We are glad to announce the release of: tripleo-heat-templates 12.4.6: Heat templates for deploying OpenStack with OpenStack. This release is part of the ussuri stable release series. The source is available from: https://opendev.org/openstack/tripleo-heat-templates Download the package from: https://tarballs.openstack.org/tripleo-heat-templates/ Please report issues through: https://bugs.launchpad.net/tripleo/+bugs For more details, please see below. 12.4.6 ^^^^^^ New Features ************ * Added new heat role specific parameter option 'DdpPackage' to select the required DDP Package. * Added new heat role specific param OVNAvailabilityZone to set availability-zones for ovn. This param replace seting availability- zones throught OVNCMSOptions * Added OVN DBs clustering support. In this service model, a clustered database runs across multiple hosts in multi-active mode. * To help operators protect their workload, they can now enable the KernelArgsDeferReboot role parameter. This will prevent the tripleo- kernel ansible module from automatically rebooting nodes even if KernelArgs were changed unexpectedly. * Add param NeutronAgentDownTime to configure neutron server agent_down_time Seconds to regard the agent as down; should be at least twice report_interval, to be sure the agent is down for good. agent_down_time is a config for neutron-server, set by class neutron::server report_interval is a config for neutron agents, set by class neutron * New config options for Neutron logging service plugin configuration were added. There are options added for L3 Agent: "NeutronL3AgentLoggingRateLimit", "NeutronL3AgentLoggingBurstLimit", "NeutronL3AgentLoggingLocalOutputLogBase", for OVS agent: "NeutronOVSAgentLoggingRateLimit", "NeutronOVSAgentLoggingBurstLimit", "NeutronOVSAgentLoggingLocalOutputLogBase" and for ML2/OVN backend: "NeutronOVNLoggingRateLimit", "NeutronOVNLoggingBurstLimit", "NeutronOVNLoggingLocalOutputLogBase". * With conditional monitoring enabled in OVN, southbound ovsdb-serve takes lot of time in handling the monitoring and sending the updates to all its connected clients. Its takes lot of CPU. With monitor-all option, all ovn-controllers do not enable conditional monitoring there by reducing the load on the Southbound ovsdb-server. * A heat parameter "IronicPowerStateChangeTimeout" has been added which sets the number of seconds to wait for power operations to complete, i.e., so that a baremetal node is in the desired power state. If timed out, the power operation is considered a failure. The default is 60 seconds, which is the same as the current Ironic default. Upgrade Notes ************* * Upgrades from OVN non-HA and OVN DBs pacemaker to OVN DBs clustered are currently not supported. * The default UEFI iPXE bootfile is now *snponly.efi*. The boolean parameter *IronicIPXEUefiSnpOnly* was added to allow custom configuration. When set to *true* snponly is used, when *false* the previous default ipxe.efi is used. See bug: 1959726 (https://bugs.launchpad.net/tripleo/+bug/1959726). Security Issues *************** * The OVN database servers in an OVN DBs clustering and TLS- everywhere deployment will listen on all IP addresses (0.0.0.0). This is a caveat that can only be addressed once RHBZ 1952038 is fixed. Bug Fixes ********* * Rsyslog config for haproxy (https://bugs.launchpad.net/tripleo/+bug/1953672) * The neutron agent report interval was recently changed from the 30s default to 300s. This caused issues whith timeouts when providing baremetal nodes. A new parameter IronicNeutronAgentReportInterval has been added with a default of 30s so that the report interval specifically for the networking baremetal agent is restored. See bug: 1940838 (https://bugs.launchpad.net/tripleo/+bug/1940838). Other Notes *********** * The description of cinder's own __DEFAULT__ volume type is updated to indicate the actual default volume type is the one established by the CinderDefaultVolumeType parameter. Changes in tripleo-heat-templates 12.4.5..12.4.6 ------------------------------------------------ 575e00c1e Required DDP package is not loaded issue 7aefcc7ab Don't bind host's /run in multipathd container 8d4deb693 [Neutron] Add custom env file to set dns_domain_name c6ae51e5c Add IronicNeutronAgentReportInterval parameter f95211e01 Add parameter IronicIPXEUefiSnpOnly 6586120e8 Update dervice_pci script to handle pci address formats b1f4ae95f Check if passthrough user_config is decoded properly from hiera data c01969d79 Fix indentation issue with 2-bonds-vlans config e8ea8b3bf Manage octavia flavor in tripleo-ansible 720b18fd8 Add ping test for all networks gateway IPs 7a54602e4 Use only internal endpoints in Octavia controller services 13ad12e7b Make sure libvirt guests shut down before network d9afc3b34 Disable metrics_qdr binding in HAProxyEdge 0a0d5ba96 Fix killscript regex match for libpod-conmon-* cc81d668b Use public endpoint for [keystone_authtoken] www_authenticate_uri 68cc95c3a Remove ganesha_vip extra config workaround 4fadecc20 Fix IPv6 router on UC re-install d56cb4417 GaneshaNetwork - fallback -> external -> ctlplane 69f283014 Add chrony waitsync back in 80db74593 Exec libvirtd in a transient scope 7c2eea715 Add missing services to ControllerNovaStandalone role a99021ee9 fix InternalApi subnet for ControllerNovaStandalone role d30105a28 [train,ussuri] Set cinder's __DEFAULT__ vol type description 67686a3b1 Keystone: Remove unused container_puppet_tasks 2c4fb647d Wallaby and older: Remove heat-dashboard parameters from local_settings 73dde6f32 Remove tripleo_ovn_mac_port_name port tag d0e0f0275 Missing rsyslog parameters for HAProxy ff7c3a9c9 [Ussuri-Only] Fix hiera condition for cache_backend fe83db068 Revert "Clear up confusion on cinder's default volume type" d0ca4fe9f Clear up confusion on cinder's default volume type 614e8078f Revert "Enforces minimum Ceph client version to Mimic" 394e2ac6d Fix condition to add per subnet routes parameter 4bfdfa3f8 Add param to configure neutron agent_down_time and report_interval 5f3bec954 Default CephDashboardNetwork to storage_dashboard 094fcf96f Fix libvirt/qemu logs location e6de1f082 Enable ovn-monitor-all option to ovn-controller ae93eba46 Remove mariadb-server packages from the host 5bb52590f Add parameter IronicPowerStateChangeTimeout 491105df1 Add OVNAvailabilityZone to improve UX 06fa3edae [victoria/ussuri/train] Tune minion defaults e8ab4078a Added support for Neutron loggings service plugin configuration e616f7d4b Use consistent naming for MysqlInnodbBufferPoolSize 3b986aba9 Use yaml.safe_load to load YAML files f365caa0d Drop archive policy from enable-legacy-telemetry d7bce9cea placement: Adding Debug parameter 54868e43f Option to select the required DDP package 56f153d63 Fix delegate_to to use group rather then undercloud da3017506 Enable Ceph RGW public port into firewall when using SSL b4aa112cc Do not fail if haproxy container UUID changes 193d2311a Remove setting ACLs during Upgrade 6c74f3468 Configure api_base_uri to DesignateEndpoint URI 1c30607c5 Wallaby and before: Fix wrong puppet parameter name 17b3bdce2 Fix ansible var f17f2ee23 Stop rotating rabbitmq crash.log files via erlang's lager 76226ff2a Guarantee that ovn-dbs-pcmk update_tasks are run when the cluster is up ea3d52da1 Install python3-openstackclient after the leapp upgrade 5615fcc64 dpdk_telemetry is not used 8bc061ba9 Fix the CephDashboardNetwork default b2524af68 Example configurable cap add ec592483e NovaLiveMigrationPermitAutoConverge should default to True d4c0435d0 Revert "Disable postcopy for ovn/ovs-dpdk" 750877f25 Environment for switching to using IPs for memcached 3b5628bab Enable keystone_authtoken/memcach_use_advanced_pool for Sahara 3d4063fca OVN DBs clustering 3b9383bfa Configure Ceph to not use separte db/wal LVs 7b219a42d Default ganesha-internal service endpoint to external network 251a1d238 Disable postcopy for ovn/ovs-dpdk d5e73079f Enabling vhost-postcopy-support when live_migration_permit_post_copy dc11095b6 Make memcached port parameters globally available 659352203 nova-compute: Adding failed_when to nova-compute stop task 5324b528b Wire up renamed upgrade periodic template f0a6b950d Remove all docker related tasks from upgrades 4d1634d06 Role parameter for tripleo_kernel_defer_reboot ed5c5457a [stable only] Fix NeutronL3AgentAvailabilityZone parameter 76aa869fa vncproxy: removal of tags and steps change from post_upgrade_tasks ba38ee283 Add THT Jinja2 data sources as stack output e084314d5 Add OVNCMSOptions to Controller and Networker roles 5dbffe900 Add service ordering to cleanup service to avoid conflicts with agent startup Diffstat (except docs and test files) ------------------------------------- ci/environments/neutron_dns_domain.yaml | 2 + .../scenario001-multinode-containers.yaml | 4 - ci/environments/scenario001-standalone.yaml | 4 - ci/environments/scenario004-standalone.yaml | 7 - .../scenario010-multinode-containers.yaml | 4 - ci/environments/scenario010-standalone.yaml | 4 - common/deploy-steps.j2 | 8 +- deployment/aodh/aodh-base.yaml | 2 +- .../barbican/barbican-api-container-puppet.yaml | 4 +- deployment/ceph-ansible/ceph-mon.yaml | 19 - deployment/ceph-ansible/ceph-rgw.yaml | 1 + deployment/cinder/cinder-api-container-puppet.yaml | 16 +- deployment/database/mysql-base.yaml | 2 +- deployment/database/mysql-pacemaker-puppet.yaml | 11 +- deployment/deprecated/sahara/sahara-base.yaml | 8 +- .../designate/designate-api-container-puppet.yaml | 3 +- deployment/glance/glance-api-container-puppet.yaml | 2 +- .../gnocchi/gnocchi-api-container-puppet.yaml | 2 +- deployment/haproxy/haproxy-container-puppet.yaml | 10 + .../haproxy/haproxy-edge-container-puppet.yaml | 1 + deployment/haproxy/haproxy-pacemaker-puppet.yaml | 10 + deployment/haproxy/haproxy-public-tls-inject.yaml | 5 + deployment/heat/heat-base-puppet.yaml | 9 +- deployment/horizon/horizon-container-puppet.yaml | 3 + deployment/ipa/ipaservices-baremetal-ansible.yaml | 2 +- deployment/ironic/ironic-api-container-puppet.yaml | 2 +- .../ironic/ironic-conductor-container-puppet.yaml | 21 +- .../ironic/ironic-inspector-container-puppet.yaml | 2 +- .../ironic-neutron-agent-container-puppet.yaml | 23 +- .../kernel-boot-params-baremetal-ansible.yaml | 16 + deployment/keystone/keystone-container-puppet.yaml | 16 +- deployment/logging/files/nova-libvirt.yaml | 2 +- deployment/manila/manila-api-container-puppet.yaml | 2 +- .../manila/manila-share-container-puppet.yaml | 2 +- .../memcached/memcached-container-puppet.yaml | 20 +- deployment/metrics/collectd-container-puppet.yaml | 10 +- deployment/mistral/mistral-base.yaml | 2 +- .../multipathd/multipathd-container-ansible.yaml | 1 - .../neutron/derive_pci_passthrough_whitelist.py | 503 +++++--- deployment/neutron/kill-script | 2 +- .../neutron/neutron-api-container-puppet.yaml | 11 +- deployment/neutron/neutron-base.yaml | 7 + deployment/neutron/neutron-cleanup.service | 2 +- .../neutron/neutron-dhcp-container-puppet.yaml | 31 - .../neutron/neutron-l3-container-puppet.yaml | 58 +- .../neutron/neutron-metadata-container-puppet.yaml | 31 - .../neutron-ovn-dpdk-config-container-puppet.yaml | 6 - .../neutron-ovs-agent-container-puppet.yaml | 24 + .../neutron-ovs-dpdk-agent-container-puppet.yaml | 3 - deployment/neutron/neutron-plugin-ml2-ovn.yaml | 26 +- deployment/nova/nova-api-container-puppet.yaml | 2 +- deployment/nova/nova-base-puppet.yaml | 7 +- deployment/nova/nova-compute-container-puppet.yaml | 69 +- deployment/nova/nova-libvirt-container-puppet.yaml | 6 +- .../nova/nova-metadata-container-puppet.yaml | 2 +- .../nova/nova-vnc-proxy-container-puppet.yaml | 20 +- deployment/nova/novajoin-container-puppet.yaml | 2 +- .../octavia/octavia-api-container-puppet.yaml | 24 +- deployment/octavia/octavia-base.yaml | 5 + .../octavia/octavia-deployment-config.j2.yaml | 19 + .../openvswitch-dpdk-baremetal-ansible.yaml | 46 + .../ovn/ovn-controller-container-puppet.yaml | 20 +- deployment/ovn/ovn-dbs-cluster-ansible.yaml | 312 +++++ deployment/ovn/ovn-dbs-pacemaker-puppet.yaml | 28 +- .../placement/placement-api-container-puppet.yaml | 11 +- deployment/podman/podman-baremetal-ansible.yaml | 20 - deployment/rabbitmq/rabbitmq-container-puppet.yaml | 2 + deployment/swift/swift-proxy-container-puppet.yaml | 2 +- deployment/timesync/chrony-baremetal-ansible.yaml | 4 +- .../tripleo-packages-baremetal-puppet.yaml | 4 +- deployment/zaqar/zaqar-container-puppet.yaml | 2 +- environments/enable-legacy-telemetry.yaml | 4 +- environments/memcached-use-ips.yaml | 6 + environments/network-environment-v6.j2.yaml | 4 +- environments/network-environment.j2.yaml | 4 +- environments/ssl/enable-memcached-tls.yaml | 3 - environments/undercloud/undercloud-minion.yaml | 28 + .../post_deploy/undercloud_ctlplane_network.py | 73 +- firstboot/userdata_timesync.yaml | 1 + .../config/2-linux-bonds-vlans/role.role.j2.yaml | 30 +- network/network.j2 | 10 + network/networks.j2.yaml | 10 +- network/ports/ovn_mac_addr_port.yaml | 4 - network/service_net_map.j2.yaml | 6 +- overcloud.j2.yaml | 29 + .../notes/DdpPackage-581e67f08908ed51.yaml | 5 + .../OVNAvailabilityZone-bc3d44a7e11d83e5.yaml | 5 + ...d-ovn-dbs-cluster-support-6193cba5be432865.yaml | 14 + ...ter-kernelargsdeferreboot-5b8e8b2f64c64a91.yaml | 7 + .../notes/agent_down_time-d6aebe530ca31b9e.yaml | 8 + ...g-1953672-haproxy-rsyslog-6f8e386f8909a253.yaml | 4 + ...e-volume-type-description-5f81e2ff5ea8184a.yaml | 6 + ...baremetal-report-interval-d08a44a147a1846e.yaml | 10 + ...ging-plugin-support-added-b2e1292d49e087c3.yaml | 12 + .../notes/ovn-monitor-all-2fefb215c6f7166c.yaml | 8 + .../notes/power_state-457f12af30b9e341.yaml | 8 + .../uefi_ipxe_bootfile_name-f2c9cc8971dc1ed8.yaml | 9 + roles/Controller.yaml | 2 + roles/ControllerAllNovaStandalone.yaml | 2 + roles/ControllerNoCeph.yaml | 2 + roles/ControllerNovaStandalone.yaml | 19 +- roles/ControllerOpenstack.yaml | 2 + roles/ControllerSriov.yaml | 2 + roles/ControllerStorageDashboard.yaml | 2 + roles/ControllerStorageNfs.yaml | 2 + roles/Networker.yaml | 2 + roles/NetworkerSriov.yaml | 2 + roles_data.yaml | 2 + sample-env-generator/undercloud-minion.yaml | 19 + tools/render-ansible-tasks.py | 11 +- tools/yaml-validate.py | 26 +- tox.ini | 4 +- zuul.d/layout.yaml | 13 + 114 files changed, 2687 insertions(+), 540 deletions(-)