We contentedly announce the release of: puppet-tripleo 8.3.4: Puppet module for OpenStack TripleO This release is part of the queens stable release series. The source is available from: http://git.openstack.org/cgit/openstack/puppet-tripleo Download the package from: https://tarballs.openstack.org/puppet-tripleo/ Please report issues through launchpad: http://bugs.launchpad.net/tripleo (tag: puppet) For more details, please see below. 8.3.4 ^^^^^ New Features ************ * Add the ability to deploy an NFS backend for the Cinder Backup service. * Added support to IPV6 and SSL parameters for Dell EMC Unity manila backend. Upgrade Notes ************* * Rotated logs of containerized services in /var/log/containers will be purged with the next containerized logrotate run triggered via cron, if the rotated logs have been kept longer than *purge_after_days* (defaults to a 14 days). The logrotate maxage parameter is set to *purge_after_days* as well. The size parameter does not honor time-based constraints and is disabled as not GDPR compliant. From now on, it configures maxsize instead. Minsize is set to a 1 byte to put all /var/log/containers logs under the containerized logrotate control. New param *rotation* additionally allows to alter logrotate rotation interval, like 'hourly' or 'weekly'. Security Issues *************** * Retention rules of files in /var/log/containers additionally defined in the containerized logrotate postrotate script and based on any of the listed criteria met: * time of last access of contents (atime) exceeds *purge_after_days*, * time of last modification of contents (mtime) exceeds *purge_after_days*, * time of last modification of the inode (metadata, ctime) exceeds *purge_after_days*. Expired files will be purged forcibly with each containerized logrotate run triggered via cron. Note that the files creation time (the Birth attribute) is not taken into account as it cannot be accessed normally by system operators (depends on FS type). Retention policies based on the creation time must be managed elsewhere. Bug Fixes ********* * Fixes an issue where OVS may be missing flows post-deployment with OpenDaylight. For more information see https://bugs.launchpad.net/tripleo/+bug/1775436 Changes in puppet-tripleo 8.3.3..8.3.4 -------------------------------------- 15a81ad Prepare 8.3.4 (queens) 668480d Update DellEMC Manila Unity driver 2ac899c Update DellEMC Manila VNX driver 2268bd1 Ensure appropriate ACL mask is set on CephX keyrings bd33028 Remove share_backend_name from Dell-EMC manila backends 8235401 Fix logrotate_crond issues 2095275 Handle renaming of Cinder VNX backend parameter 58c881a Add NFS backend for cinder-backup service f7de6e7 Adds check and resyncs ODL/OVS OF pipeline c8a6413 Add keystone only job for queens 5b1ff75 Disallow SSLv2, SSLv3 and TLS1.0 in rabbitmq for FedRAMP compliance a8de6dc Neutron sidecar wrappers use netns they were invoked with 0bde3cd Lower the default stunnel log level f90011d Fix up property names in case of mixed case hostnames 33b406d Add missing nfs_mount_options for Cinder Netapp backend d255260 Fix duplicate entries in /etc/sysconfig/iptables 6de9374 Rework GDPR compliant logrotate config f814414 Force GDPR compliance of containers logs Diffstat (except docs and test files) ------------------------------------- lib/puppet/functions/synchronize_odl_ovs_flows.rb | 53 +++++++++++++++++++ manifests/firewall.pp | 4 +- manifests/profile/base/cinder/backup/nfs.pp | 36 +++++++++++++ manifests/profile/base/cinder/volume.pp | 5 ++ .../profile/base/cinder/volume/dellemc_vnx.pp | 7 ++- manifests/profile/base/cinder/volume/netapp.pp | 1 + manifests/profile/base/glance/api.pp | 5 ++ manifests/profile/base/gnocchi/api.pp | 5 ++ manifests/profile/base/logging/logrotate.pp | 30 +++++++++-- manifests/profile/base/manila/share.pp | 15 ++++-- .../profile/base/neutron/dhcp_agent_wrappers.pp | 1 - .../profile/base/neutron/l3_agent_wrappers.pp | 3 -- .../base/neutron/plugins/ovs/opendaylight.pp | 8 +++ manifests/profile/base/neutron/wrappers/haproxy.pp | 5 -- .../profile/base/neutron/wrappers/keepalived.pp | 5 -- .../neutron/wrappers/keepalived_state_change.pp | 5 -- .../profile/base/nova/compute_libvirt_shared.pp | 5 ++ manifests/profile/base/rabbitmq.pp | 32 +++++++++++- .../profile/pacemaker/cinder/backup_bundle.pp | 2 +- .../profile/pacemaker/cinder/volume_bundle.pp | 2 +- .../profile/pacemaker/database/mysql_bundle.pp | 2 +- .../profile/pacemaker/database/redis_bundle.pp | 2 +- manifests/profile/pacemaker/haproxy_bundle.pp | 2 +- manifests/profile/pacemaker/manila/share_bundle.pp | 2 +- manifests/profile/pacemaker/ovn_dbs_bundle.pp | 2 +- manifests/profile/pacemaker/rabbitmq_bundle.pp | 2 +- manifests/stunnel.pp | 5 ++ metadata.json | 2 +- ...cinder-backup-nfs-backend-59bf771a58af65f6.yaml | 4 ++ .../fix-odl-ovs-flows-sync-7b2cb7a29f0c89ec.yaml | 6 +++ ...ogrotate-containers-purge-56143a979ba80b51.yaml | 38 ++++++++++++++ .../notes/unity_driver_aba347d073cd11e7.yaml | 4 ++ .../notes/vnx_driver_cea44d073cd161e7.yaml | 4 ++ .../tripleo_profile_base_cinder_backup_nfs_spec.rb | 59 ++++++++++++++++++++++ .../tripleo_profile_base_cinder_volume_spec.rb | 1 + .../tripleo_profile_base_gnocchi_api_spec.rb | 1 + ...o_profile_base_neutron_wrappers_haproxy_spec.rb | 3 +- ...rofile_base_neutron_wrappers_keepalived_spec.rb | 1 - ...eutron_wrappers_keepalived_state_change_spec.rb | 3 +- spec/fixtures/hieradata/default.yaml | 1 + spec/fixtures/hieradata/step4.yaml | 1 + templates/logrotate/containers_logrotate.conf.erb | 20 ++++++-- templates/neutron/dibbler-client.epp | 7 +-- templates/neutron/dnsmasq.epp | 6 +-- templates/neutron/haproxy.epp | 9 ++-- templates/neutron/keepalived.epp | 8 +-- .../neutron/neutron-keepalived-state-change.epp | 8 +-- templates/stunnel/foreground.erb | 1 + zuul.d/layout.yaml | 26 ++++++++++ 49 files changed, 393 insertions(+), 66 deletions(-)