to deploy a single all-in-one standalone cloud node via the 'openstack overcloud deploy' and 'openstack tripleo deploy' (experimental) commands. For the overcloud deployment, use *environments/standalone/standalone-overcloud.yaml*. For the tripleo deploy deployment, use *environments/standalone/standalone- tripleo.yaml*. * Now it's possible to define the number of API and RPC workers separately for neutron-api service. This is good for certain network backends such as OVN that don't require RPC communication. * Usage of eventlet of all the WSGI-run nova services get deprecated, including nova-api and nova-metadata-api. See https://review.openstack.org/#/c/549510/ for more details. With this change we move nova-metadata to run via httpd wsgi. * Add *OctaviaEventStreamDriver* parameter to specify which driver to use for syncing Octavia and Neutron LBaaS databases. Upgrade Notes ************* * The default Octavia event_streamer_driver has changed from *queue_event_streamer* to *noop_event_streamer*. See https://bugs.launchpad.net/tripleo/+bug/1787608 Deprecation Notes ***************** * The environments/standalone.yaml has been deprecated and should be replaced with environments/standalone/standalone-tripleo.yaml when using the 'openstack tripleo deploy' command. * All references to the logging_group output in the services templates have been removed, since it's been unused for a couple of releases now. Bug Fixes ********* * An issue causing undercloud installer re-run (or update) to fail because VIP's where lost in case the networking configuration was changed has been fixed. See Bug: 1791238 (https://bugs.launchpad.net/tripleo/+bug/1791238). * Fixes an issue in the legacy port_from_pool templates for predictable IP addressing. Prior to this fix using these tamplates would fail with the following error: **Referenced Attribute (%network_name%%Port host_routes) is incorrect.** (Bug: 1792968 (https://bugs.launchpad.net/tripleo/+bug/1792968).) * Ping the default gateways before controllers in validation script. In certain situations when using IPv6 its necessary to establish connectivity to the router before other hosts. * The baremetal API version is no longer hardcoded in "stackrc". This allows easy access to new features in *ironicclient* as they are introduced. If you need to use a fixed API version, set the "OS_BAREMETAL_API_VERSION" environment variable. Other Notes *********** * A new parameter called 'RabbitAdditionalErlArgs' that specifies additional arguments to the Erlang VM has been added. It now defaults to "'+sbwt none'" (http://erlang.org/doc/man/erl.html#+sbwt) This threshold determines how long schedulers are to busy wait when running out of work before going to sleep. By setting it to none we let the erlang threads go to sleep right away when they do not have any work to do. * The common tasks in deploy-steps-tasks.yaml that are common to all roles are now tagged with one of: host_config, container_config, container_config_tasks, container_config_scripts, or container_startup_configs. * The step plays in deploy-steps.j2 (which generates the deploy_steps_tasks.yaml playbook) are now tagged with step[1-5] so that they can run individually if needed. Changes in tripleo-heat-templates 9.0.0.0rc1..10.0.0 ---------------------------------------------------- f2e7235 Fix placement region setting a0ead2f Chunk up ceph-ansible output to prevent clogging the CLI 203a5f2 Fix privileged typo in docker-puppet.py bfca535 undercloud: deploy podman 7bebdef Introduce OS::TripleO::Services::Podman bbab850 Allow to deactivate SELinux separation for selected containers 3eeece2 Set proper setype for service directories 1b0c827 Convert with_dict tasks to use loop and be less chatty 0acfc34 Add UseNotifySSL to environments/ssl/enable-internal-tls.yaml 6bbc3b5 docker-puppet.py: used dedicated hiera entry, not uuid 7bf7996 Remove unused parameter NeutronEnableDHCPAgent 5ca0b91 Mount /usr/share/ceph-ansible into mistral-executor 25901f8 Set mysql connect timeout in the undercloud 242bef1 Add a zaqar-swift-backend environment file 9a69426 Don't configure BIND to listen on localhost b78f3ea Configure http/https on OVN Metadata service to talk to Nova 47f47c1 In process-templates script write output files to provided dir when using base path 3508848 Add a fact checking xinetd service present 25e497d Remove unused bootstrap-config.yaml 99f9e59 Allow to run bootstrap containers in privileged mode. ba81e1f Update standalone role ae3379e Ping default gateways before controllers 6ea85bc Check if openstack-glance-registry is enabled before stopping it. b6b476d Clean up previous osa inventory dir before deployment 8629bf4 Fix openshift new node detection 7373adc Refactor openshift services for composable roles df04ed9 Add simple validation that OpenShift is deployed 57154fd Dropped "recurse" for idempotency 6450d20 Pass NeutronMechanismDrivers parameter to prepare b766e25 Undercloud - Restart keepalived on update 961fdc2 Tag tasks in in common tasks 13aaf52 Remove "when failed" from debug task names bf6efb0 Tag step plays 7719263 Ensure some directories are created with the correct SELinux label 46ed8d8 Conditionally mount the TLS-related certs on the haproxy container e68da67 Remove parameter reference to non-exisingt parameter 247a59d undercloud/stackrc: unset OS_* variables 366cd63 Add networks to IronicConductor role. e0b5290 Stop cap granting to empty pool when telemetry disabled 2b1afc0 Allow a containerized logrotate to access docker edd5b8f Expose IronicImageDownloadSource as a parameter a823be0 Move nova-metadata api to httpd wsgi fd17213 Pacemaker-cinder-volume & pacemaker-cinder-backup log path fix 711f7ef Add host_routes to port_from_pool.j2 5ca1aee Only set ca_bundle for HAProxy if internal TLS enabled & fix mounts dcf0a9a Disable OVN related services in ODL env file 7905fe0 Add CephOSD service to roles/Standalone.yaml 06b66a8 Add ERL args parameter for rabbit and set the busy wait threshold to none 7f2276b Use openshift_cockpit_deployer_image directly 905441b Don't merge /etc/collectd.d 8e127bc Don't fail ironic upgrade if xinetd isn't present 33e4950 Fix syntax for set_fact module. 3a88c87 Fix typo in ansible's module name. f9bb8b6 Enable fluentd health check ebf0db0 Enable ceilometer-agent-compute health check f1ec245 Enable health check for Ironic inspector services 3f121ed Enable Sahara API health check 459b266 Handle missing or bad dmidecode ce0e695 Hook openshift deployment with image prepare 5d015ce Cleanup ControllerStorageNfs role 7fc8398 Persist ceph-ansible fetch_directory using config-download 36054d0 Add template to disable Panko services e175e5a Initial support for Podman in docker-puppet 0be27ee Disable sync_power_state_interval in containerized undercloud 668afdc iscsi: workaround to let podman read /dev/null f7f9053 Create a Timesync service declaration d2f410e undercloud: deploy kernel composable service e0f6f98 Add chrony support to validations e1912cd Move to openshift-ansible 3.10 16405ff Run online data migrations 0e6087d Pass parameters for TLS proxy in front of Octavia-API b7e124b Add scenario010 to check job list 09f1993 switch documentation job to new PTI 7c2d544 python3ification of docker-puppet.py c70d197 Simplify ssh known_hosts entries for non-default port 42c3f18 Make redeploy idempotent 74439ff Fix neutron dhcp log path 0cf4bff Always lowercase role name 24f5a25 Create missing directories before mounting them 9473817 Enable neutron-sriov-agent health check 7351b3c Add reflection of RpcPort to health checks 90234f4 Remove references to logging_group 5c4983f Remove unused config file when start ovs agent 876683f Include ssh known_hosts entries for non-default port 2153786 heat-api fix log path 9729870 Stop hardcoding baremetal API version in stackrc 7456303 heat-api-cfn fix log path 31a8ff2 Enable fluentd on scenario002-multinode-containers eec303d Set OVS local ip through OVS ODL class 04b2356 Do not enable Ram/Disk Filter with filter_scheduler aa1b108 Fix all-nodes.sh for python3 41721e6 Fix incorrect network name "ctrlplane" to "ctlplane" for SNMPd. 1918413 neutron-api: remove /usr/share/neutron mount 0a2a897 Update reno for stable/rocky 81b065a import zuul job settings from project-config 66ae4e9 avoid unnecessary failure to delete a list of empty workflows c03987f Remove the duplicated word 40d59f2 Bind mount the database client settings in sahara_db_sync b4c9766 Remove uneececary conditionals in network-environment jinja ba461c1 Update rsyslog existence check 4a583c8 Define keepalived service in environments/docker.yaml a22ceef Remove deprecated value used to set nova_metadata_ip e066722 Add OctaviaEventStreamerDriver and change default d9fa0ed Remove External network from DVR related configuration 2998c21 Remove NeutronServicePlugins from octavia environment files c677a4b Set the number of RPC workers to 1 for non SRIOV OVN setups 93d87cf Always enable image prepare service for docker clouds 855d1ec Make vlan_transparent in neutron.conf configurable from Undercloud 0afe46b Decoupling number of API and RPC workers for neutron-api 4a3668c Delete FreeIPA enroll script fb28435 Added NovaOVSDBConnection parameter 4504aad Allow performing Ceph update/upgrade separately 20f614b Ceph update and upgrade in config-download era e4d7182 Pass in rndc key to Designate deployment 93075dd Open designate-mdns ports in firewall 1fe1798 Run designate pool update only on bootstrap node 2e93095 Set container images for CNS cf9dac8 Configure rndc to listen on internal_api network e025ebc Enable configuration of Designate's pools.yaml f5ab0e7 fix tox python3 overrides ef895db Add pvremove to the disk clean step c72492c fix spelling misktake ea4e582 Add a 60 seconds timeout to ping_metadata_ip() Diffstat (except docs and test files) ------------------------------------- bootstrap-config.yaml | 25 - ci/environments/multinode-3nodes.yaml | 1 + ci/environments/multinode-containers.yaml | 1 + ci/environments/multinode.yaml | 1 + ci/environments/multinode_major_upgrade.yaml | 1 + ci/environments/ovb-ha.yaml | 1 + .../scenario000-multinode-containers.yaml | 1 + .../scenario001-multinode-containers.yaml | 1 + .../scenario002-multinode-containers.yaml | 3 + .../scenario003-multinode-containers.yaml | 48 ++ .../scenario004-multinode-containers.yaml | 1 + .../scenario006-multinode-containers.yaml | 1 + ci/environments/scenario006-multinode.yaml | 1 + .../scenario007-multinode-containers.yaml | 2 +- .../scenario008-multinode-containers.yaml | 1 + ci/environments/scenario009-multinode.yaml | 2 +- .../scenario010-multinode-containers.yaml | 1 + .../scenario011-multinode-containers.yaml | 1 + common/deploy-steps-tasks.yaml | 112 +++- common/deploy-steps.j2 | 24 + common/services.yaml | 16 - deployed-server/deployed-server-roles-data.yaml | 6 + environments/cavium-liquidio.yaml | 1 + environments/ceph-ansible/ceph-ansible.yaml | 4 + environments/disable-panko.yaml | 10 + environments/docker.yaml | 1 + environments/enable-designate.yaml | 48 ++ environments/hyperconverged-ceph.yaml | 4 +- environments/lifecycle/ffwd-upgrade-converge.yaml | 1 - environments/lifecycle/update-converge.yaml | 1 - environments/lifecycle/upgrade-converge.yaml | 1 - environments/network-environment-v6.j2.yaml | 4 +- environments/network-environment.j2.yaml | 2 +- environments/neutron-ml2-ovn-dvr-ha.yaml | 1 - environments/neutron-ml2-ovn-ha.yaml | 1 - environments/neutron-ml2-ovn-hw-offload.yaml | 1 - environments/neutron-ovs-dvr.yaml | 4 - environments/podman.yaml | 2 + .../neutron-opendaylight-hw-offload.yaml | 2 + .../services-baremetal/neutron-opendaylight.yaml | 2 + .../services-baremetal/neutron-ovn-dvr-ha.yaml | 1 - .../services-baremetal/neutron-ovn-ha.yaml | 1 - .../services-baremetal/neutron-ovn-hw-offload.yaml | 1 - environments/services-baremetal/octavia.yaml | 1 - .../services/neutron-opendaylight-hw-offload.yaml | 2 + environments/services/neutron-opendaylight.yaml | 2 + environments/services/neutron-ovn-dvr-ha.yaml | 2 +- environments/services/neutron-ovn-ha.yaml | 2 +- environments/services/neutron-ovn-hw-offload.yaml | 2 +- environments/services/octavia.yaml | 1 - environments/services/ptp.yaml | 1 + environments/services/zaqar-swift-backend.yaml | 4 + environments/ssl/enable-internal-tls.yaml | 4 + environments/standalone.yaml | 2 + environments/standalone/standalone-overcloud.yaml | 97 +++ environments/standalone/standalone-tripleo.yaml | 105 ++++ environments/stdout-logging.yaml | 1 + environments/undercloud.yaml | 13 +- extraconfig/post_deploy/undercloud_post.sh | 10 +- extraconfig/pre_deploy/undercloud_pre.sh | 8 + extraconfig/pre_deploy/undercloud_pre.yaml | 23 + extraconfig/services/openshift-cns.yaml | 55 +- extraconfig/services/openshift-master.yaml | 648 +++++++++++---------- extraconfig/services/openshift-node.yaml | 145 +++++ extraconfig/services/openshift-worker.yaml | 113 +--- network/config/bond-with-vlans/role.role.j2.yaml | 1 - network/config/multiple-nics/role.role.j2.yaml | 4 +- network/ports/port_from_pool.j2 | 3 + network/scripts/run-os-net-config.sh | 4 +- network/service_net_map.j2.yaml | 2 +- overcloud-resource-registry-puppet.j2.yaml | 12 +- overcloud.j2.yaml | 1 - puppet/extraconfig/tls/freeipa-enroll.yaml | 83 --- puppet/role.role.j2.yaml | 14 +- puppet/services/container-image-prepare.j2.yaml | 7 + puppet/services/designate-api.yaml | 2 - puppet/services/designate-central.yaml | 8 +- puppet/services/designate-mdns.yaml | 11 +- puppet/services/designate-producer.yaml | 2 - puppet/services/designate-sink.yaml | 2 - puppet/services/designate-worker.yaml | 34 +- .../disabled/glance-registry-disabled.yaml | 18 +- puppet/services/haproxy.yaml | 9 +- puppet/services/heat-api-cfn.yaml | 2 +- puppet/services/heat-api.yaml | 2 +- puppet/services/ironic-conductor.yaml | 7 + puppet/services/neutron-api.yaml | 22 +- puppet/services/neutron-base.yaml | 7 + puppet/services/neutron-metadata.yaml | 1 - puppet/services/nova-base.yaml | 30 +- puppet/services/nova-metadata.yaml | 129 ++-- puppet/services/octavia-api.yaml | 52 +- puppet/services/octavia-health-manager.yaml | 9 +- puppet/services/opendaylight-ovs.yaml | 2 +- puppet/services/ovn-metadata.yaml | 17 +- puppet/services/pacemaker/cinder-backup.yaml | 1 + puppet/services/pacemaker/cinder-volume.yaml | 1 + puppet/services/podman.yaml | 74 +++ puppet/services/rabbitmq.yaml | 9 + puppet/services/tripleo-packages.yaml | 2 +- puppet/services/tripleo-ui.yaml | 2 - ...d-vlan_transparent-config-5623f8cffc8b41f0.yaml | 5 + ...n-one-via-undercloud.yaml-8766b43a20a4270f.yaml | 14 + ...i_rpc_workers_neutron_api-eb5820d6bcedb53b.yaml | 6 + .../notes/docker-bip-9a334c8f31a59b96.yaml | 2 +- ...-keepalived-needs-restart-6d7efbb9788e0f95.yaml | 7 + ...ort-from-pool-host-routes-7fcc4d00cb11603d.yaml | 8 + .../notes/nova_metadata_wsgi-bfb240bc84194d05.yaml | 7 + ...t_streamer_driver-default-e5152c28713e7707.yaml | 8 + ...ateway-before-controllers-e029e81961dbaee8.yaml | 6 + .../notes/rabbitmq-erl-args-9029cf4605d63dd9.yaml | 8 + .../remove-logging-groups-b6cee238a235bbc9.yaml | 5 + ...stackrc-baremetal-version-309809c01105095f.yaml | 7 + .../notes/tag-common-tasks-4a78275787655fdd.yaml | 6 + .../notes/tag-step-plays-b1b1ea7584f1665d.yaml | 5 + ...ubnet-attrs-ctlplane-cidr-a02e14a251733726.yaml | 2 +- ...rs-ctlplane-default-route-625ef5e414a65f2e.yaml | 2 +- ...e-subnet-attrs-dnsservers-f751ec1125a9f787.yaml | 2 +- ...ubnet-attrs-ec2metadataip-aa28f3c030f13c9c.yaml | 2 +- releasenotes/source/index.rst | 1 + releasenotes/source/rocky.rst | 6 + roles/BlockStorage.yaml | 4 +- roles/CephAll.yaml | 4 +- roles/CephFile.yaml | 4 +- roles/CephObject.yaml | 4 +- roles/CephStorage.yaml | 4 +- roles/Compute.yaml | 4 +- roles/ComputeAlt.yaml | 3 +- roles/ComputeDVR.yaml | 5 +- roles/ComputeHCI.yaml | 4 +- roles/ComputeInstanceHA.yaml | 4 +- roles/ComputeLiquidio.yaml | 4 +- roles/ComputeOvsDpdk.yaml | 4 +- roles/ComputeOvsDpdkRT.yaml | 4 +- roles/ComputePPC64LE.yaml | 4 +- roles/ComputeRealTime.yaml | 4 +- roles/ComputeSriov.yaml | 4 +- roles/ComputeSriovRT.yaml | 4 +- roles/Controller.yaml | 5 +- roles/ControllerAllNovaStandalone.yaml | 3 +- roles/ControllerNoCeph.yaml | 5 +- roles/ControllerNovaStandalone.yaml | 3 +- roles/ControllerOpenstack.yaml | 3 +- roles/ControllerStorageNfs.yaml | 12 +- roles/Database.yaml | 3 +- roles/HciCephAll.yaml | 4 +- roles/HciCephFile.yaml | 4 +- roles/HciCephMon.yaml | 4 +- roles/HciCephObject.yaml | 4 +- roles/IronicConductor.yaml | 5 +- roles/Messaging.yaml | 3 +- roles/Networker.yaml | 3 +- roles/Novacontrol.yaml | 3 +- roles/ObjectStorage.yaml | 3 +- roles/OpenShiftAllInOne.yaml | 33 ++ roles/OpenShiftInfra.yaml | 25 + roles/OpenShiftMaster.yaml | 8 +- roles/OpenShiftWorker.yaml | 5 +- roles/README.rst | 3 +- roles/Standalone.yaml | 12 +- roles/Telemetry.yaml | 3 +- roles/Undercloud.yaml | 4 +- roles_data.yaml | 20 +- roles_data_undercloud.yaml | 4 +- sample-env-generator/enable-services.yaml | 48 ++ sample-env-generator/ssl.yaml | 5 + sample-env-generator/standalone.yaml | 254 ++++++++ tools/process-templates.py | 6 +- tools/yaml-validate.py | 2 +- tox.ini | 7 + validation-scripts/all-nodes.sh | 16 +- zuul.d/layout.yaml | 19 +- 296 files changed, 3168 insertions(+), 1148 deletions(-)