We are ecstatic to announce the release of: puppet-tripleo 7.0.0: Puppet module for OpenStack TripleO This release is part of the pike release series. Download the package from: https://tarballs.openstack.org/puppet-tripleo/ For more details, please see below. 7.0.0 ^^^^^ New Features ************ * Add support for Bagpipe Neutron driver as backend in BGPVPN scenarios * Add support for BGPVPN Neutron service plugin * Add support for ceilometer polling agent. The central, compute and ipmi agent services should use polling agent with namespace. This has been done in packaging already since few releases now. Let puppet do it correctly as well. * Add keystone::ldap_backend call as resource when is trigged to setup a LDAP backend as keystone domain. This allows per-domain LDAP backends for keystone. * Adds OpenDaylight HA support. Now when ODL is applied to three or more nodes ODL will be deployed as a cluster in HA, rather than the previous behavior of only running on the first node. * Added Pure Storage FlashArray iSCSI and FC backend support for cinder * U * n * l * e * s * s * a * n * o * n * d * e * f * a * u * l * t * v * a * l * u * e * i * s * p * r * o * v * i * d * e * d * , * t * h * e * d * h * c * p * _ * a * g * e * n * t * s * _ * p * e * r * _ * n * e * t * w * o * r * k * n * e * u * t * r * o * n * c * o * n * f * i * g * u * r * a * t * i * o * n * v * a * r * i * a * b * l * e * i * s * s * e * t * t * o * t * h * e * n * u * m * b * e * r * o * f * d * e * p * l * o * y * e * d * n * e * u * t * r * o * n * d * h * c * p * a * g * e * n * t * s * . * Configure ssh tunneling for nova cold-migration. Re-use the tunnel for libvirt live-migration unless TLS is enabled. * Heat APIs (api, cfn and cloudwatch) are now deployed over httpd. * Added a new profile to configure the docker service * The undercloud UI is available in multiple languages, which can now be configured via the manifest. All available languages are enabled by default. * Enabled httpdchk in HAProxy for http based services to reduce situtations where the port may be open but the service is not actively serving http requests. * Add support for l2 gateway Neutron agent support. * Add support for l2 gateway Neutron service plugin. * Include the amqp messaging class when the oslo.messaging rpc protocol is enabled for AMQP 1.0. * Sahara is now deployed with keystone_authtoken parameters and move forward with Keystone v3 version. * Allows granular level of control over the */etc/securetty* file. By allowing operators to specify the values in securetty, they can improve security by limiting root console access. * Added /etc/issue & /etc/issue.net parameters * Added MOTD banner parameters * Added external module saz-ssh to allow management of sshd_config * Add profiles for VPP service. Vector Packet Processing (VPP) is a high performance packet processing stack that runs in user space in Linux. VPP is used as an alternative to kernel networking stack for accelerated network data path. * Adds support for networking-vpp ML2 mechanism driver and agent. Upgrade Notes ************* * Out-of-box support for Ironic "*_ssh" drivers was removed. These drivers were deprecated in the Newton release. Bug Fixes ********* * Octavia is now properly registered with keystone when deployed. * Add a tunnel timeout to the HAProxy tripleo-ui configuration to ensure Zaqar WebSocket tunnels persist longer than two minutes https://bugs.launchpad.net/tripleo/+bug/1672826 * Bugfix 1664561. Removing the string cast when using the os_transport_url function. * We need ceilometer user in cases where ceilometer API is disabled. This is to ensure other ceilometer services can still authenticate with keystone. * Fixes horizon getting temporarily deconfigured during a stack update due to the apache configuration occuring in step 3 but the horizon configuration not occuring until step 4. * Fixes missing neutron base class in sriov * The rabbitmq user check is moved to step >= 2 from step >= 1. There is no guarantee that rabbitmq is running at step 1, especially if updating a failed stack that never made it past step 1 to begin with. * Re-run gnocchi and ceilometer upgrade in step5. This is required for gnocchi resource types to be created in ceilometer and gnocchi to function properly. * Add a way for mongodb to limit amount of memory it comsumes with systemd. A new param memory_limit has been added to tripleo::profile::base::database::mongodb class with default limit of 20G. Changes in puppet-tripleo 6.2.0..7.0.0 -------------------------------------- 33e0fe9 syntax error extra comma in rabbitmq.pp ac5445f Stop including ironic::drivers::ssh in the ironic-conductor profile 8b40d46 TLS-everywhere: Add resources for libvirt's cert for live migration 13ea87e Enable creation of keystone domain when ldap backends are created 3589d94 Make galera-ready exec refreshonly 23e7232 Add missing octavia auth include to keystone manifest a22c6c7 Don't try and create the my.cnf.d dir everytime 12de93c Adjust UI manifest (language list) b8388e3 Add a trigger to call ldap_backend define 3412150 Migrate Swift ring handling from tripleo-heat-templates to puppet-tripleo 5e109f9 Adding support for Bagpipe Agent as BGPVPN driver f464e9f Make the cluster-check property configurable ec7f064 Certmonger/rabbitmq: Remove parameter doc for unexisting parameter e5fe7a5 Move etcd to step 2 dc52f32 Add httpchk for http services b35bc80 SSHD Service extensions e56d9d1 Clean up TLS-related bits from swift-proxy 52925ba Add TLS in the internal network for Swift Proxy 8370c74 Composable services support for Cinder Pure Storage FlashArray b95f16a Include ironic::drivers::interfaces in the ironic-conductor profile 3aa86a4 Restrict mongodb memory usage 1b93ca1 Fixes missing neutron base in sriov bc6bfc5 Use correct manage_firewall hieradata ccbcd11 Configure migration SSH tunnel 2272bca Deploy WSGI apps at the same step (3) e292871 Move horizon to step 3 e8125cb Add tunnel timeout for ui proxy container 38e4976 Decouple ceilometer user create from API 8a29f41 Fix missing groups for fluentd user 60db285 Refactor enabled languages from an array to a hash a0e4107 securetty: use validate_array for tty list 8785094 Adds service for managing securetty 240f9d5 Fix reno for rabbitmq-user-check a039e47 Qpid dispatch router puppet profile 6ff7384 Introduce profile to configure l2 gateway Neutron agent. faa2ec4 Add missing include of ::ec2api::keystone::authtoken aec471a Re-run gnocchi and ceilometer upgrade in step 5 1deb6fe Add l2 gateway Neutron service plugin profile d9916ce Remove certificate request bits from service profiles 2102a61 Ensure iscsi-initiator-utils installed aa9af08 Check rabbitmq user at step >= 2 08b9633 Adding listen_options for Contrail Webui https in haproxy 2195cd3 Move neutron profile out of step 4 8db8040 Include oslo.messaging amqp support for rpc and notifications 0cec9b6 Enables OpenDaylight Clustering in HA deployments ffe6ae2 Explicitly configure credentials used by ironic to access other services 6284719 Remove cluster_enabled setting for etcd fe6bba0 Add spec tests for tripleo::certmonger::ca::local class 8ca022e Add spec tests for tripleo::certmonger::mysql class a51c0e7 Add spec test for tripleo::certmonger::httpd resource ad1324c Include ceph::profile::client from rgw.pp 8fa4f7c Add networking-vpp ML2 mechanism driver support f3c1573 Create profile to request certificates for the services in the node c9acf8a Fixes issues with raising mysql file limit 5f86077 Correct haproxy's stat unix socket path cc3d236 Add bindep support bee651a HAProxy: Refactor certificate retrieval bits 4762db7 Tuned should be configured properly 83e7494 Add support for BGPVPN service plugin 9cd4ddc Fix deprecated eqlx parameters e51209b Adding OVNDBs vip to keepalive d73c263 panko: Do db_sync in api manifest 9bc973e Add tests for tripleo::certmonger::rabbitmq class 3b6113b Enable TLS in the internal network for RabbitMQ 03523df sahara: include authtoken class ffe1cd5 Update version for Pike a2f3b91 httpd: Clean up heat API profiles and add release note d82a7c5 Deploy Heat APIs over httpd ca8656e fix typo in release note 37ba3a8 Stop the chronyd service 149f04e Add docker profile 48adea3 Add openstack-kolla to docker-registry profile 2be3616 Throw warnings for norpm actions 0c00789 mysqlclient: Drop hiera calls in favor of getting these via t-h-t fb40fb8 Configure MySQL client SSL connections via the config file 3b78e1c Revert "Add httpchk for http services" 0966517 mariadb: Move generation of systemd drop-in to puppet-tripleo 354818c Add release note for httpchk 52a68ff Default neutron dhcp_agents_per_network to number of agents 9282075 Remove todo comment 7dddf04 Add ceilometer polling agent profile ebcc470 Add httpchk for http services d0e69f7 Remove the string cast for using transport_url fb69651 Configure authtoken in Nova Placement d12c004 Stop accidentally removing docker-distribution 5fbe385 Ironic inspector support f8313f7 Replace default to be more robust f6116ff Create /etc/my.cnf.d/tripleo.cnf with proper bind-address e1a1a5c Use rpc and notify transport_url for oslo_messaging backends f59e01c Add VPP service 053ee06 Enable languages in UI config bb9dba1 Add virtual_packages support to norpm provider 6be941d Update reno for stable/ocata ef41f03 Fix a typo in mysql.pp 95fbe92 xinetd: bind only on mysql network ec26b43 Allow neutron_options customization for dashboard Diffstat (except docs and test files) ------------------------------------- Puppetfile_extras | 24 +++ bindep.txt | 2 + lib/puppet/provider/package/norpm.rb | 7 + manifests/certmonger/ca/libvirt.pp | 42 +++++ manifests/certmonger/haproxy.pp | 13 ++ manifests/certmonger/libvirt.pp | 78 ++++++++++ manifests/certmonger/libvirt_dirs.pp | 60 ++++++++ manifests/certmonger/rabbitmq.pp | 75 +++++++++ manifests/haproxy.pp | 133 ++++++---------- manifests/haproxy/endpoint.pp | 2 +- manifests/keepalived.pp | 18 +++ manifests/profile/base/aodh.pp | 80 ++++++++-- manifests/profile/base/aodh/api.pp | 15 +- manifests/profile/base/barbican/api.pp | 87 +++++++++-- manifests/profile/base/ceilometer.pp | 78 ++++++++-- manifests/profile/base/ceilometer/agent/polling.pp | 64 ++++++++ manifests/profile/base/ceilometer/api.pp | 13 -- manifests/profile/base/ceilometer/collector.pp | 8 + manifests/profile/base/ceph/rgw.pp | 2 +- manifests/profile/base/certmonger_user.pp | 89 +++++++++++ manifests/profile/base/cinder.pp | 84 ++++++++-- manifests/profile/base/cinder/api.pp | 13 -- manifests/profile/base/cinder/volume.pp | 13 ++ manifests/profile/base/cinder/volume/dellps.pp | 6 +- manifests/profile/base/cinder/volume/pure.pp | 65 ++++++++ manifests/profile/base/congress.pp | 64 ++++---- manifests/profile/base/database/mongodb.pp | 11 ++ manifests/profile/base/database/mysql.pp | 33 ++-- manifests/profile/base/database/mysql/client.pp | 94 ++++++++++++ manifests/profile/base/docker.pp | 68 +++++++++ manifests/profile/base/docker_registry.pp | 4 +- manifests/profile/base/etcd.pp | 9 +- manifests/profile/base/glance/api.pp | 13 -- manifests/profile/base/gnocchi/api.pp | 22 ++- manifests/profile/base/haproxy.pp | 36 ----- manifests/profile/base/heat.pp | 118 ++++++++------ manifests/profile/base/heat/api.pp | 43 +++++- manifests/profile/base/heat/api_cfn.pp | 44 +++++- manifests/profile/base/heat/api_cloudwatch.pp | 44 +++++- manifests/profile/base/horizon.pp | 13 +- manifests/profile/base/ironic.pp | 49 ++++-- manifests/profile/base/ironic/conductor.pp | 13 +- manifests/profile/base/ironic_inspector.pp | 46 ++++++ manifests/profile/base/keystone.pp | 125 ++++++++++++--- manifests/profile/base/logging/fluentd.pp | 160 +++++++++---------- manifests/profile/base/manila.pp | 80 ++++++++-- manifests/profile/base/mistral.pp | 80 ++++++++-- manifests/profile/base/neutron.pp | 108 +++++++++++-- manifests/profile/base/neutron/agents/bagpipe.pp | 37 +++++ manifests/profile/base/neutron/agents/l2gw.pp | 35 +++++ manifests/profile/base/neutron/agents/vpp.pp | 49 ++++++ manifests/profile/base/neutron/bgpvpn.pp | 37 +++++ manifests/profile/base/neutron/l2gw.pp | 37 +++++ manifests/profile/base/neutron/opendaylight.pp | 30 +++- manifests/profile/base/neutron/plugins/ml2.pp | 4 + .../base/neutron/plugins/ml2/opendaylight.pp | 9 +- manifests/profile/base/neutron/plugins/ml2/vpp.pp | 49 ++++++ .../base/neutron/plugins/ovs/opendaylight.pp | 14 +- manifests/profile/base/neutron/server.pp | 13 -- manifests/profile/base/neutron/sriov.pp | 2 + manifests/profile/base/nova.pp | 170 +++++++++++++++------ manifests/profile/base/nova/api.pp | 24 +-- manifests/profile/base/nova/authtoken.pp | 56 +++++++ manifests/profile/base/nova/compute.pp | 2 + manifests/profile/base/nova/ec2api.pp | 1 + manifests/profile/base/nova/placement.pp | 14 +- manifests/profile/base/octavia.pp | 55 ++++--- manifests/profile/base/pacemaker.pp | 25 +++ manifests/profile/base/panko.pp | 18 +-- manifests/profile/base/panko/api.pp | 31 ++-- manifests/profile/base/qdr.pp | 54 +++++++ manifests/profile/base/rabbitmq.pp | 67 ++++++-- manifests/profile/base/sahara.pp | 85 +++++++++-- manifests/profile/base/securetty.pp | 48 ++++++ manifests/profile/base/sshd.pp | 56 ++++--- manifests/profile/base/swift/proxy.pp | 62 +++++++- manifests/profile/base/swift/ringbuilder.pp | 36 +++++ manifests/profile/base/tacker.pp | 60 ++++---- manifests/profile/base/time/ntp.pp | 10 +- manifests/profile/base/tuned.pp | 20 +++ manifests/profile/base/vpp.pp | 32 ++++ manifests/profile/pacemaker/database/mysql.pp | 8 +- manifests/ui.pp | 21 +++ metadata.json | 2 +- .../notes/add-bagpipe-driver-9163f5b22096fde0.yaml | 3 + .../notes/add-bgpvpn-support-77676690fb6dd17b.yaml | 3 + .../add-ceilo-polling-agent-53fab550a09a6196.yaml | 6 + .../notes/add-ldap-backend-48e875e971343e2a.yaml | 5 + ...-octavia-auth-to-keystone-d0353544c0e27b57.yaml | 3 + .../add-opendaylight-ha-47a40c03917faf9c.yaml | 5 + ...d-support-for-pure-cinder-d45e6aaf3e243c91.yaml | 3 + ...el-timeout-for-haproxy-ui-0705dfd671f9f487.yaml | 6 + .../notes/bugfix-1664561-50d76b25addb08dd.yaml | 4 + ...e-dhcp-agents-per-network-3089c5e7b15f8b7b.yaml | 5 + .../cold_migration_setup-dc4ebd834920c27f.yaml | 4 + ...te-ceilo-user-for-gnocchi-b8a4d5ea2f2375a9.yaml | 5 + ...ploy-heat-APIs-over-httpd-46b111d0a4a4eed4.yaml | 3 + .../notes/docker_profile-8571ae260eec69b8.yaml | 4 + .../enable-languages-in-ui-88a8caa6db9b4dd7.yaml | 5 + ...figuration-during-updates-aecfab9a4aa8770b.yaml | 6 + .../fix-sriov-neutron-base-3e32bd667886c474.yaml | 3 + ...for-haproxy-http-services-ace7d9bf94610ed9.yaml | 6 + .../notes/ironic-ssh-removal-e5f40b477cf7357c.yaml | 5 + .../notes/l2gw_agent_support-2bc24b539da738a8.yaml | 3 + .../l2gw_plugin_support-e0b1faafe8e1135f.yaml | 3 + .../notes/messaging-amqp-7efec1bcb435e7cf.yaml | 4 + .../rabbitmq-user-check-95da891a2e197d89.yaml | 6 + .../re-run-ceilo-upgrade-0d9ba69fe4bfe780.yaml | 5 + .../restrict-mongodb-memory-c19d69638b63feb4.yaml | 6 + .../notes/sahara_auth_v3-65bd276b39b4e284.yaml | 4 + releasenotes/notes/securetty-6a10eefd601e45ca.yaml | 6 + releasenotes/notes/sshd-437c531301f458bb.yaml | 4 +- releasenotes/notes/vpp-7368457faab68824.yaml | 7 + releasenotes/notes/vpp-ml2-9c1321fa30f3b172.yaml | 3 + releasenotes/source/conf.py | 12 +- releasenotes/source/index.rst | 1 + releasenotes/source/ocata.rst | 6 + spec/classes/tripleo_certmonger_ca_local.rb | 46 ++++++ spec/classes/tripleo_certmonger_httpd.rb | 63 ++++++++ spec/classes/tripleo_certmonger_mysql.rb | 64 ++++++++ spec/classes/tripleo_certmonger_rabbitmq.rb | 64 ++++++++ spec/classes/tripleo_profile_base_aodh_api_spec.rb | 10 +- .../tripleo_profile_base_aodh_evaluator_spec.rb | 2 +- .../tripleo_profile_base_aodh_listener_spec.rb | 2 +- .../tripleo_profile_base_aodh_notifier_spec.rb | 2 +- spec/classes/tripleo_profile_base_aodh_spec.rb | 12 +- ...o_profile_base_ceilometer_agent_polling_spec.rb | 72 +++++++++ .../tripleo_profile_base_ceilometer_api_spec.rb | 2 +- ...ipleo_profile_base_ceilometer_collector_spec.rb | 28 +++- ...tripleo_profile_base_ceilometer_expirer_spec.rb | 2 +- .../tripleo_profile_base_ceilometer_spec.rb | 6 +- .../tripleo_profile_base_cinder_api_spec.rb | 2 +- ...tripleo_profile_base_cinder_backup_ceph_spec.rb | 2 +- .../tripleo_profile_base_cinder_backup_spec.rb | 2 +- ...ripleo_profile_base_cinder_backup_swift_spec.rb | 2 +- .../tripleo_profile_base_cinder_scheduler_spec.rb | 2 +- spec/classes/tripleo_profile_base_cinder_spec.rb | 44 +++--- ...tripleo_profile_base_cinder_volume_pure_spec.rb | 58 +++++++ .../tripleo_profile_base_cinder_volume_spec.rb | 41 +++-- .../tripleo_profile_base_database_mysql_spec.rb | 75 +++++++++ spec/classes/tripleo_profile_base_docker_spec.rb | 68 +++++++++ spec/classes/tripleo_profile_base_horizon_spec.rb | 57 +++++++ ...ipleo_profile_base_neutron_opendaylight_spec.rb | 88 +++++++++++ spec/classes/tripleo_profile_base_neutron_spec.rb | 76 +++++++++ spec/classes/tripleo_profile_base_nova_api_spec.rb | 9 +- .../tripleo_profile_base_nova_authtoken_spec.rb | 69 +++++++++ ...ripleo_profile_base_nova_compute_ironic_spec.rb | 2 +- ...ipleo_profile_base_nova_compute_libvirt_spec.rb | 2 +- .../tripleo_profile_base_nova_compute_spec.rb | 5 +- .../tripleo_profile_base_nova_conductor_spec.rb | 2 +- .../tripleo_profile_base_nova_consoleauth_spec.rb | 2 +- .../tripleo_profile_base_nova_libvirt_spec.rb | 2 +- .../tripleo_profile_base_nova_placement_spec.rb | 120 +++++++++++++++ .../tripleo_profile_base_nova_scheduler_spec.rb | 2 +- spec/classes/tripleo_profile_base_nova_spec.rb | 140 +++++++++++++++-- .../tripleo_profile_base_nova_vncproxy_spec.rb | 2 +- .../tripleo_profile_base_octavia_api_spec.rb | 6 +- spec/classes/tripleo_profile_base_octavia_spec.rb | 26 ++-- .../classes/tripleo_profile_base_securetty_spec.rb | 72 +++++++++ spec/classes/tripleo_profile_base_sshd_spec.rb | 62 +++++++- .../tripleo_profile_base_swift_ringbuilder.rb | 65 ++++++++ spec/classes/tripleo_profile_base_time_ntp_spec.rb | 39 +++++ spec/classes/tripleo_profile_base_tuned_spec.rb | 44 ++++++ spec/fixtures/hieradata/default.yaml | 7 + templates/securetty/securetty.erb | 4 + templates/ui/tripleo_ui_config.js.erb | 4 +- 166 files changed, 4502 insertions(+), 851 deletions(-)