[release-announce] tripleo-heat-templates 10.1.0 (stein)

We are gleeful to announce the release of:

tripleo-heat-templates 10.1.0: Heat templates for deploying OpenStack with OpenStack.

This release is part of the stein release series.

The source is available from:

http://git.openstack.org/cgit/openstack/tripleo-heat-templates

Download the package from:

https://tarballs.openstack.org/tripleo-heat-templates/

Please report issues through launchpad:

https://bugs.launchpad.net/tripleo

For more details, please see below.

10.1.0 ^^^^^^

New Features ************

* Add support for ODL deployment on IPv6 networks.

* Adds posibilities to set 'neutron::agents::ml2::ovs::tunnel_csum' via NeutronOVSTunnelCsum in heat template. This param set or un-set the tunnel header checksum on outgoing IP packet carrying GRE/VXLAN tunnel in ovs agent.

* Add nova file_backed_memory and memory_backing_dir support for qemu.conf

The libvirt driver now allows utilizing file backed memory for qemu/KVM virtual machines, via a new configuration attribute "[libvirt]/file_backed_memory", defaulting to 0 (disabled).

"[libvirt]/file_backed_memory" specifies the available capacity in MiB for file backed memory, at the directory configured for "memory_backing_dir" in libvirt's "qemu.conf". When enabled, the libvirt driver will report the configured value for the total memory capacity of the node, and will report used memory as the sum of all configured guest memory.

Running Nova with file_backed_memory requires libvirt version 4.0.0 and qemu version 2.6.0

* Add provision to set java options like heap size configurations in ODL.

* Add support for libvirt volume_use_multipath the ability to use multipath connection of the iSCSI or FC volume. Volumes can be connected in the LibVirt as multipath devices. Adds new parameter "NovaLibvirtVolumeUseMultipath".

Upgrade Notes *************

* The Dell EMC SC configuration option excluded_domain_ip has been deprecated and will be removed in a future release. Deployments should now migrate to the option excluded_domain_ips for equivalent functionality.

* The online part of the service upgrades (online data migrations) is now run using:

openstack overcloud external-upgrade run --tags online_upgrade

or per-service like:

openstack overcloud external-upgrade run --tags online_upgrade_nova openstack overcloud external-upgrade run --tags online_upgrade_cinder openstack overcloud external-upgrade run --tags online_upgrade_ironic

Consult the upgrade documentation regarding the full upgrade workflow.

* The environment file puppet-pacemaker.yaml has been removed, make sure that you no longer reference it. The docker-ha.yaml file should have already been used in place of puppet-pacemaker.yaml during upgrade from Ocata to Pike. The environment file puppet-pacemaker- no-restart.yaml has been removed too, it was only used in conjunction with puppet-pacemaker.yaml.

* The environment file deployed-server-pacemaker-environment.yaml has been removed, make sure that you no longer reference it. Its current contents result in no tangible difference from the default resource registry state, so removing the file should not change the overcloud.

* Remove zaqar wbesocket service when upgrading from non- containerized environment.

Deprecation Notes *****************

* All references to the logging_source output in the services templates have been removed, since it's been unused for a couple of releases now.

Bug Fixes *********

* Fixed an issue where if Octavia API or Glance API were deployed away from the controller node with internal TLS, the service principals wouldn't be created.

* Nova Scheduler added worker support in Rocky. Added *NovaSchedulerWorkers* to allow it to be configurable.

* Make sure all Swift services are disabled after upgrading to a containerized undercloud.

* Fixes openDaylight karaf file log rotation by changing karaf log rollover parameters in PAX logging configuration. Reference https://git.opendaylight.org/gerrit/#/c/75480/ for more details.

Also, moves openDaylight karaf log file location to /var/log/containers/opendaylight/karaf/logs/karaf.log. Reference https://review.openstack.org/#/c/603907/ for more details.

* With OOO we configure a separate DB for placement for the undercloud and overcloud since the beginning. But the placement_database config options were reverted with https://review.openstack.org/#/c/442762/1 , which means so far even if the config option was set, it was not used. With rocky the options were introduced again which is not a problem on a fresh installed env, but on upgrades from queens to rocky. We should use the same DB for both fresh deployments on and upgrades to rocky before we switch to the new DB as part of the extraction of placement.

* SELinux can be configured on the Standalone deployment by setting SELinuxMode.

Changes in tripleo-heat-templates 10.0.0..10.1.0 ------------------------------------------------

5bcfb71 Skip hosts group in ceph-ansible inventory when all are blacklisted 6241838 Fix typo in standalone-tripleo environment 60f6300 ceilometer: --skip-metering-database is gone f7a359c Merge new params - nic-config templates 64f30b5 Delete novajoin manual setup from freeipa setup script 4ad9922 Fix cinder_api_apache error during upgrade. 983920e Support for libvirt volume multipath 24aab1d Switch OpenShiftGlusterDisks to a single disk d2a27c6 Change Swift storage directory to /srv/node/d1 9a1effd Add tempest workspace volume for tempest 623dd49 Fix haproxy tls mapping under pacemaker 0c5ba2f Add OS::TripleO::Services::ContainerImagePrepare to ControllerOpenStack 9235e30 Fix IHA with the new region_name key b56ae57 Remove non-container zaqar-server on upgrade 3cbaadd Revert "Convert *tasks from bootstrap_nodeid to short_bootstrap_node_name" f6a6fb4 Apply variable to task not the block fc30066 Add stack output ansible_group_vars 4ca6c5c Correct a minor typo in the doc that could lead to some issues 9174cf8 Disable non-containerized Swift services 4001c1a Swift doesn't use standard logging. 7451fc4 Allow standalone to manage selinux ab1fb06 Run update jobs for fuller set of services f5ba55b Remove artificial constrains around notification drivers 1c56834 Use single replica for standalone AIO deployments 0013a75 Revert "iscsi: workaround to let podman read /dev/null" 47f93e1 Disable Swift auditors/replicators on undercloud 8fe38fb Standardize path to prepare log file 66f9c30 Add metadata_settings to Octavia and Glance APIs 4f2677f Do not wipe disks on OpenShift gluster nodes cbac4c4 Set openshift_docker_insecure_registries a17b245 Do not modify imagestreams 26c108b Let openshift-ansible configure the firewall e2f7392 Use Timesync service instead of Ntp a9f3874 Add OS::TripleO::Services::Rhsm to OpenShift roles 633379f Ensure the needed openshift resources are set 52c1641 Convert *tasks from bootstrap_nodeid to short_bootstrap_node_name b278f6c Remove unused tls-cert-inject.yaml template 3ecbf82 Rename no-tls environment 3f5ed99 Improve support for deploying ceph on standalone system c8c45be import_role takes name as a parameter, not role. 0244ae0 Add sample designate environment for ha d6a5c04 Update no-tls environment in ssl/ directory 2040d4f Recreate cinder LVM loopback device on startup 429bc3c Use different base virtual_router_id on openshift 73c3cd4 Fix update tasks for openshift a4b31b2 Use openshift-ansible container instead of RPMs 39df80b Use glusterfs for registry when deploying with CNS 81ca843 Deploy openshift all in one in scenario009 7a43865 Remove obsolete code for handling Pacemakerized resource restarts f290a92 Use nova_api DB for [placement_database] -> connection d556fd6 Do not reference ansible_hostname if it is undefined 245da47 Add SELinux configurations for a proper Standalone deploy 88b7347 Add nova-scheduler worker support 5c8617b Set octavia log directory permissions to octavia user a795583 Honor --skip-deploy-identifier in common deploy tasks 0ec9a3d Remove deprecated Ram/Disk filters in NovaSchedulerDefaultFilters a800ee0 Implements: liquidio-containerization 973395d Exposing NeutronDhcpOvsIntegrationBridge cb3c72f Remove references to logging_source e81878b Run online migrations via "external-upgrade run" 46246e8 Add heat param for openshift prerequisites playbook 2b2e5a8 Load openvswitch module from the host c80ca5e Load dm-multipath module from the host. 694b8d3 Load ip_vs module from the host 9aab4de Load iscsi_tcp module from the host. 865e8b5 Add provision to specify java arguments to ODL c2139a7 Fix TLS when using a containerized undercloud 977de98 Ensure ceph-ansible source directory is present 7d35d24 Remove 3node from CI 53b2cc0 Add config option for ODL IPv6 deployment f4b4a33 Use valid_interfaces instead of os_interface for placement bcd6cde Introduce proper steps to external update/upgrade tasks c67c345 Consolidate openshift-ansible global variables d90bb11 Make glusterfs the default sc when deploying with CNS bd5dddb Introduce OpenShiftGlusterNodeVars heat param a04ceaa Fix inventory files for newer openshift-ansible 580fb66 Tag container image prepare tasks to allow running them for updates/upgrades 538c894 Name unnamed tasks b76a36e check mode: paunch configs 29f05e1 check mode: docker_puppet_tasks a6f9821 check mode: docker_puppet bd2b7a1 Revert "Allow a containerized logrotate to access docker" b9aa60b Collectd documentation refactor 6d0f16d check mode: puppet host d3a56e4 Add posibilities to set tunnel_csum in ovs agent 654961a Add nova file_backed_memory and memory_backing_dir support for qemu.conf d520016 Change log directory for OpenDaylight bf98351 Dell EMC Sc: Add support for excluded_domain_ips b2bcc10 Configure haproxy for openshift infra 00652b6 Fix error in Tenant network routes definition 2b78110 Pass image import conf file to command which runs glance server 6deb54c Fix list concatenation of routes in bond-with-vlan 7b71a4c ceilometer: Use new archive policies a33d42a scenario010: enable Ceph RBD e44d9de Enable health check for OVN containers e56b898 ironic: enable noop management interface by default f9baf54 Add tripleo-heat-templates dir to Mistral volumes 1e723b7 Set virt queue size as 1024 for all OVS-DPDK roles 911da8c Add role definition for ComputeOvsDpdkSriov role c9e2d39 This file intorduces OVN as a controller. I've cloned the neutron-sfc.yaml file and added to the parameter_defaults NeutronSfcDriver:'ovn' There could be other param defaults needs to be added and i'm not aware of.

Diffstat (except docs and test files) -------------------------------------

README.rst | 4 +- ci/environments/multinode-3nodes-registry.yaml | 3 - ci/environments/multinode-containers.yaml | 3 - ci/environments/multinode.yaml | 77 ---- ci/environments/multinode_major_upgrade.yaml | 70 --- .../scenario000-multinode-containers.yaml | 3 - .../scenario001-multinode-containers.yaml | 18 +- .../scenario002-multinode-containers.yaml | 18 +- .../scenario003-multinode-containers.yaml | 3 - .../scenario004-multinode-containers.yaml | 3 - .../scenario008-multinode-containers.yaml | 3 - ci/environments/scenario009-multinode.yaml | 27 +- .../scenario010-multinode-containers.yaml | 50 ++- .../scenario011-multinode-containers.yaml | 3 - ci/scripts/freeipa_setup.sh | 15 - common/deploy-steps-tasks.yaml | 212 ++++++++- common/deploy-steps.j2 | 11 +- common/services.yaml | 46 +- .../services/logging/files/opendaylight-api.yaml | 6 +- environments/cavium-liquidio.yaml | 6 +- environments/cinder-dellsc-config.yaml | 2 +- environments/collectd-environment.yaml | 94 +++- .../deployed-server-pacemaker-environment.yaml | 4 - environments/enable-designate-ha.yaml | 137 ++++++ environments/metrics-collectd-qdr.yaml | 4 +- environments/network-isolation-v6.j2.yaml | 2 + environments/neutron-ml2-ovn-hw-offload.yaml | 2 +- environments/neutron-ovs-dpdk.yaml | 2 +- environments/neutron-sriov.yaml | 2 +- environments/no-tls-endpoints-public-ip.yaml | 3 + environments/nonha-arch.yaml | 5 - environments/openshift-cns.yaml | 5 - environments/openshift.yaml | 5 +- environments/ovs-hw-offload.yaml | 2 +- environments/puppet-pacemaker-no-restart.yaml | 3 - environments/puppet-pacemaker.yaml | 21 - .../neutron-opendaylight-dpdk.yaml | 4 +- .../neutron-opendaylight-hw-offload.yaml | 2 +- .../neutron-opendaylight-sriov.yaml | 2 +- .../services-baremetal/neutron-ovs-dpdk.yaml | 2 +- .../services-baremetal/neutron-ovs-hw-offload.yaml | 2 +- environments/services-baremetal/neutron-sriov.yaml | 2 +- .../services/neutron-opendaylight-dpdk.yaml | 4 +- .../services/neutron-opendaylight-hw-offload.yaml | 2 +- .../services/neutron-opendaylight-sriov.yaml | 2 +- environments/services/neutron-ovn-sriov.yaml | 2 +- environments/services/neutron-ovs-dpdk.yaml | 2 +- environments/services/neutron-ovs-hw-offload.yaml | 2 +- environments/services/neutron-sfc-ovn.yaml | 8 + environments/services/neutron-sriov.yaml | 2 +- environments/services/octavia.yaml | 2 +- environments/ssl/no-tls-endpoints-public-ip.yaml | 120 ++++++ environments/ssl/no-tls-endpoints-public.yaml | 120 ------ environments/ssl/tls-endpoints-public-dns.yaml | 3 + environments/ssl/tls-endpoints-public-ip.yaml | 3 + environments/ssl/tls-everywhere-endpoints-dns.yaml | 3 + environments/standalone.yaml | 4 + environments/standalone/standalone-overcloud.yaml | 7 +- environments/standalone/standalone-tripleo.yaml | 7 +- environments/tls-endpoints-public-dns.yaml | 3 + environments/tls-endpoints-public-ip.yaml | 3 + environments/tls-everywhere-endpoints-dns.yaml | 3 + environments/undercloud.yaml | 4 +- extraconfig/services/openshift-cns.yaml | 182 ++++---- extraconfig/services/openshift-infra.yaml | 82 ++++ extraconfig/services/openshift-master.yaml | 108 +++-- extraconfig/services/openshift-node.yaml | 5 +- extraconfig/services/openshift-worker.yaml | 12 +- extraconfig/services/rhsm.yaml | 5 +- .../tasks/instanceha/check-run-nova-compute | 10 +- extraconfig/tasks/pacemaker_common_functions.sh | 447 ------------------- extraconfig/tasks/pacemaker_maintenance_mode.sh | 19 - extraconfig/tasks/pacemaker_resource_restart.sh | 33 -- extraconfig/tasks/post_puppet_pacemaker.j2.yaml | 43 -- .../tasks/post_puppet_pacemaker_restart.yaml | 29 -- extraconfig/tasks/pre_puppet_pacemaker.yaml | 26 -- network/config/bond-with-vlans/role.role.j2.yaml | 4 +- network/endpoints/endpoint_data.yaml | 13 +- network/endpoints/endpoint_map.yaml | 246 +++++++++++ network/service_net_map.j2.yaml | 1 + network_data_routed.yaml | 2 +- overcloud-resource-registry-puppet.j2.yaml | 1 + overcloud.j2.yaml | 1 - puppet/extraconfig/tls/tls-cert-inject.yaml | 140 ------ puppet/role.role.j2.yaml | 4 - puppet/services/aodh-base.yaml | 2 - puppet/services/barbican-api.yaml | 2 - puppet/services/ceilometer-base.yaml | 4 +- puppet/services/cinder-api.yaml | 2 - puppet/services/cinder-backend-dellsc.yaml | 9 + puppet/services/congress.yaml | 2 - puppet/services/container-image-prepare.j2.yaml | 7 +- puppet/services/designate-api.yaml | 1 - puppet/services/designate-base.yaml | 2 - puppet/services/designate-central.yaml | 1 - puppet/services/designate-mdns.yaml | 1 - puppet/services/designate-producer.yaml | 1 - puppet/services/designate-sink.yaml | 1 - puppet/services/designate-worker.yaml | 1 - puppet/services/glance-api.yaml | 10 +- puppet/services/heat-base.yaml | 2 - puppet/services/ironic-conductor.yaml | 2 +- puppet/services/keystone.yaml | 2 - puppet/services/liquidio-compute-config.yaml | 15 +- puppet/services/manila-base.yaml | 2 - puppet/services/mistral-base.yaml | 2 - puppet/services/neutron-base.yaml | 2 - puppet/services/neutron-dhcp.yaml | 9 + puppet/services/neutron-metadata.yaml | 9 +- puppet/services/neutron-ovs-agent.yaml | 7 + puppet/services/nova-api.yaml | 7 +- puppet/services/nova-base.yaml | 8 +- puppet/services/nova-compute.yaml | 29 ++ puppet/services/nova-libvirt.yaml | 23 + puppet/services/nova-metadata.yaml | 7 +- puppet/services/nova-scheduler.yaml | 13 + puppet/services/octavia-api.yaml | 2 + puppet/services/octavia-base.yaml | 2 - puppet/services/opendaylight-api.yaml | 9 +- puppet/services/opendaylight-ovs.yaml | 5 + puppet/services/ovn-metadata.yaml | 1 - puppet/services/sahara-base.yaml | 2 - puppet/services/tacker.yaml | 2 - puppet/services/tripleo-ui.yaml | 1 - ...a-and-glance-tls-internal-5d8e46650b174626.yaml | 6 + ...-scheduler-worker-support-0ab66160b936a0c0.yaml | 4 + ...pport-for-IPv6-deployment-4c5b577cfb38c416.yaml | 4 + .../notes/bug-1794268-0f875aa640b4246e.yaml | 6 + .../notes/dellsc_cinder_a5572898724a11e7.yaml | 5 + ...tainerized-swift-services-4f7edd98203d749b.yaml | 5 + .../fix-odl-karaf-logging-eca10973e57caa3a.yaml | 12 + ...king_dir_support_for_qemu-accfda4919b3d9dd.yaml | 18 + ...nova_api_db_for_placement-eea44dd48c768f04.yaml | 12 + ...igration-external-upgrade-5093de6bd8993b5c.yaml | 16 + ...acemaker-env-file-removed-1e39f85ff7a54be8.yaml | 15 + .../remove-logging-sources-e573f5281798a069.yaml | 5 + ...et_java_opts_from_tripleo-d969b1151ec244a0.yaml | 4 + ...one-selinux-configuration-39a0c7285d8e4c66.yaml | 4 + ...se_multipath-for-libvirt--c8e93a0bb83e0bc8.yaml | 7 + .../notes/zaqar-ws-upgrade-8dda7caea7e6bc1e.yaml | 5 + roles/ComputeOvsDpdk.yaml | 2 + roles/ComputeOvsDpdkRT.yaml | 2 + roles/ComputeOvsDpdkSriov.yaml | 60 +++ roles/ComputeOvsDpdkSriovRT.yaml | 61 +++ roles/ControllerOpenstack.yaml | 1 + roles/OpenShiftAllInOne.yaml | 17 +- roles/OpenShiftInfra.yaml | 7 +- roles/OpenShiftMaster.yaml | 7 +- roles/OpenShiftWorker.yaml | 6 +- roles/Standalone.yaml | 1 + roles/Undercloud.yaml | 1 - roles_data_undercloud.yaml | 1 - sample-env-generator/README.rst | 2 +- sample-env-generator/enable-services.yaml | 109 +++++ sample-env-generator/ssl.yaml | 17 +- sample-env-generator/standalone.yaml | 18 +- tools/merge-new-params-nic-config-script.py | 267 ++++++++++++ tools/yaml-validate.py | 3 +- zuul.d/layout.yaml | 17 +- 265 files changed, 2750 insertions(+), 2064 deletions(-)