[release-announce] [tripleo] puppet-tripleo 7.1.0 (pike)

8 Jun 2017

We are tickled pink to announce the release of:
puppet-tripleo 7.1.0: Puppet module for OpenStack TripleO
This release is part of the pike release series.
Download the package from:
https://tarballs.openstack.org/puppet-tripleo/
For more details, please see below.
7.1.0
^^^^^
New Features
************
* Adds composable service interface for Neutron LBaaSv2 service.
* Add support for Mistral event engine.
* Restrict nova migration ssh tunnel * The ssh authorized_keys file
  is only writeable by root. * Creates a new user for migration
  instead of using root/nova. * Disables SSH forwarding for this user.
  * Restricts the networks that this user can connect from. * Uses an
  ssh wrapper command to whitelist the commands that this user can run
  over ssh. Adds new parameter
  "tripleo::profile::base::nova::migration_ssh_localaddrs" to specify
  which incoming IPs are allow for SSH tunnel connections.
* Added support for external swift proxy. Users may need to
  configure endpoints pointing to swift proxy service already
  available.
* Enable internal network TLS for etcd
* Move Mistral API to use mod_wsgi under Apache.
* Support HA for OVN db servers and ovn-northd using Pacemaker
* Support for Redfish hardware is enabled by default for overcloud
  Ironic via the "redfish" hardware type.
* Run the Zaqar WSGI service over httpd.
Upgrade Notes
*************
* Mistral API systemd service will be stopped and disabled.
Deprecation Notes
*****************
* The redis_file_limit hiera parameter is now deprecated. Use the
  redis::ulimit parameter instead.
Bug Fixes
*********
* With having package mod_ssl by default installed in images we
  introduced issue with mod_ssl package update. In case of SSL not
  being used or provided by HAproxy the puppet-apache module by
  default purges the ssl.conf file. The package update then recreates
  the file with default Listen 443 option. This causes conflict on 443
  port during httpd restart. If we include ::apache::mod::ssl the
  ssl.conf file will be configured and the Listen option will be used
  only if there is vhost set to use SSL.
* For Heat API, increase the HAproxy timeout from 2 minutes to 10
  minutes so we give a chance to Heat to use the rpc_response_timeout
  value which is set to 600 by default in TripleO.
* Since collector is deprecated, move the ceilo upgrade in step5 out
  of collector profile and into cielometer base. This way ceilo
  upgrade can run even when collector is disabled which is the default
  in pike.
* Moves bigswitch neutron agent configuration to a new tripleo
  profile tripleo::profile::base::neutron::agents::bigswitch
Changes in puppet-tripleo 7.0.0..7.1.0
--------------------------------------
e9fac79 Add _spec suffix to class spec tests
016cef3 Add polkit rule to allow kolla nova user access to libvirtd socket on docker host
cc84155 Add novajoin profile
7995f9b Prepare for release 7.1.0
0e674bd Puppet module to deploy MySQL bundle for HA
be2a1d3 Drop un-needed 'else' in noop_resource
90704a6 Add conditional for setting authlogin_nsswitch_use_ldap selboolean
e968869 do not include remote name in branch spec for release notes
c89f879 make release note a list of strings
48a6a09 Pacemaker support for OVN DB servers
04ff27d Puppet module to deploy RabbitMQ bundle for HA
c635586 Restart docker after changing storage driver
c21c573 Puppet module to deploy HAProxy bundle for HA
8b5b0b3 Puppet module to deploy Redis bundle for HA
daf6497 Move ceilometer upgrade step out of base
cc8e33e Add missing octavia mysql user creation
f88d4a4 Clustercheck, monitor service for galera containers
88560a7 Enable novajoin user on keystone profile
533f3e5 Bad example in firewall.pp
6b17c04 Switch to overlay2 driver for storage
66b6ea1 Update gitignore not to exclude fixture hieradata
48954b3 Update tox configuration
ef6309e TLS everywhere: Add resources for mongodb's TLS configuration
976bb6b Composable Role for Neutron LBaaS
2556c56 vhostuser socket dir shall be created for vhostuserclient mode
b6d02fd Use verify_on_create when creating pacemaker remote resources
5f0f850 Pass mistral::api service_name from t-h-t
732d878 Enable mistral to run under mod_wsgi
ce1a26b Add Mistral event engine
041ea64 Migrates OpenDaylight to official repo
926ec01 Remove limits for redis in /etc/security/limits.d
05e696c Handle duplicate/invalid entries in migration SSH inbound addresses
fe8edab Disable SSH login for nova_migration user when migration over ssh is disabled.
5a35002 Add support for Cinder "NAS secure" driver params
f8ca94a Restrict nova migration ssh tunnel
3b3d43e MySQL client: Make CA file configurable
6227484 IPv6 VIP addresses need to be /128
2ac0a83 snmp: remove useless parameter for binding
7568ac4 Fix wrong notify in swift proxy profile
b2aad9c Include base apache module in tls_proxy resource
19d177c Add support for autofencing to Pacemaker Remote.
c504d6a Add a flag to rabbitmq so that we can deploy with ha-mode: all again
8f5c6b8 Update puppet-etcd version
a640e13 Add support for Redfish hardware in Ironic
2e89f8e Move ceilometer upgrade re-run out of collector
2ce8aa0 Include zaqar apache module
3c49f51 Refactor SSHD config to allow both SSHD options and banner/motd to be set
4450afd Cover gnocchi api step 4 and 5
be27b5c Ensure /etc/docker/daemon.json
f30b791 Dell SC: Add secondary DSM support
84d3a82 Allow to configure haproxy daemon's status
f8ed8b6 Add linuxbridge agent profile
9e729c0 Ensure we configure ssl.conf
6990da8 Enable setting SubjectaltNames for haproxy and httpd certs
0261a22 Added release note for "Support for external swift proxy"
c372d01 Haproxy: When using TLS everywhere, use verifyhost for the balancermembers
6cb95e6 HAproxy/heat_api: increase timeout to 10m
da1cae2 Support for external swift proxy
bf6b929 Allow setting of keepalived router ID
49ea8b5 Dell SC: Add exclude_domain_ip option
5c8d5fd Make install of kolla optional on the undercloud
9de4c92 Move gnocchi wsgi configuration to step 3
890178b Move ceilometer wsgi to step 3
2e30593 Add ML2 configuration for Bagpipe BGPVPN extension
60d187e Enable internal network TLS for etcd
2a329d5 Stop SSHD profile clobbering SSH client config
bbe603a Ensure directory exists for certificates for httpd
b140cf1 Update UI language list
39568b1 etcd: Make HAProxy terminate TLS connections
936aece Add registry_mirror to base::docker profile
2ec381a Use docker profile in docker_registry
c0c850d firewall: generally accept "jump" param and use tripleo:firewall for log rule
6992eaf Add resource profile for vmware nsx_v3
b517344 Create bigswitch agent profile
Diffstat (except docs and test files)
-------------------------------------
.gitignore                                         |   4 +-
Gemfile                                            |   4 +-
Puppetfile_extras                                  |   4 +-
bindep.txt                                         |   9 +
lib/puppet/parser/functions/noop_resource.rb       |   1 -
manifests/certmonger/apache_dirs.pp                |  55 ++++
manifests/certmonger/etcd.pp                       |  73 +++++
manifests/certmonger/haproxy.pp                    |  14 +-
manifests/certmonger/httpd.pp                      |  15 +-
manifests/certmonger/mongodb.pp                    |  87 ++++++
manifests/firewall.pp                              |   2 +-
manifests/firewall/post.pp                         |   2 +-
manifests/firewall/rule.pp                         |  16 +-
manifests/haproxy.pp                               |  91 +++---
manifests/keepalived.pp                            |  21 +-
manifests/pacemaker/haproxy_with_vip.pp            |  38 ++-
manifests/profile/base/aodh/api.pp                 |   1 +
manifests/profile/base/barbican/api.pp             |   1 +
manifests/profile/base/ceilometer.pp               |   1 -
.../profile/base/ceilometer/agent/notification.pp  |   1 +
manifests/profile/base/ceilometer/agent/polling.pp |   5 +-
manifests/profile/base/ceilometer/api.pp           |   3 +-
manifests/profile/base/ceilometer/collector.pp     |   9 -
manifests/profile/base/ceilometer/upgrade.pp       |  49 ++++
manifests/profile/base/certmonger_user.pp          |  19 ++
manifests/profile/base/cinder/api.pp               |   1 +
manifests/profile/base/cinder/volume/dellsc.pp     |  23 +-
manifests/profile/base/cinder/volume/netapp.pp     |   2 +
manifests/profile/base/cinder/volume/nfs.pp        |  33 ++-
manifests/profile/base/database/mysql.pp           |   3 +
manifests/profile/base/database/mysql/client.pp    |   7 +-
manifests/profile/base/docker.pp                   | 128 ++++++++-
manifests/profile/base/docker_registry.pp          |  24 +-
manifests/profile/base/etcd.pp                     |  57 +++-
manifests/profile/base/gnocchi/api.pp              |  17 +-
manifests/profile/base/heat/api.pp                 |   1 +
manifests/profile/base/heat/api_cfn.pp             |   1 +
manifests/profile/base/heat/api_cloudwatch.pp      |   1 +
manifests/profile/base/ironic/conductor.pp         |   1 +
manifests/profile/base/keystone.pp                 |  12 +-
manifests/profile/base/mistral/api.pp              |  46 ++-
manifests/profile/base/mistral/event_engine.pp     |  46 +++
manifests/profile/base/neutron/agents/bigswitch.pp |  31 +++
manifests/profile/base/neutron/lbaas.pp            |  44 +++
manifests/profile/base/neutron/linuxbridge.pp      |  20 ++
manifests/profile/base/neutron/ovs.pp              |  17 +-
.../profile/base/neutron/plugins/ml2/bagpipe.pp    |  37 +++
manifests/profile/base/neutron/plugins/nsx_v3.pp   |  45 +++
manifests/profile/base/nova.pp                     | 180 ++++++++----
manifests/profile/base/nova/api.pp                 |   1 +
manifests/profile/base/nova/placement.pp           |   1 +
manifests/profile/base/novajoin.pp                 |  83 ++++++
manifests/profile/base/pacemaker.pp                |   1 +
manifests/profile/base/pacemaker_remote.pp         |  27 ++
manifests/profile/base/panko/api.pp                |   1 +
manifests/profile/base/snmp.pp                     |   1 -
manifests/profile/base/sshd.pp                     |  34 ++-
manifests/profile/base/swift/proxy.pp              |   2 +-
manifests/profile/base/zaqar.pp                    |   8 +-
manifests/profile/pacemaker/clustercheck.pp        |  65 +++++
.../profile/pacemaker/database/mysql_bundle.pp     | 302 ++++++++++++++++++++
manifests/profile/pacemaker/database/redis.pp      |  31 ++-
.../profile/pacemaker/database/redis_bundle.pp     | 178 ++++++++++++
manifests/profile/pacemaker/haproxy_bundle.pp      | 196 +++++++++++++
manifests/profile/pacemaker/neutron/lbaas.pp       |  44 +++
manifests/profile/pacemaker/ovn_northd.pp          | 121 ++++++++
manifests/profile/pacemaker/rabbitmq.pp            |   8 +-
manifests/profile/pacemaker/rabbitmq_bundle.pp     | 194 +++++++++++++
manifests/tls_proxy.pp                             |   1 +
manifests/ui.pp                                    |   2 +
metadata.json                                      |   2 +-
...le_role_for_neutron_lbaas-acdf08f1a9dfd3fe.yaml |   3 +
.../notes/add-bagpipe-driver-9163f5b22096fde0.yaml |   1 +
.../add-mistral-event-engine-05097cb76834f09d.yaml |   4 +
...e-dhcp-agents-per-network-3089c5e7b15f8b7b.yaml |   5 +-
.../cold_migration_security-1543136408c76459.yaml  |  10 +
...eprecate-redis-file-limit-4a60fa0fde4667ef.yaml |   5 +
...-for-external-swift-proxy-f12c99b34516a023.yaml |   5 +
.../notes/ensure-ssl-conf-2f32c6ead6f3bb0e.yaml    |  10 +
releasenotes/notes/etcd-tls-bb8605c91ff8a94c.yaml  |   3 +
.../notes/heat_api_timeout-cbb01242534cec79.yaml   |   5 +
.../notes/mistral-mod-wsgi-1a1d3eb279daa7fd.yaml   |   7 +
.../move-ceilo-upgrade-out-3318df875de5cd00.yaml   |   6 +
...n-bigswitch-agent-profile-1250bb1518199a67.yaml |   5 +
releasenotes/notes/ovn-ha-c7668c26aefb8f2d.yaml    |   4 +
releasenotes/notes/redfish-9203af1f7bf02bc5.yaml   |   5 +
.../notes/zaqar-httpd-93db7feb60622687.yaml        |   3 +
releasenotes/source/conf.py                        |   4 +-
releasenotes/source/ocata.rst                      |   2 +-
spec/classes/tripleo_certmonger_ca_local.rb        |  46 ---
spec/classes/tripleo_certmonger_ca_local_spec.rb   |  46 +++
spec/classes/tripleo_certmonger_etcd_spec.rb       |  60 ++++
spec/classes/tripleo_certmonger_mysql.rb           |  64 -----
spec/classes/tripleo_certmonger_mysql_spec.rb      |  64 +++++
spec/classes/tripleo_certmonger_rabbitmq.rb        |  64 -----
spec/classes/tripleo_certmonger_rabbitmq_spec.rb   |  64 +++++
.../tripleo_profile_base_ceilometer_api_spec.rb    |   8 +-
...ipleo_profile_base_ceilometer_collector_spec.rb |  26 --
.../tripleo_profile_base_ceilometer_spec.rb        |   1 +
spec/classes/tripleo_profile_base_docker_spec.rb   | 153 +++++++++-
.../tripleo_profile_base_gnocchi_api_spec.rb       | 150 ++++++++++
...o_profile_base_neutron_agents_bigswitch_spec.rb |  48 ++++
.../tripleo_profile_base_neutron_ovs_spec.rb       |  73 +++++
spec/classes/tripleo_profile_base_nova_spec.rb     | 309 ++++++++++++++++++++-
spec/classes/tripleo_profile_base_novajoin_spec.rb | 126 +++++++++
spec/classes/tripleo_profile_base_sshd_spec.rb     | 118 +++++++-
.../tripleo_profile_base_swift_ringbuilder.rb      |  65 -----
.../tripleo_profile_base_swift_ringbuilder_spec.rb |  65 +++++
spec/fixtures/hieradata/default.yaml               |   7 +
spec/spec_helper_acceptance.rb                     |  57 +---
test-requirements.txt                              |  11 +-
tox.ini                                            |   3 +
112 files changed, 3769 insertions(+), 551 deletions(-)
Requirements updates
--------------------

diff --git a/test-requirements.txt b/test-requirements.txt
index bedd666..1ea50a8 100644
--- a/test-requirements.txt
+++ b/test-requirements.txt
@@ -1,4 +1,7 @@
-# this is required for the docs build jobs
-sphinx!=1.2.0,!=1.3b1,<1.3,>=1.1.2
-oslosphinx>=2.5.0 # Apache-2.0
-reno>=0.1.1 # Apache-2.0
+# This is required for the docs build jobs
+sphinx>=1.5.1  # BSD
+oslosphinx>=4.7.0  # Apache-2.0
+
+# This is required for the releasenotes build jobs
+# FIXME: reno is manually pinned to !=2.0.0 because of bug #1651995
+reno>=1.8.0,!=2.0.0  # Apache-2.0

    

[release-announce] [tripleo] puppet-tripleo 7.1.0 (pike)

no-reply＠openstack.org