We are happy to announce the release of: tripleo-heat-templates 9.1.0: Heat templates for deploying OpenStack with OpenStack. This release is part of the rocky stable release series. The source is available from: http://git.openstack.org/cgit/openstack/tripleo-heat-templates Download the package from: https://tarballs.openstack.org/tripleo-heat-templates/ Please report issues through launchpad: https://bugs.launchpad.net/tripleo For more details, please see below. 9.1.0 ^^^^^ New Features ************ * Add support for ODL deployment on IPv6 networks. * Allow plugins that support it to create VLAN transparent networks The vlan_transparent determines if plugins that support it to create VLAN transparent networks or not * We now provide an example set of environment files that can be used to deploy a single all-in-one standalone cloud node via the 'openstack overcloud deploy' and 'openstack tripleo deploy' (experimental) commands. For the overcloud deployment, use *environments/standalone/standalone-overcloud.yaml*. For the tripleo deploy deployment, use *environments/standalone/standalone- tripleo.yaml*. * Adds posibilities to set 'neutron::agents::ml2::ovs::tunnel_csum' via NeutronOVSTunnelCsum in heat template. This param set or un-set the tunnel header checksum on outgoing IP packet carrying GRE/VXLAN tunnel in ovs agent. * Now it's possible to define the number of API and RPC workers separately for neutron-api service. This is good for certain network backends such as OVN that don't require RPC communication. * Usage of eventlet of all the WSGI-run nova services get deprecated, including nova-api and nova-metadata-api. See https://review.openstack.org/#/c/549510/ for more details. With this change we move nova-metadata to run via httpd wsgi. * Add provision to set java options like heap size configurations in ODL. * Add support for libvirt volume_use_multipath the ability to use multipath connection of the iSCSI or FC volume. Volumes can be connected in the LibVirt as multipath devices. Adds new parameter "NovaLibvirtVolumeUseMultipath". Upgrade Notes ************* * swift worker count parameter defaults have been changed from 'auto' to 0. If not provided, puppet module default would instead be used and the number of server processes will be limited to '12'. * The online part of the service upgrades (online data migrations) is now run using: openstack overcloud external-upgrade run --tags online_upgrade or per-service like: openstack overcloud external-upgrade run --tags online_upgrade_nova openstack overcloud external-upgrade run --tags online_upgrade_cinder openstack overcloud external-upgrade run --tags online_upgrade_ironic Consult the upgrade documentation regarding the full upgrade workflow. Deprecation Notes ***************** * The environments/standalone.yaml has been deprecated and should be replaced with environments/standalone/standalone-tripleo.yaml when using the 'openstack tripleo deploy' command. Bug Fixes ********* * Fixed an issue where if Octavia API or Glance API were deployed away from the controller node with internal TLS, the service principals wouldn't be created. * Nova Scheduler added worker support in Rocky. Added *NovaSchedulerWorkers* to allow it to be configurable. * An issue causing undercloud installer re-run (or update) to fail because VIP's where lost in case the networking configuration was changed has been fixed. See Bug: 1791238 (https://bugs.launchpad.net/tripleo/+bug/1791238). * Fixes openDaylight karaf file log rotation by changing karaf log rollover parameters in PAX logging configuration. Reference https://git.opendaylight.org/gerrit/#/c/75480/ for more details. Also, moves openDaylight karaf log file location to /var/log/containers/opendaylight/karaf/logs/karaf.log. Reference https://review.openstack.org/#/c/603907/ for more details. * Fixes an issue in the legacy port_from_pool templates for predictable IP addressing. Prior to this fix using these tamplates would fail with the following error: **Referenced Attribute (%network_name%%Port host_routes) is incorrect.** (Bug: 1792968 (https://bugs.launchpad.net/tripleo/+bug/1792968).) * Add customized libvirt-guests unit file to properly shutdown instances If resume_guests_state_on_host_boot is set in nova.conf instances need to be shutdown using libvirt-guests after nova_compute container is shut down. Therefore we need a customized libvirt- guests unit file 1) removes the dependency to libvirt (non container) that it don't get started as a dependency and make the nova_libvirt container to fail. 2) adds a dependency to docker related services that a shutdown of nova_compute container is possible on system reboot. 3) stops nova_compute container 4) shutdown VMs This is a missing part of Bug 1778216. * With OOO we configure a separate DB for placement for the undercloud and overcloud since the beginning. But the placement_database config options were reverted with https://review.openstack.org/#/c/442762/1 , which means so far even if the config option was set, it was not used. With rocky the options were introduced again which is not a problem on a fresh installed env, but on upgrades from queens to rocky. We should use the same DB for both fresh deployments on and upgrades to rocky before we switch to the new DB as part of the extraction of placement. * Empty /var/lib/config-data/puppet-generated/opendaylight/opt/ opendaylight/etc/opendaylight/karaf directory on host empties /opt/opendaylight/etc/opendaylight/karaf inside the ODL container because of the mount. This leads to deployment failure on redeploy. Delete the empty karaf directory on host before redeploying. * The previous installation method for the undercloud installed some extra OpenStack clients during the installation. Since we did not have an equivalent way in the containerized version of the undercloud, we've added a new TripleO 'service' to install all of the OpenStack clients on a system. OS::TripleO::Services::OpenStackClients has been added which can be added to a custom role to install the clients. By default, only the Undercloud and Standalone roles will have this available. * Ping the default gateways before controllers in validation script. In certain situations when using IPv6 its necessary to establish connectivity to the router before other hosts. * SELinux can be configured on the Standalone deployment by setting SELinuxMode. Other Notes *********** * A new parameter called 'RabbitAdditionalErlArgs' that specifies additional arguments to the Erlang VM has been added. It now defaults to "'+sbwt none'" (http://erlang.org/doc/man/erl.html#+sbwt) This threshold determines how long schedulers are to busy wait when running out of work before going to sleep. By setting it to none we let the erlang threads go to sleep right away when they do not have any work to do. * The common tasks in deploy-steps-tasks.yaml that are common to all roles are now tagged with one of: host_config, container_config, container_config_tasks, container_config_scripts, or container_startup_configs. * The step plays in deploy-steps.j2 (which generates the deploy_steps_tasks.yaml playbook) are now tagged with step[1-5] so that they can run individually if needed. Changes in tripleo-heat-templates 9.0.0..9.1.0 ---------------------------------------------- 2f12128 Switch scenarios to non-voting 5a64736 Fix ansible conditional for ovs upgrade. 9be794b ceph: allow curl tasks to run in dry run mode 959aa9d Add customized libvirt-guests unit file to properly shutdown instances 0bc3e99 Honor --skip-deploy-identifier in common deploy tasks for updates 3deef82 Fix new node detection c7e16c3 Configure cinder's access to the nova API 4f191cb Set hierdata for swift server workers conditionally bc8cb17 [Templates] Use str_replace for hosts. e810103 Handle LP openvswitch meta-package on upgrade d10e704 Do not purge the Ironic Inspector dhcp-hostsdir aa0e0d3 Remove unused networks from OpenShift roles b129f24 Add network data for use with openshift deployments 3061e5d Switch stable scenarios to voting 49000ad Fix NeutronSriovHostConfig path for ODL deployment with SRIOV dac8bfc Sets ODL OVSDB inactivity probe timer a6247e8 switch documentation job to new PTI 7eb2024 Update to OpenShift 3.11 release ff09510 Set `TraceEnable` directive for apache to 'Off' e9b5d5f Fix novajoin nova vendordata hieradata keys c607f6c Create default deployment plan 8b13603 Allow standalone to manage selinux 0fe76ef Support for libvirt volume multipath b26af24 Add OpenStack clients service 5ccbdda Ensure unique containers names in docker-puppet 22b25cc Parametrize OpenShift deployment type d0752e3 Turning off extra UIs from Horizon fixes also SQLite issue 715781f Decoupling number of API and RPC workers for neutron-api 89e8e7e Set the number of RPC workers to 1 for non SRIOV OVN setups e229da2 Delete empty karaf directory on host 617bc44 Merge new params - nic-config templates 6c17d0f Skip hosts group in ceph-ansible inventory when all are blacklisted aab9049 Fix IHA with the new region_name key a9db3bb Change Swift storage directory to /srv/node/d1 c05b035 Fix cinder_api_apache error during upgrade. c314222 Do not wipe disks on OpenShift gluster nodes 71c1c76 Set openshift_docker_insecure_registries 2ada546 Do not modify imagestreams d100bb5 Let openshift-ansible configure the firewall 51eac99 Change log directory for OpenDaylight 60d7e1f Name unnamed tasks c09b258 check mode: paunch configs cb4fc55 check mode: docker_puppet_tasks 25f9448 Add OS::TripleO::Services::Rhsm to OpenShift roles 32c01f3 Use nova_api DB for [placement_database] -> connection 552ba0a Use different base virtual_router_id on openshift 5ef1ade Recreate cinder LVM loopback device on startup 17226a0 Switch OpenShiftGlusterDisks to a single disk 5aa3d8a Add OS::TripleO::Services::ContainerImagePrepare to ControllerOpenStack 7efe108 [Rocky ONLY] Fix haproxy cert inject for check mode 4fbf761 Apply variable to task not the block d9ec075 Run online migrations via "external-upgrade run" 54af7a0 Introduce proper steps to external update/upgrade tasks 65a8b44 check mode: docker_puppet 1d736b7 Remove deprecated Ram/Disk filters in NovaSchedulerDefaultFilters 085e49b Add provision to specify java arguments to ODL 2cd338a Fix update tasks for openshift f78ee08 Use openshift-ansible container instead of RPMs 4b44627 Set octavia log directory permissions to octavia user 7026e61 Add tripleo-heat-templates dir to Mistral volumes 9f0975a Disable Swift auditors/replicators on undercloud 1efec7e Ensure the needed openshift resources are set bae445a Add posibilities to set tunnel_csum in ovs agent 130bdea Use glusterfs for registry when deploying with CNS 55a1226 Pass image import conf file to command which runs glance server 776da14 Add metadata_settings to Octavia and Glance APIs 9a785ae Deploy openshift all in one in scenario009 001cadf Add nova-scheduler worker support 481916b Honor --skip-deploy-identifier in common deploy tasks d55940c Do not reference ansible_hostname if it is undefined 0969dfa Tag container image prepare tasks to allow running them for updates/upgrades 893e4c0 Add heat param for openshift prerequisites playbook bee73a8 Fix list concatenation of routes in bond-with-vlan 6341fe4 Hook openshift deployment with image prepare 59a5243 check mode: puppet host 95c10d1 Disable OVN related services in ODL env file 39302f2 Consolidate openshift-ansible global variables a45119e Make glusterfs the default sc when deploying with CNS b35cd6f Introduce OpenShiftGlusterNodeVars heat param 9ebb6e5 Fix inventory files for newer openshift-ansible 732e1c4 Configure haproxy for openshift infra f168115 Add config option for ODL IPv6 deployment ca765f7 Fix TLS when using a containerized undercloud d4f0725 Update standalone role 32ecb8a Fix error in Tenant network routes definition b1f7dd4 Remove parameter reference to non-exisingt parameter 597a43d Remove 3node from CI 8e5a437 Don't fail ironic upgrade if xinetd isn't present 94df25e Convert with_dict tasks to use loop and be less chatty 6bf333a Add a zaqar-swift-backend environment file 1efba03 Mount /usr/share/ceph-ansible into mistral-executor 091cd60 docker-puppet.py: used dedicated hiera entry, not uuid aed9d77 Chunk up ceph-ansible output to prevent clogging the CLI 43b27a3 Add UseNotifySSL to environments/ssl/enable-internal-tls.yaml 8a02c78 Revert "Allow a containerized logrotate to access docker" c46632b In process-templates script write output files to provided dir when using base path b3dd79b Clean up previous osa inventory dir before deployment 5aedecc Fix openshift new node detection 65e75d7 Refactor openshift services for composable roles f0d00ef Add simple validation that OpenShift is deployed 0cc922b Use openshift_cockpit_deployer_image directly 03a8a6b Move to openshift-ansible 3.10 a0d7e74 Define keepalived service in environments/docker.yaml 9040c41 Set container images for CNS 244b7bf Ping default gateways before controllers 60f2bf9 Add networks to IronicConductor role. 993840d Don't merge /etc/collectd.d 3d422bb Add a fact checking xinetd service present 212568e Pacemaker-cinder-volume & pacemaker-cinder-backup log path fix 90afd18 Cleanup ControllerStorageNfs role ea067e4 Move nova-metadata api to httpd wsgi 74d821a Set mysql connect timeout in the undercloud 2ee39f2 Tag tasks in in common tasks 8af4465 Persist ceph-ansible fetch_directory using config-download dfb3e75 Remove "when failed" from debug task names 624c775 Tag step plays 4aa7f8c Pass NeutronMechanismDrivers parameter to prepare e8563c0 Add ERL args parameter for rabbit and set the busy wait threshold to none 7c52f94 Undercloud - Restart keepalived on update 78e0205 Allow a containerized logrotate to access docker 03ebfc9 undercloud/stackrc: unset OS_* variables 5a66f6c Stop cap granting to empty pool when telemetry disabled ab9c7b9 Fix syntax for set_fact module. 13a2474 Add host_routes to port_from_pool.j2 dfa3eca Add CephOSD service to roles/Standalone.yaml 2e21bb7 Add reflection of RpcPort to health checks 032db24 Make vlan_transparent in neutron.conf configurable from Undercloud Diffstat (except docs and test files) ------------------------------------- ci/environments/scenario009-multinode.yaml | 28 +- common/deploy-steps-tasks.yaml | 299 ++++++++- common/deploy-steps.j2 | 14 +- .../services/logging/files/opendaylight-api.yaml | 6 +- environments/cavium-liquidio.yaml | 2 +- environments/docker.yaml | 1 + environments/network-isolation-v6.j2.yaml | 2 + environments/neutron-ml2-ovn-hw-offload.yaml | 2 +- environments/neutron-ovs-dpdk.yaml | 2 +- environments/neutron-sriov.yaml | 2 +- environments/no-tls-endpoints-public-ip.yaml | 3 + environments/openshift-cns.yaml | 5 - environments/openshift.yaml | 5 +- environments/ovs-hw-offload.yaml | 2 +- .../neutron-opendaylight-dpdk.yaml | 4 +- .../neutron-opendaylight-hw-offload.yaml | 4 +- .../neutron-opendaylight-sriov.yaml | 2 +- .../services-baremetal/neutron-opendaylight.yaml | 2 + .../services-baremetal/neutron-ovs-dpdk.yaml | 2 +- .../services-baremetal/neutron-ovs-hw-offload.yaml | 2 +- environments/services-baremetal/neutron-sriov.yaml | 2 +- .../services/neutron-opendaylight-dpdk.yaml | 4 +- .../services/neutron-opendaylight-hw-offload.yaml | 4 +- .../services/neutron-opendaylight-sriov.yaml | 4 +- environments/services/neutron-opendaylight.yaml | 2 + environments/services/neutron-ovn-dvr-ha.yaml | 1 + environments/services/neutron-ovn-ha.yaml | 1 + environments/services/neutron-ovn-hw-offload.yaml | 1 + environments/services/neutron-ovn-sriov.yaml | 2 +- environments/services/neutron-ovs-dpdk.yaml | 2 +- environments/services/neutron-ovs-hw-offload.yaml | 2 +- environments/services/neutron-sriov.yaml | 2 +- environments/services/zaqar-swift-backend.yaml | 4 + environments/ssl/enable-internal-tls.yaml | 4 + environments/ssl/no-tls-endpoints-public.yaml | 3 + environments/ssl/tls-endpoints-public-dns.yaml | 3 + environments/ssl/tls-endpoints-public-ip.yaml | 3 + environments/ssl/tls-everywhere-endpoints-dns.yaml | 3 + environments/standalone.yaml | 6 + environments/standalone/standalone-overcloud.yaml | 99 +++ environments/standalone/standalone-tripleo.yaml | 107 ++++ environments/stdout-logging.yaml | 1 + environments/tls-endpoints-public-dns.yaml | 3 + environments/tls-endpoints-public-ip.yaml | 3 + environments/tls-everywhere-endpoints-dns.yaml | 3 + environments/undercloud.yaml | 10 + extraconfig/post_deploy/undercloud_post.sh | 11 + extraconfig/pre_deploy/undercloud_pre.sh | 8 + extraconfig/pre_deploy/undercloud_pre.yaml | 23 + extraconfig/services/openshift-cns.yaml | 149 +++-- extraconfig/services/openshift-infra.yaml | 82 +++ extraconfig/services/openshift-master.yaml | 683 ++++++++++++--------- extraconfig/services/openshift-node.yaml | 161 +++++ extraconfig/services/openshift-worker.yaml | 105 +--- extraconfig/services/rhsm.yaml | 5 +- .../tasks/instanceha/check-run-nova-compute | 10 +- hosts-config.yaml | 19 +- lower-constraints.txt | 1 + network/config/bond-with-vlans/role.role.j2.yaml | 5 +- network/endpoints/endpoint_data.yaml | 13 +- network/endpoints/endpoint_map.yaml | 246 ++++++++ network/ports/port_from_pool.j2 | 3 + network/service_net_map.j2.yaml | 1 + network_data_openshift.yaml | 75 +++ network_data_routed.yaml | 2 +- overcloud-resource-registry-puppet.j2.yaml | 3 + puppet/role.role.j2.yaml | 1 + puppet/services/apache.j2.yaml | 1 + puppet/services/cinder-base.yaml | 8 + puppet/services/container-image-prepare.j2.yaml | 8 + puppet/services/glance-api.yaml | 8 +- puppet/services/haproxy-public-tls-inject.yaml | 3 +- puppet/services/ironic-inspector.yaml | 1 + puppet/services/neutron-api.yaml | 22 +- puppet/services/neutron-base.yaml | 7 + puppet/services/neutron-metadata.yaml | 9 +- puppet/services/neutron-ovs-agent.yaml | 50 +- puppet/services/neutron-ovs-dpdk-agent.yaml | 2 - puppet/services/nova-api.yaml | 7 +- puppet/services/nova-base.yaml | 4 +- puppet/services/nova-compute.yaml | 49 ++ puppet/services/nova-metadata.yaml | 128 ++-- puppet/services/nova-scheduler.yaml | 13 + puppet/services/octavia-api.yaml | 2 + puppet/services/opendaylight-api.yaml | 15 +- puppet/services/opendaylight-ovs.yaml | 52 +- puppet/services/openstack-clients.yaml | 55 ++ puppet/services/openvswitch.yaml | 48 -- puppet/services/pacemaker/cinder-backup.yaml | 1 + puppet/services/pacemaker/cinder-volume.yaml | 1 + puppet/services/rabbitmq.yaml | 9 + ...t-inactivity-probe-config-a89f6dcd204192a8.yaml | 6 + puppet/services/swift-proxy.yaml | 9 +- puppet/services/swift-storage.yaml | 27 +- puppet/services/tripleo-packages.yaml | 149 +++++ ...a-and-glance-tls-internal-5d8e46650b174626.yaml | 6 + ...-scheduler-worker-support-0ab66160b936a0c0.yaml | 4 + ...pport-for-IPv6-deployment-4c5b577cfb38c416.yaml | 4 + ...d-vlan_transparent-config-5623f8cffc8b41f0.yaml | 5 + ...n-one-via-undercloud.yaml-8766b43a20a4270f.yaml | 14 + .../notes/bug-1794268-0f875aa640b4246e.yaml | 6 + ...nge-swift-worker-defaults-b98f12fb2f677bf1.yaml | 6 + ...i_rpc_workers_neutron_api-eb5820d6bcedb53b.yaml | 6 + ...-keepalived-needs-restart-6d7efbb9788e0f95.yaml | 7 + .../fix-odl-karaf-logging-eca10973e57caa3a.yaml | 12 + ...ort-from-pool-host-routes-7fcc4d00cb11603d.yaml | 8 + ...ustom_libvirt-guests_unit-7ac2c4b5511ca549.yaml | 16 + .../notes/nova_metadata_wsgi-bfb240bc84194d05.yaml | 7 + ...nova_api_db_for_placement-eea44dd48c768f04.yaml | 12 + ...lete_karaf_folder_on_host-b81465f62fe422d6.yaml | 9 + ...igration-external-upgrade-5093de6bd8993b5c.yaml | 16 + .../openstack-client-service-86d28dab98f1763f.yaml | 11 + ...ateway-before-controllers-e029e81961dbaee8.yaml | 6 + .../notes/rabbitmq-erl-args-9029cf4605d63dd9.yaml | 8 + ...et_java_opts_from_tripleo-d969b1151ec244a0.yaml | 4 + ...one-selinux-configuration-39a0c7285d8e4c66.yaml | 4 + .../notes/tag-common-tasks-4a78275787655fdd.yaml | 6 + .../notes/tag-step-plays-b1b1ea7584f1665d.yaml | 5 + ...se_multipath-for-libvirt--c8e93a0bb83e0bc8.yaml | 7 + requirements.txt | 1 + roles/ControllerOpenstack.yaml | 1 + roles/ControllerStorageNfs.yaml | 9 +- roles/IronicConductor.yaml | 2 + roles/OpenShiftAllInOne.yaml | 35 ++ roles/OpenShiftInfra.yaml | 25 + roles/OpenShiftMaster.yaml | 16 +- roles/OpenShiftWorker.yaml | 10 +- roles/Standalone.yaml | 10 +- roles/Undercloud.yaml | 2 +- roles_data_undercloud.yaml | 2 +- sample-env-generator/ssl.yaml | 17 + sample-env-generator/standalone.yaml | 264 ++++++++ scripts/hosts-config.sh | 1 + tools/merge-new-params-nic-config-script.py | 267 ++++++++ tools/process-templates.py | 6 +- tools/yaml-validate.py | 5 +- validation-scripts/all-nodes.sh | 2 +- zuul.d/layout.yaml | 62 +- 187 files changed, 4161 insertions(+), 1389 deletions(-) Requirements updates -------------------- diff --git a/requirements.txt b/requirements.txt index bda4743..9474928 100644 --- a/requirements.txt +++ b/requirements.txt @@ -8,0 +9 @@ tripleo-common>=7.1.0 # Apache-2.0 +paunch>=3.2.0 # Apache-2.0