We high-spiritedly announce the release of: tripleo-heat-templates 12.5.0: Heat templates for deploying OpenStack with OpenStack. This release is part of the victoria release series. The source is available from: https://opendev.org/openstack/tripleo-heat-templates Download the package from: https://tarballs.openstack.org/tripleo-heat-templates/ Please report issues through: https://bugs.launchpad.net/tripleo/+bugs For more details, please see below. 12.5.0 ^^^^^^ New Features ************ * Add new BarbicanClient tripleo service for configuring DCN/Edge nodes to access a barbican service running in the control plane. The client service is disabled by default, and can be enabled by including the environments/services/barbican-edge.yaml environment file when deploying a DCN/Edge stack. * Added new PublicTLSCAFile parameter, that is used to set the ca cert in clouds.yaml for keystone public endpoint. This defaults to empty string ('') assuming that the certs are already trusted. * Add GlanceImagePrefetcherInterval parameter to run periodic job which fetches the queued images for caching in cache directory, when image cache is enabled. * Add boolean parameter *NovaSchedulerQueryPlacementForAvailabilityZone* that sets *scheduler/query_placement_for_availability_zone* parameter. It allows the scheduler to look up a host aggregate with metadata key of availability zone set to the value provided by incoming request, and request result from placement be limited to that aggregate. Default value for NovaSchedulerQueryPlacementForAvailabilityZone is false. * Adds the "OctaviaLogOffload" setting to enable amphora log offloading. * Added TCP Segmentation Offload (TSO) support for ovs-dpdk. * Added support for VxFlexOS cinder block storage backend driver * A new Heat parameter 'ZaqarWsTimeout' exposes the Puppet variable 'tripleo::haproxy::zaqar_ws_timeout_tunnel'. This allows operators to configure the Mistral API timeout. It currently defaults to four hours. Deprecation Notes ***************** * Usage of the option "NeutronFirewallDriver" which was used to set "firewall_driver" config option in the Neutron server's config is now deprecated. Firewall driver should be set per agent in the agent's config. It can be done using "NeutronOVSFirewallDriver" option. Option in the Neutron server was in there just for backward compatybility reasons but since Newton release all Neutron agents are reporting to the server what firewall driver is used so there is no need to keep this legacy, server side option anymore. * Paunch was deprecated in Ussuri and is now being retired, to be fully replaced by the new tripleo-ansible role, tripleo_container_manage. * Support for Neutron FUJITSU plugin has been removed. * Resource OS::TripleO::Services::CinderBackendScaleIO is no longer supported. Use the new resource OS::TripleO::Services::CinderBackendDellEMCVxFlexOS. * NeutronSriovNumVFs parameter to configure the VFs for SR-IOV is removed. Instead, use the network interface types sriov_pf in the nic configs to configure the VFs for SR-IOV devices. Bug Fixes ********* * Ensure the barbican Key Manager settings are configured on DCN/Edge nodes when the barbican service is deployed in the control plane. See bug 1886070 (https://bugs.launchpad.net/tripleo/+bug/1886070). Other Notes *********** * Ensure we're using only /run location, since /var/run is a symlink to /run * The ValidateNtp has been removed from the all nodes validation configuration. During the time sync configuration we already do a check to ensure the ntp servers are available. If they are not we will fail with an appropriate message. The ValidateNtp option came from a time before we could fail in a more explicit way. Changes in tripleo-heat-templates 12.3.0..12.5.0 ------------------------------------------------ 27ec857cf Use a single task for fact gathering 586416703 Remove /var/lib/config-data context task 98d2271d1 Drop the relabel flag for bind-mount b29099559 Replace deprecated ironoc::inspector parameters in puppet-ironic 233710ad5 Bind mount /var/lib/container-config-scripts inside the restart bundles 4395e4a3c Add become: true to the container json file modules 107b9c4c9 Relax facts gathering plays on the overcloud 029722ef1 Use tripleo linear when not using tripleo free af30d7d29 deploy-steps-playbooks-common: fix logic for scale_ignore_unreachable 4354d8ed0 FFU support for ceph_nfs 1cbb95e09 Allow disabling the ovn provider in scen013 120cb95e2 Add scenario013: Octavia standalone without Ceph c587d74ae Generate container startup configs with a new module a5f974075 Switch deploy steps to tripleo_free d573f4e87 Simplify host entries generation 881565960 Remove duplicated hieradata bd4b57c26 Remove /run from some services 8e3c4f572 Revert "Prevent nftables to interfere with tripleo firewall" 5080e45fd Add BarbicanClient service for configuring edge sites 0e8a7ba20 Prevent ovn dbs related facts to run on each step. e75d05263 Prevent skip package fact to run on all steps. df8003384 Allow more tasks to be run in check mode 938166b93 Don't set RABBITMQ_SERVER_ERL_ARGS 53900ae3a Fix bind mount volumes for novajoin containers 1192ea168 Task should fail on any failure e047d8314 Ensure we use only /run instead of /var/run 1f9942fd7 Always clear cached facts first 4e39acd14 Fix privilege escalation 89840a543 Add TSO configuration for OVS DPDK datapath. c9cd67124 Add filestore to bluestore migration tags c67c53a8d undercloud/heat: set YAQL memory quota to 200000 f82af5595 Collapse deploy steps 230481674 Move sidecar kill scripts to host prep 88446a6d8 Cleanup all container startup configs before generating the new ones bff0c6cfa Fix default BlockStorageCinderVolume template be280e39c Stop to use the __future__ module. 9cf9a5a8a Check for correct column name for execution show 70eacd3da Convert roles section into tasks-include_role in deploy-steps.j2. a5b5230ec Use neutron::db::database_connection 777920dfb Exclude /etc/hostname 2acb0d376 Add new parameter PublicTLSCACert 336425636 Use native YAML syntax in mount tasks 1a48fa61f Sync httpd conf.modules.d configs d37579fd7 Fix Error: invalid arguments you must use just one container 3ef8f6008 Collapse host prep tasks 554844d32 Log neutron.cmd.destroy_patch_ports in to log file d58efb58e Increase the default UpgradeLeappRebootTimeout to 60 mins 832f71096 Fix regexes in yaml-validate.py with python 3.8 a38995a50 Adding amphora architecture to heat templates 4152e78fc Disable Designate service for scenario 03 648cde501 Update octavia playbooks parameters 15dfacb65 Disable presettled metrics 22df3dbcb Move nova online migrations to nova-conductor 620112173 Improve documentations for NovaLibvirtFileBackedMemory 03285912f Disable Sahara in scenario003-standalone 13326b564 Only enable leapp tasks when distribution is correct 0e99ceda4 Add composible service for tls enrollment 11f84b630 Use unittest.mock instead of mock 4b8059c2b Adding env file for octavia with kvm e408b86d8 Increase zaqar max_messages_post_size to 2097152 cfc6dac88 Fix dry-run for NetworkConfig tasks 54a1d4153 Add project template for IPA multinode 95563da90 Ironic create_swift_temp_url_key use internal edpoint a13b7f07f Add resource claim in the environment example 96e26ef81 Elevated privs are required to access files in home directory 1fdfe54cc Allow triggering ceph-ansible filestore-to-bluestore with ceph_fstobs tag b7fbb7b83 Check transfer data flag to skip pacemaker normal upgrade. 524d2d9e7 Remove unused code and environment file of sriov deployment e51920623 Consider user configuration during the derivation of passthrough whitelist ba3ff972a Remove useless hieradata for octavia tls_proxy 4f198c32c Remove some deprecated services 5843a7667 Fix reserved name variable ed2df1a05 Remove ValidateNtp 3a00c029f Deprecate EnablePaunch and remove Paunch support 396b26fe9 Allow overriding InterfaceDefaultRoute with ips_from_pool template 8086310fc Revert "Only enable leapp tasks when distribution is correct" 7bf8d7720 Ensure net.ipv6.conf.lo.disable_ipv6=0 cf5382daf Use empty string for overcloud InternalTLSCAFile param 5e4f319ed Deprecating Old ScaleIO Volume Config ffd31df7d Add reserved ports for some services 93f07d36c Update minion rabbit credentials d3207d8a6 Expose the zaqar_ws_timeout_tunnel variable. 69fe39c8e Update scn003 to exercise ExtraFirewallrules capabilities 57652b8ef Support for Dell EMC VXFlexOS Backend 3c8f4a5af MaxFailPercentage: default to 0 910d54b60 test-requirements: remove python 2.7 dependency for sphinx dbf0e083b Fix syntax error f186f8e45 Add the ability to offload amphora logs 7f2ee8566 Set default InternalTLSCAFile in enable-tls.yaml 3acb698c7 Silence huge human-unreadable logs d56161c5f Make IronicConductorGroup role_specific 1121735b0 Update master for stable/ussuri 0bc1383a6 Force container deletion if namespace does not exist in service_kill e3331ea72 Fix sending SIGTERM to the sidecar containers 1666f1ec3 enable dpdk plugin on neutron ovn and ovs 7c46fd014 Add non-string value support for CephAnsibleEnvironmentVariables a0cbe7672 collectd: add support for mcelog service 4290e8b15 Move chcon for /var/lib/config-data 245fc4403 Modify tls-e service to not install packages by default 2d7bad73a rhsm: add rhsm_release in environment for doc purpose 41addbbf2 Split ansible_limit with a colon. 09742b7ab Fix typo in the description of the Neutron related options 1ed331a45 Add additional files to ipa standalone test ff1361b2b Only enable leapp tasks when distribution is correct ffab078d9 Remove unnecessary check after removing libvirt rpm dependencies a9ab36989 Include tripleo_ceph_workdir role on rgw variables override 2f3888074 Use /32 or /128 netmask for VIPs d76241710 Add an option to adjust help URL in horizon 13b06b524 Enable glance cache prefetcher interval 161071f2d Include copy-image for GlanceEnabledImportMethods for dcn-hci d9bae4c55 Deprecate old NeutronFirewallDriver option fe4253102 Make user value for GlanceImageImportPlugin prevail on logic f14007220 Fix node scaling a6fa60272 Change the :Z mount flag to :z 5b2daa499 Correctly match openvswitch package a833432b1 Update loop_vars de4dc46ea Configure valid_exit_code for startup containers 8d968a213 Add new parameter NovaSchedulerQueryPlacementForAvailabilityZone 18274de03 Remove Ceph{Admin,Mon,Mds}Key parameters 8213618f3 Remove support for Neutron FUJITSU plugin 996b1888d Enable adding packages into Leapp's to_remove/to_install files. 8dbaed0c3 Unify metrics_qdr name to underscore Diffstat (except docs and test files) ------------------------------------- README.rst | 152 +++--- all-nodes-validation.yaml | 6 - ci/common/all-nodes-validation-disabled.yaml | 6 - ci/environments/octavia-kvm.yaml | 7 + ci/environments/scenario000-standalone.yaml | 4 +- .../scenario001-multinode-containers.yaml | 6 +- ci/environments/scenario001-standalone.yaml | 8 +- ci/environments/scenario003-standalone.yaml | 30 +- ci/environments/scenario004-standalone.yaml | 7 +- .../scenario010-multinode-containers.yaml | 2 - ci/environments/scenario010-standalone.yaml | 6 +- ci/environments/scenario013-standalone.yaml | 39 ++ common/container-puppet.py | 576 --------------------- common/container-puppet.sh | 21 +- common/container_startup_configs_tasks.yaml | 19 - common/deploy-steps-playbooks-common.yaml | 56 +- common/deploy-steps-tasks-step-0.j2.yaml | 15 +- common/deploy-steps-tasks-step-1.yaml | 48 +- common/deploy-steps-tasks.yaml | 51 +- common/deploy-steps.j2 | 182 +++---- common/generate-config-tasks.yaml | 48 +- common/hiera-steps-tasks.yaml | 1 + common/host-container-puppet-tasks.yaml | 41 -- .../nova_statedir_ownership.py | 1 - .../placement_wait_for_service.py | 2 - deployed-server/scripts/enable-ssh-admin.sh | 4 +- deployment/README.rst | 8 +- deployment/aodh/aodh-api-container-puppet.yaml | 7 + .../barbican/barbican-api-container-puppet.yaml | 7 + deployment/barbican/barbican-client-puppet.yaml | 60 +++ .../ceilometer-agent-compute-container-puppet.yaml | 2 +- deployment/ceph-ansible/ceph-base.yaml | 16 +- deployment/ceph-ansible/ceph-client.yaml | 5 +- deployment/ceph-ansible/ceph-external.yaml | 5 +- deployment/ceph-ansible/ceph-grafana.yaml | 5 +- deployment/ceph-ansible/ceph-mds.yaml | 12 +- deployment/ceph-ansible/ceph-mgr.yaml | 5 +- deployment/ceph-ansible/ceph-mon.yaml | 22 +- deployment/ceph-ansible/ceph-nfs.yaml | 49 +- deployment/ceph-ansible/ceph-osd.yaml | 5 +- deployment/ceph-ansible/ceph-rbdmirror.yaml | 5 +- deployment/ceph-ansible/ceph-rgw.yaml | 9 +- deployment/cinder/cinder-api-container-puppet.yaml | 7 + .../cinder-backend-dellemc-vxflexos-puppet.yaml | 148 ++++++ .../cinder/cinder-backup-pacemaker-puppet.yaml | 6 +- .../cinder/cinder-common-container-puppet.yaml | 4 + .../cinder/cinder-volume-pacemaker-puppet.yaml | 6 +- deployment/containers-common.yaml | 3 +- deployment/database/mysql-pacemaker-puppet.yaml | 6 +- deployment/database/redis-container-puppet.yaml | 13 +- deployment/database/redis-pacemaker-puppet.yaml | 14 +- .../cinder/cinder-backend-scaleio-puppet.yaml | 25 +- .../openstack-clients-baremetal-puppet.yaml | 55 -- .../docker/docker-baremetal-ansible.yaml | 267 ---------- .../docker/docker-registry-baremetal-ansible.yaml | 74 --- .../neutron/neutron-sriov-host-config.yaml | 92 ---- .../tripleo-firewall-baremetal-puppet.yaml | 179 ------- deployment/glance/glance-api-container-puppet.yaml | 39 +- .../gnocchi/gnocchi-api-container-puppet.yaml | 7 + deployment/haproxy/haproxy-container-puppet.yaml | 34 +- deployment/haproxy/haproxy-pacemaker-puppet.yaml | 22 +- deployment/haproxy/haproxy-public-tls-inject.yaml | 15 +- deployment/heat/heat-api-cfn-container-puppet.yaml | 7 + deployment/heat/heat-api-container-puppet.yaml | 7 + deployment/horizon/horizon-container-puppet.yaml | 13 + deployment/ipa/ipaservices-baremetal-ansible.yaml | 2 +- deployment/ironic/ironic-api-container-puppet.yaml | 7 + .../ironic/ironic-conductor-container-puppet.yaml | 28 +- .../ironic/ironic-inspector-container-puppet.yaml | 30 +- deployment/ironic/ironic-pxe-container-puppet.yaml | 7 + deployment/kernel/kernel-baremetal-ansible.yaml | 4 + deployment/keystone/keystone-container-puppet.yaml | 15 +- deployment/logrotate/tmpwatch-install.yaml | 3 +- deployment/manila/manila-api-container-puppet.yaml | 7 + deployment/manila/manila-share-common.yaml | 2 +- .../manila/manila-share-pacemaker-puppet.yaml | 6 +- deployment/metrics/collectd-container-puppet.yaml | 12 +- deployment/metrics/qdr-container-puppet.yaml | 28 +- .../mistral/mistral-executor-container-puppet.yaml | 2 +- .../neutron/derive_pci_passthrough_whitelist.py | 246 ++++++++- deployment/neutron/kill-script | 27 +- .../neutron/neutron-api-container-puppet.yaml | 10 +- .../neutron/neutron-dhcp-container-puppet.yaml | 65 ++- .../neutron/neutron-l3-container-puppet.yaml | 93 ++-- .../neutron-ovn-dpdk-config-container-puppet.yaml | 6 + .../neutron-ovs-agent-container-puppet.yaml | 21 +- .../neutron-ovs-dpdk-agent-container-puppet.yaml | 6 +- .../neutron/neutron-plugin-ml2-fujitsu-cfab.yaml | 90 ---- .../neutron/neutron-plugin-ml2-fujitsu-fossw.yaml | 94 ---- deployment/neutron/neutron-plugin-ml2.yaml | 17 +- .../neutron-sriov-agent-container-puppet.yaml | 23 +- deployment/nova/nova-api-container-puppet.yaml | 16 +- deployment/nova/nova-compute-container-puppet.yaml | 22 +- .../nova/nova-conductor-container-puppet.yaml | 9 + deployment/nova/nova-libvirt-container-puppet.yaml | 14 +- .../nova/nova-metadata-container-puppet.yaml | 7 + .../nova-migration-target-container-puppet.yaml | 8 +- .../nova/nova-scheduler-container-puppet.yaml | 9 +- deployment/nova/novajoin-container-puppet.yaml | 4 +- .../octavia/octavia-api-container-puppet.yaml | 19 +- .../octavia/octavia-deployment-config.j2.yaml | 29 +- .../octavia-health-manager-container-puppet.yaml | 84 ++- .../openvswitch-dpdk-baremetal-ansible.yaml | 11 + deployment/ovn/ovn-dbs-pacemaker-puppet.yaml | 22 +- deployment/ovn/ovn-metadata-container-puppet.yaml | 49 +- .../pacemaker/clustercheck-container-puppet.yaml | 2 +- .../pacemaker/pacemaker-baremetal-puppet.yaml | 32 +- .../placement/placement-api-container-puppet.yaml | 11 + deployment/podman/podman-baremetal-ansible.yaml | 12 +- deployment/rabbitmq/rabbitmq-container-puppet.yaml | 5 +- ...rabbitmq-messaging-notify-container-puppet.yaml | 2 +- ...rabbitmq-messaging-notify-pacemaker-puppet.yaml | 6 +- .../rabbitmq-messaging-pacemaker-puppet.yaml | 6 +- .../rabbitmq-messaging-rpc-container-puppet.yaml | 2 +- .../rabbitmq-messaging-rpc-pacemaker-puppet.yaml | 6 +- deployment/swift/swift-proxy-container-puppet.yaml | 8 +- .../swift/swift-storage-container-puppet.yaml | 2 +- deployment/tls/undercloud-tls.yaml | 99 ++++ .../tripleo-firewall-baremetal-ansible.yaml | 35 +- .../tripleo-packages-baremetal-puppet.yaml | 65 ++- deployment/undercloud/minion-rabbitmq-puppet.yaml | 25 +- deployment/undercloud/undercloud-upgrade.yaml | 2 +- deployment/zaqar/zaqar-container-puppet.yaml | 9 +- environments/cinder-dellemc-vxflexos-config.yaml | 35 ++ environments/cinder-scaleio-config.yaml | 4 + environments/config-debug.yaml | 2 +- environments/dcn-hci.yaml | 10 +- environments/dcn.yaml | 8 - environments/disable-paunch.yaml | 4 +- environments/docker-ha.yaml | 1 - environments/docker-uc-light.yaml | 32 -- environments/docker.yaml | 9 - environments/enable-stf.yaml | 2 +- environments/lifecycle/upgrade-prepare.yaml | 2 + environments/metrics/collectd-write-qdr.yaml | 2 +- environments/neutron-ml2-fujitsu-cfab.yaml | 21 - environments/neutron-ml2-fujitsu-fossw.yaml | 22 - environments/public-tls-undercloud.yaml | 1 + environments/rhsm.yaml | 2 + environments/services-baremetal/neutron-sriov.yaml | 1 - environments/services/barbican-edge.yaml | 4 + environments/services/neutron-ovn-sriov.yaml | 1 - environments/services/neutron-sriov.yaml | 1 - environments/services/undercloud-tls.yaml | 4 + environments/ssl/enable-tls.yaml | 4 + environments/storage-environment.yaml | 4 - environments/storage/glance-nfs.yaml | 2 +- environments/undercloud.yaml | 3 +- environments/undercloud/undercloud-minion.yaml | 4 +- firstboot/os-net-config-mappings.yaml | 2 + lower-constraints.txt | 2 - net-config-standalone.j2.yaml | 6 +- net-config-undercloud.j2.yaml | 6 +- network/endpoints/build_endpoint_map.py | 2 - network/ports/port_from_pool.j2 | 27 +- overcloud-resource-registry-puppet.j2.yaml | 9 +- overcloud.j2.yaml | 84 ++- puppet/role.role.j2.yaml | 37 +- ...tronFirewallDriver-option-f4289b404abcc0b3.yaml | 12 + ...d-barbican-client-for-dcn-7182e8bab41fce21.yaml | 13 + ...publictlscafile-parameter-0fd9c19dcd20be0b.yaml | 6 + ...ce_image_cache_prefetcher-288120ffa6ee2a13.yaml | 6 + .../converge-var_run-to-run-20286a74e780e999.yaml | 4 + ...ent_for_availability_zone-ffd415710a9cb903.yaml | 9 + .../octavia-log-offload-d1617e767f688da1.yaml | 4 + .../notes/ovs-dpdk-tso-f96406621ec69bd1.yaml | 4 + .../notes/paunch_retiring-9aab8248a0b2973b.yaml | 5 + .../notes/remove-ValidateNtp-15724eaa8345aa4f.yaml | 8 + ...e-neutron-fujitsu-plugins-6414a5d6962e3260.yaml | 4 + ...leio-deprecate-old-driver-ab28e372280c44e6.yaml | 5 + .../sriov-vf-param-removed-fd6f4519b4eeb05a.yaml | 6 + .../notes/vxflexos-driver-bec8e372280c44e6.yaml | 4 + .../zaqar_ws_timeout_tunnel-d5d1e900dce79b34.yaml | 7 + releasenotes/source/index.rst | 1 + releasenotes/source/ussuri.rst | 6 + requirements.txt | 1 - roles/ComputeHCISriov.yaml | 1 - roles/ComputeOvsDpdkSriov.yaml | 1 - roles/ComputeOvsDpdkSriovRT.yaml | 1 - roles/ComputeSriov.yaml | 1 - roles/ComputeSriovIB.yaml | 1 - roles/ComputeSriovRT.yaml | 1 - roles/Controller.yaml | 3 +- roles/ControllerNoCeph.yaml | 3 +- roles/ControllerNovaStandalone.yaml | 3 +- roles/ControllerSriov.yaml | 2 - roles/ControllerStorageDashboard.yaml | 3 +- roles/ControllerStorageNfs.yaml | 3 +- roles/DistributedCompute.yaml | 1 + roles/DistributedComputeHCI.yaml | 1 + roles/DistributedComputeHCIScaleOut.yaml | 1 + roles/DistributedComputeScaleOut.yaml | 1 + roles/Networker.yaml | 2 - roles/NetworkerSriov.yaml | 2 - roles/Standalone.yaml | 3 +- roles/Undercloud.yaml | 1 + roles_data.yaml | 3 +- roles_data_undercloud.yaml | 1 + sample-env-generator/dcn.yaml | 8 +- sample-env-generator/ssl.yaml | 4 + sample-env-generator/undercloud-minion.yaml | 4 +- test-requirements.txt | 4 +- tools/yaml-validate.py | 4 +- validation-scripts/all-nodes.sh | 40 -- zuul.d/layout.yaml | 8 +- 207 files changed, 2006 insertions(+), 2661 deletions(-) Requirements updates -------------------- diff --git a/requirements.txt b/requirements.txt index 2527f95bc..bda47437c 100644 --- a/requirements.txt +++ b/requirements.txt @@ -9 +8,0 @@ tripleo-common>=7.1.0 # Apache-2.0 -paunch>=4.2.0 # Apache-2.0 diff --git a/test-requirements.txt b/test-requirements.txt index 2162496ad..31a7e4d0b 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -9,2 +9 @@ six>=1.10.0 # MIT -sphinx>=1.8.0,<2.0.0;python_version=='2.7' # BSD -sphinx>=1.8.0,!=2.1.0;python_version>='3.4' # BSD +sphinx>=1.8.0,!=2.1.0 # BSD @@ -18 +16,0 @@ testtools>=2.2.0 # MIT -mock>=2.0.0 # BSD