We enthusiastically announce the release of: puppet-tripleo 11.3.0: Puppet module for OpenStack TripleO This release is part of the train stable release series. The source is available from: https://opendev.org/openstack/puppet-tripleo Download the package from: https://tarballs.openstack.org/null/ Please report issues through: https://bugs.launchpad.net/puppet-tripleo/+bugs For more details, please see below. 11.3.0 ^^^^^^ New Features * The "ipversion" parameter was added to tripleo::firewall:rule. Allowing the user to provide the IP version ("ipv4" or "ipv6") for firewall rules. With the default ("undef") the rule will be created in both *iptables* and *ip6tables*. Bug: 1845153 (https://bugs.launchpad.net/tripleo/+bug/1845153). * This patch introduces parameters which support SSL to connect to OVN_Northbound DB and OVN_Southbound DB. This can be set by: * 'ovn_nb_private_key': The PEM file with private key for SSL connection to OVN-NB-DB * 'ovn_nb_certificate': The PEM file with certificate that certifies the private key specified in ovn_nb_private_key * 'ovn_nb_ca_cert': The PEM file with CA certificate that OVN should use to verify certificates presented to it by SSL peers * 'ovn_sb_private_key': The PEM file with private key for SSL connection to OVN-SB-DB, * 'ovn_sb_certificate': The PEM file with certificate that certifies the private key specified in ovn_sb_private_key' * 'ovn_sb_ca_cert': The PEM file with CA certificate that OVN should use to verify certificates presented to it by SSL peers * 'protocol': Protocol use in communication with dbs Changes in puppet-tripleo 11.2.0..11.3.0 ---------------------------------------- c97dbd19 Prepare RC + stable/train 63dd90aa Revert "Add support to configure token caching in keystone" 7e78ebdc Deep merge hiera keys for mysqld_options f8d9dfb4 pacemaker: add support for Hash vs List in container environment 066a360e Allow the IHA OCF and fencing resource to be moved to the nova service user 2c241e39 Workaround for /etc/pki/CA/certs/vnc.crt not present 2f69faf6 Fix missing PXE directories for Conductor 8753a47f remove tripleo-ci-centos-7-scenario010-multinode-oooq-container 4cb50d58 Configuration changes to support Qdr-mesh topology. 72487d80 Add a configurable delay to Nova Evacuate calls dfe3c077 Be able to set pcs resource op defaults 7264c75c Add 'ipversion' to firewall/rule.pp ad7d818e Use correct paths to configure ovn dbs certs 0976e4ee Update log-driver value for podman 877e92da Add unit tests for manila manifests 781165b8 Use memcached for token caching in manila authtoken 469d4321 Add support to configure token caching in keystone e78c4f30 Add collectd-sensubility configuration 6b05849a Add support for separate VIP in ovn_dbs f907b0ec Disable keystone token_flush by default 44f42324 Correct wrong name in certmonger_certificate for ovn_controller 6080f929 Add basic unit tests for tripleo::profile::base::keystone 4fa490f0 Remove Tacker service 99080946 Fix wrong comment about heat_enable_db_purge a22d1b58 Correct ovn_controller_certificate_specs hiera variable name b09d1cb1 Support deploying multiple Cinder Pure Storage backends 35964d29 Enable deep_compare for fencing resource a77d6324 Support networking-ansible-ml2 coordination f2a38f6a Improve unit test coverage for neutron manifests f5bbc3ff Support connecting OVN DB over SSL 44cedb08 Imporve unit test coverage for cinder manifects fb602da5 Add missing response to Redis tcp-check in HAProxy 652a7801 Use memcached for token caching in barbican authtoken ce42b4b0 Use memcached for token caching in authtoken for telemetry services 40e01f28 Add unit tests for tripleo::profile::base::glance::api 1b1de7c9 Use memcached for token caching in octavia authtoken Diffstat (except docs and test files) ------------------------------------- manifests/certmonger/libvirt_vnc.pp | 15 +- manifests/certmonger/neutron_ovn.pp | 70 +++++++ manifests/certmonger/ovn_controller.pp | 70 +++++++ manifests/certmonger/ovn_dbs.pp | 69 +++++++ manifests/certmonger/ovn_metadata.pp | 70 +++++++ manifests/fencing.pp | 24 ++- manifests/firewall/rule.pp | 57 ++++-- manifests/haproxy.pp | 28 +-- manifests/profile/base/aodh/api.pp | 1 + manifests/profile/base/aodh/authtoken.pp | 44 +++++ manifests/profile/base/barbican/api.pp | 1 + manifests/profile/base/barbican/authtoken.pp | 44 +++++ manifests/profile/base/certmonger_user.pp | 82 +++++--- manifests/profile/base/cinder/volume/pure.pp | 64 +++--- manifests/profile/base/database/mysql.pp | 3 - manifests/profile/base/gnocchi/api.pp | 1 + manifests/profile/base/gnocchi/authtoken.pp | 44 +++++ manifests/profile/base/heat.pp | 4 +- manifests/profile/base/ironic/conductor.pp | 20 +- manifests/profile/base/keystone.pp | 7 +- manifests/profile/base/manila/api.pp | 1 + manifests/profile/base/manila/authtoken.pp | 44 +++++ manifests/profile/base/metrics/collectd.pp | 11 +- .../profile/base/metrics/collectd/sensubility.pp | 147 ++++++++++++++ manifests/profile/base/metrics/qdr.pp | 141 +++++++++---- manifests/profile/base/neutron/agents/ovn.pp | 7 +- manifests/profile/base/neutron/ovn_metadata.pp | 33 +++- .../base/neutron/plugins/ml2/networking_ansible.pp | 27 ++- manifests/profile/base/neutron/plugins/ml2/ovn.pp | 57 +++++- manifests/profile/base/octavia/api.pp | 1 + manifests/profile/base/octavia/authtoken.pp | 44 +++++ manifests/profile/base/pacemaker.pp | 12 ++ manifests/profile/base/pacemaker/instance_ha.pp | 32 ++- manifests/profile/base/panko/api.pp | 1 + manifests/profile/base/panko/authtoken.pp | 44 +++++ manifests/profile/base/tacker.pp | 88 --------- .../profile/pacemaker/cinder/backup_bundle.pp | 15 +- .../profile/pacemaker/cinder/volume_bundle.pp | 15 +- .../profile/pacemaker/database/mysql_bundle.pp | 2 +- manifests/profile/pacemaker/manila/share_bundle.pp | 14 +- manifests/profile/pacemaker/ovn_dbs_bundle.pp | 188 ++++++++++++++---- metadata.json | 2 +- ...l-rules-support-ipversion-c9e2adeca34b2fd0.yaml | 9 + releasenotes/notes/ovn-ssl-298db2d617d7cc5e.yaml | 16 ++ spec/classes/tripleo_certmonger_ovn_dbs.rb | 60 ++++++ spec/classes/tripleo_firewall_spec.rb | 69 ++++--- spec/classes/tripleo_profile_base_aodh_api_spec.rb | 5 + .../tripleo_profile_base_aodh_authtoken_spec.rb | 70 +++++++ .../tripleo_profile_base_barbican_api_spec.rb | 4 + ...tripleo_profile_base_barbican_authtoken_spec.rb | 70 +++++++ .../tripleo_profile_base_cinder_api_spec.rb | 18 ++ spec/classes/tripleo_profile_base_cinder_spec.rb | 58 ++++-- ...tripleo_profile_base_cinder_volume_pure_spec.rb | 16 ++ .../tripleo_profile_base_cinder_volume_spec.rb | 9 + .../tripleo_profile_base_glance_api_spec.rb | 123 ++++++++++++ .../tripleo_profile_base_gnocchi_api_spec.rb | 5 + .../tripleo_profile_base_gnocchi_authtoken_spec.rb | 70 +++++++ spec/classes/tripleo_profile_base_keystone_spec.rb | 191 ++++++++++++++++++ .../tripleo_profile_base_manila_api_spec.rb | 144 ++++++++++++++ .../tripleo_profile_base_manila_authtoken_spec.rb | 70 +++++++ .../tripleo_profile_base_manila_scheduler_spec.rb | 76 +++++++ .../tripleo_profile_base_manila_share_spec.rb | 78 ++++++++ spec/classes/tripleo_profile_base_manila_spec.rb | 127 ++++++++++++ .../tripleo_profile_base_metrics_collectd_spec.rb | 39 ++++ .../tripleo_profile_base_metrics_qdr_spec.rb | 220 +++++++++++++++++++++ .../tripleo_profile_base_neutron_dhcp_spec.rb | 15 +- .../tripleo_profile_base_neutron_l3_spec.rb | 15 +- .../tripleo_profile_base_neutron_ovs_spec.rb | 16 +- .../tripleo_profile_base_neutron_server_spec.rb | 187 ++++++++++++++++++ spec/classes/tripleo_profile_base_neutron_spec.rb | 81 +++++--- .../tripleo_profile_base_octavia_api_spec.rb | 3 - .../tripleo_profile_base_octavia_authtoken_spec.rb | 70 +++++++ .../tripleo_profile_base_panko_authtoken_spec.rb | 70 +++++++ spec/fixtures/hieradata/default.yaml | 11 +- spec/fixtures/hieradata/step3.yaml | 8 + spec/fixtures/hieradata/step5.yaml | 3 + templates/metrics/collectd-sensubility.conf.epp | 67 +++++++ templates/neutron/dibbler-client.epp | 2 +- templates/neutron/dnsmasq.epp | 2 +- templates/neutron/haproxy.epp | 2 +- templates/neutron/keepalived.epp | 2 +- templates/neutron/radvd.epp | 2 +- zuul.d/layout.yaml | 7 - 83 files changed, 3358 insertions(+), 396 deletions(-)