[release-announce] tripleo-heat-templates 11.4.0 (train)

8 Feb 2021


      We joyfully announce the release of:
tripleo-heat-templates 11.4.0: Heat templates for deploying OpenStack
with OpenStack.
This release is part of the train stable release series.
The source is available from:
https://opendev.org/openstack/tripleo-heat-templates
Download the package from:
https://tarballs.openstack.org/tripleo-heat-templates/
Please report issues through:
https://bugs.launchpad.net/tripleo/+bugs
For more details, please see below.
11.4.0
^^^^^^
New Features
************
* Adds a new ContainerNovaLibvirtPidsLimit parameter in order to set
  the PIDs limit for nova_libvirt container. Defaults to 65536, set to
  0 for unlimited.
* Adds support for IGMP snooping (Multicast) in the Neutron ML2/OVS
  driver.
* Added the configuration option to set reserved_huge_pages. When
  NovaReservedHugePages is set, "reserved_huge_pages" is set to the
  value of NovaReservedHugePages. If NovaReservedHugePages is unset
  and OvsDpdkSocketMemory is set, reserved_huge_pages value is
  calcuated from KernelArgs and OvsDpdkSocketMemory. KernelArgs helps
  determine the default huge page size used, the default is set to
  2048kb and OvsDpdkSocketMemory helps determine the number of
  hugepages to reserve.
* Add new BarbicanClient tripleo service for configuring DCN/Edge
  nodes to access a barbican service running in the control plane. The
  client service is disabled by default, and can be enabled by
  including the environments/services/barbican-edge.yaml environment
  file when deploying a DCN/Edge stack.
* Added the Octavia anti-affinity parameters.
* Added enhancements to Octavia's OVN driver configuration, so it
  can connect to OVN_Northbound DB using SSL/TLS.
* Added new PublicTLSCAFile parameter, that is used to set the ca
  cert in clouds.yaml for keystone public endpoint. This defaults to
  empty string ('') assuming that the certs are already trusted.
* Add GlanceImagePrefetcherInterval parameter to run periodic job
  which fetches the queued images for caching in cache directory, when
  image cache is enabled.
* Inclusion and configuration of ReaR service to undercloud and
  overcloud nodes.
* Added "MemcachedMaxConnections" setting with a default of 8192
  maximum connections in order to allow an operator to override that
  value in environments where memcached is heavily sollicited.
* Add parameter "NovaAllowResizeToSameHost" to allow instances to
  resize to the host they are currently on. Normally the source host
  is excluded.
* To isolate LVM volumes created by compute guests, within Cinder
  volumes, from the LVM volumes created/managed by the host itself, a
  new task has been introduced to create an allowlist and denylist of
  devices which should be accessible (or not) to the host, configured
  in lvm.conf using the global_filter key. The allowlist is generated
  gathering the list of existing in-use physical disks (or partitions)
  and appending to it any user provided device passed via
  *LVMFilterAllowlist* parameter. The denylist is configured via
  *LVMFilterDenylist* and defaults to ['.*'], which means it blocks
  any device not explicitly allowed. Both the list parameters can be
  specified per-role. The feature is, by default, disabled and can be
  enabled passing *LVMFilterEnabled: true*; when disabled the existing
  lvm.conf won't be touched and a version of it which includes the
  global_filter will be left, for debugging, in
  */tmp/tripleo_lvmfilter.conf*.
* The new parameter CephExternalMultiConfig may be used to configure
  OpenStack to use multiple external Ceph clusters.
* Add parameters *NovaLibvirtCPUMode*, *NovaLibvirtCPUModels* and
  *NovaLibvirtCPUModelExtraFlags* to allow configuration of CPU
  related parameters *libvirt/cpu_mode*, *libvirt/cpu_model* and
  *libvirt/cpu_model_extra_flags* respectively.
* Add a role specific parameter, ContainerCpusetCpus, default to
  'all', which allows to limit the specific CPUs or cores a container
  can use. To disable it and rely on container engine default, set it
  to ''.
* Add boolean parameter
  *NovaSchedulerEnableIsolatedAggregateFiltering* which allows to set
  *scheduler/enable_isolated_aggregate_filtering* parameter. This
  configures scheduler to restrict hosts in aggregates based on
  matching required traits in the aggregate metadata and the instance
  flavor/image. If an aggregate is configured with a property with key
  trait:$TRAIT_NAME and value required, the instance flavor
  extra_specs and/or image metadata must also contain
  trait:$TRAIT_NAME=required to be eligible to be scheduled to hosts
  in that aggregate. Default value for
  NovaSchedulerEnableIsolatedAggregateFiltering is False.
* This change updates the multiple-nics and multiple-nics-vlans
  templates so that an external bridge is created if either the role
  uses the External network or the "external_bridge" tag is set in the
  role definition. This is done instead of checking if the role name
  is "Controller". This change also assigns the "external_bridge" tag
  to the Controller as well as the Compute roles so that both roles
  can access the Neutron external bridge for floating IPs or SNAT by
  default so that OVN can use DVR.
* Introduce "{{role.name}}ExtraGroupVars" which allows to define a
  dictionary of Ansible group vars per role. These extra group vars
  will override any pre-defined group var from a service.
* Add parameters for configuring multiple glance-api backends. The
  existing "GlanceBackend" parameter represents the default backend,
  and a new "GlanceMultistoreConfig" parameter is a hash representing
  the configuration of additional backends. A new
  "GlanceStoreDescription" parameter provides a means of describing
  each backend.
The configuration can specify any combination of supported backend
  types. Multiple rbd backends can be specified, but cinder, file and
  swift backends are limited to one each.
* The following parameters were added to support configuration of
  gnocchi nfs backend.
* GnocchiNfsEnabled
* GnocchiNfsShare
* GnocchiNfsOptions
* For baremetal operations on DHCPv6-stateful networks multiple IPv6
  addresses can now be allocated for neutron ports created for
  provisioning, cleaning, rescue or inspection. The new parameter
  "IronicDhcpv6StatefulAddressCount" controls the number of addresses
  to allocate.
* Add Heat parameter "EnableMysqlAuthEd25519", which when set to
  true, configures MySQL user credentials to require ed25519-based
  authentication to the mariadb server, instead of the default
  SHA1-based native authentication.
* Add boolean parameter "NeutronDhcpAgentDnsmasqEnableAddr6List" to
  support the "dnsmasq_enable_addr6_list" option in dhcp agent
  settings. (See bug: #1861032
  (https://bugs.launchpad.net/neutron/+bug/1861032))
* Adding two parameters to manage vPMEM [0] configuration
  parameters. *NovaPMEMMappings* parameter set Nova's configuration
  option *pmem_namespaces* that reflects mappings between vPMEM and
  physical PMEM namespaces. *NovaPMEMNamespaces* creates and manages
  physical backend PMEM namespaces which win be used as backend for
  vPMEM. *NovaPMEMMappings* example: 6GB:ns0|ns1|ns2,LARGE:ns3 will
  expose namespaces ns0, ns1, ns2 using label *6GB* and namespace ns3
  using label *LARGE*. *NovaPMEMNamespaces* example:
  100G:ns0|14096M:ns1 will create two namespaces: ns0 - size 100G, ns1
  - size 14096M.
* The NovaApiMaxLimit parameter allows the operator to set Nova API
  max_limit using a Heat parameter in their templates.
* Add the NovaImageCacheTTL to the nova compute service. This
  exposes the remove_unused_original_minimum_age_seconds from
  nova.conf which controls the time (in seconds) that nova compute
  should continue caching an image once it is no longer used by and
  instances on the host. Defaults to 86400 (24hrs)
* Add boolean parameter
  *NovaSchedulerPlacementAggregateRequiredForTenants* which allows to
  set *scheduler/placement_aggregate_required_for_tenants* parameter.
  It controls whether or not a tenant with no aggregate affinity will
  be allowed to schedule to any available node. If aggregates are used
  to limit some tenants but not all, then this should be False. If all
  tenants should be confined via aggregate, then this should be True.
  Default value for NovaSchedulerPlacementAggregateRequiredForTenants
  is false.
* Add boolean parameter
  *NovaSchedulerQueryPlacementForAvailabilityZone* that sets
  *scheduler/query_placement_for_availability_zone* parameter. It
  allows the scheduler to look up a host aggregate with metadata key
  of availability zone set to the value provided by incoming request,
  and request result from placement be limited to that aggregate.
  Default value for NovaSchedulerQueryPlacementForAvailabilityZone is
  false.
* Adds the "OctaviaLogOffload" setting to enable amphora log
  offloading.
* Adds support for IGMP snooping (Multicast) in the OVN driver.
  Defaults to False. IGMP snooping requires OVN version 2.12 or above.
* Support for PowerMax backend cinder driver. Supports both iSCSI
  and FC volume drivers and support deploying one or multiple cinder
  PowerMax storage backends.
* Support for Dell EMC SC backend cinder driver. Supports both iSCSI
  and FC volume drivers and support deploying one or multiple cinder
  SC storage backends.
* Add the ability to deploy the glance-api service at DCN/Edge
  sites. Glance service at the Edge shares the same database as the
  Glance service in the central control plane, but allows other
  services such as Cinder and Nova to access a Glance endpoint that is
  local to the DCN/Edge site.
* When SwiftRawDisks is set, try to mount the disks using uuids
  instead of paths. This makes mounts more stable, eg. if a kernel
  gets updates and device orders are changed.
* The ansible tripleo-hosts-entries is now used for adding
  individual entries to /etc/hosts for each overcloud node. This role
  is used instead of the output data from the Heat stack.
* Added support for VxFlexOS cinder block storage backend driver
* Support for Dell EMC Xtremio backend cinder driver. Supports both
  iSCSI and FC volume drivers and support deploying one or multiple
  cinder Xtremio storage backends.
* A new Heat parameter 'ZaqarWsTimeout' exposes the Puppet variable
  'tripleo::haproxy::zaqar_ws_timeout_tunnel'. This allows operators
  to configure the Mistral API timeout. It currently defaults to four
  hours.
Upgrade Notes
*************
* Cinder's legacy "volume" service and its associated endpoints are
  automatically removed from the keystone catalog. The "volume"
  service is associated with Cinder's v1 API, which was removed in
  Queens.
* Now NotificationDriver is set to noop by default, as legacy
  telemetry services are disabled by default. Explicitly set
  NotificationDriver parameter to notifications from each services.
* The "external_bridge" tag is now used for the Compute node. An
  external network bridge is required on the compute nodes in order to
  host floating IPs when using DVR. OVN deploys with DVR by default.
* The CIDR for the StorageNFS network in the sample
  network_data_ganesha.yaml file has been modified to provide more
  usable IPs for the corresponding Neutron overcloud StorageNFS
  provider network.  Since the CIDR of an existing network cannot be
  modified, deployments with existing StorageNFS networks should be
  sure to customize the StorageNFS network definition to use the same
  CIDR as that in their existing deployment in order to avoid a heat
  resource failure when updating or upgrading the overcloud.
* Exclude /var/lib/ironic/* from container-puppet.sh rsync, this is
  a leftover from the initial containerization of TripleO; now we have
  host prep tasks, the ironic conductor and inspector bind mount
  /var/lib/ironic and generate the data that they need. But this data
  should not be in the config volume or it can conflict from each
  other when rsync runs at the same time. Check launchpad bug 1868934
  (https://bugs.launchpad.net/tripleo/+bug/1868934). TripleO upgrade
  tasks and host prep tasks will take care of removing the var
  directory from the config volumes and the containers will just use
  the bind mount, like it should be doing now. These tasks will run
  during a minor update, major upgrade, and fast forward upgrade.
Deprecation Notes
*****************
* The deployed-server bootstrap environments, templates, and scripts
  that were previously deprecated are now removed. These removals
  include deployed-server/deployed-server-bootstrap-centos.sh
  deployed-server/deployed-server-bootstrap-centos.yaml deployed-
  server/deployed-server-bootstrap-rhel.sh deployed-server/deployed-
  server-bootstrap-rhel.yaml environments/deployed-server-bootstrap-
  environment-centos.yaml environments/deployed-server-bootstrap-
  environment-rhel.yaml
* As the fast forward upgrade workflow to skip multiple releases now
  relies on the very same upgrade_tasks, there is no need to mantain
  the fast_forward_upgrade_tasks, as well as any of its references.
* ExternalPublicUrl, ExternalAdminUrl and ExternalInternalUrl are
  deprecated. ExternalSwiftPublicUrl, ExternalSwiftAdminUrl and
  ExternalSwiftInternalUrl should now be used.
Bug Fixes
*********
* The parameter "ControlPlaneSubnetCidr" was missing in the
  "network/ports/net_vip_map_external.j2.yaml" and
  "network/ports/net_vip_map_external_v6.j2.yaml" template files. This
  caused deployment failure since the "VipMap" resource pass this
  property. (See Bug: #1864912
  (https://bugs.launchpad.net/tripleo/+bug/1864912))
* Ensure the barbican Key Manager settings are configured on
  DCN/Edge nodes when the barbican service is deployed in the control
  plane. See bug 1886070
  (https://bugs.launchpad.net/tripleo/+bug/1886070).
* As per launchpad bug 1855704, the lvmfilter task aims at hiding to
  the host the LVM2 volumes created by compute guests in Cinder
  volumes or Glance images.
* When using the Shared File Systems service (manila), you may now
  use the Heat template parameter "ManilaEnabledShareProtocols" to
  configure the NAS protocols that users may use. If not set, the
  value is inferred per the storage backends that have been enabled.
* Ansible GroupVars incorrectly keept a single subnet prefix per-
  network. This caused a problem when multiple subnets using different
  subnet prefixes where defined. Resulting in the wrong subnet prefix
  being referenced in the NetworkConfig for roles.
AnsibleHostVars stores networks subnet prefixes instead. See bug:
  1895899 (https://bugs.launchpad.net/tripleo/+bug/1895899).
* The keystone catalog is automatically updated to remove any
  entries associated with Cinder's v1 API "volume" service. This fixes
  bug 1897761 (https://bugs.launchpad.net/tripleo/+bug/1897761).
* All roles now default to using the net-config-static-bridge.yaml
  nic config when using deployed-server. Since OVN is the default in
  TripleO, Compute roles need to have br-ex. Previously when using
  deployed-server, the default nic config for the non-Controller roles
  was net-config-static.yaml, which did not create br-ex.
* Fixed issue in the sample network_data_ganesha.yaml file where the
  IPv4 allocation range for the StorageNFS network occupies almost the
  whole of its CIDR.  If network_data_ganesha.yaml is used without
  modification in a customer deployment then there are too few IPs
  left over in its CIDR for use by the corresponding overcloud Neutron
  StorageNFS provider network for its overcloud DHCP service. (See
  bug: #1889682 (https://bugs.launchpad.net/tripleo/+bug/1889682))
* Fixed an issue where disabling one or more networks in
  "network_data.yaml" caused deployment failure. (See bug: #1842001
  (https://bugs.launchpad.net/tripleo/+bug/1842001))
* Fixes an issue where the parameter "CloudNameStorageManagement"
  was used for all custom networks with service_net_map_replace
  defined. (See bug: 1862679
  (https://bugs.launchpad.net/tripleo/+bug/1862679).)
* Fixed an issue where containers octavia_api and
  octavia_driver_agent would fail to start on node reboot.
* Certificates get merged into the containers using kolla_config
  mechanism. If a certificate changes, or e.g. UseTLSTransportForNbd
  gets disabled and enabled at a later point the containers running
  the qemu process miss the required certificates and live migration
  fails. This change moves to use bind mount for the certificates and
  in case of UseTLSTransportForNbd ans creates the required
  certificates even if UseTLSTransportForNbd is set to False. With
  this UseTLSTransportForNbd can be enabled/disabled as the required
  bind mounts/certificates are already present.
*
  https://review.opendev.org/q/I8df21d5d171976cbb8670dc5aef744b5fae65
  7b2 introduced THT parameters to set libvirt/cpu_mode. The patch
  sets the NovaLibvirtCPUMode wrong to 'none' string which results in
  puppet-nova not to handle the default cases correct and sets
  libvirt/cpu_mode to none which results in 'qemu64' CPU model, which
  is highly buggy and undesirable for production usage.  This changes
  the default to the recommended CPU mode 'host-model', for various
  benefits documented elsewhere.
* When using RHSM Service (deployment/rhsm/rhsm-baremetal-
  ansible.yaml) based registration of the overcloud nodes and enabling
  the KSM using NovaComputeEnableKsm=True the overcloud deployment
  will fail because the RHSM registration and the ksm task run as
  host_prep task. The handling of enable/disable ksm is now handled in
  deploy step 1.
* In case of cellv2 multicell environment nova-metadata is the only
  httpd managed service on the cell controller role. In case of tls-
  everywhere it is required that the cell controller host has ther
  needed metadata to be able to request the HTTP certificates.
  Otherwise the getcert request fails with "Insufficient 'add'
  privilege to add the entry
  'krbprincipalname=HTTP/cell1-cellcontrol-0....'"
* HA container naming scheme has been updated to look like
  'container.common.tag/<servicename>:pcmklatest', in order for podman
  to not prepend any host suffix in front of this tag, otherwise this
  confuses the podman resource agent in pacemaker.
* Fixes an issue where TripleO fails to set the Barbican key ID for
  Swift with a permission error if the config files are not relabeled.
* Fix Swift ring synchronization to ensure every node on the
  overcloud has the same copy to start with. This is especially
  required when replacing nodes or using manually modifed rings.
Other Notes
***********
* Moving this chcon call to the specific podman container upgrade
  part allows to prevent consuming time for nothing. This chcon call
  is needed only if we move from docker to podman, meaning upgrading
  to train.
* The ValidateNtp has been removed from the all nodes validation
  configuration. During the time sync configuration we already do a
  check to ensure the ntp servers are available. If they are not we
  will fail with an appropriate message. The ValidateNtp option came
  from a time before we could fail in a more explicit way.
Changes in tripleo-heat-templates 11.3.1..11.4.0
------------------------------------------------
57f5a899e Making sure virt-guest-shutdown.target exists
d539906ee Define a new CinderVolumeEdge service
6dde10a52 Set up right DNF module stream for Upgrades and Updates.
491b54571 Disable notification from services by default
e76ad346d [Ussuri/Train] Check mode doesn't work for async tasks
e14489eef [TRAIN ONLY] Remove duplicate /var/run/openvswitch bind mount
edacbada6 remove c7 update/upgrdae jobs
73eb35255 Enable tripleo_free strategy for upgrade
8cc56bb50 Add setting to override max memcached connections
bee00aa6b Fix swift containers idempotency
549cfe21d Refresh Swift ring files without restarting containers
b2ac1d378 Add missing IPA services for queens to train upgrades
9410d79e6 Adding key_size option on the certificate creation
63a2f24cd move c7 container upgrades to nv in train tht
1cda5afd2 Remove vfio-pci.conf module load file
98377d020 Ensure cinder LVM volumes work after system restart
cf3da8ed8 Wire up new tripleo upgrades jobs template
c6a551617 Add NovaDisableImageDownloadToRbd parameter
4b392af30 Don't pass empty values for ipaclient_servers to ipaclient role
9e3509f84 Rely on the HOSTNAME var to resolve the mon container name
98c7bb164 Skip Trilio dirs when setting ownership in /var/lib/nova
5a1a3cc1e Remove Luna HSM clients on scaledown
a1cb1e716 Run os-net-config on step 3
5a44e4ad9 Move ipa check to external_deploy_tasks
1ee73dcb8 Run online migration tasks from external_update_tasks too.
64a8cd2d3 [Train Only] Make the docker restart in hybrid state idempotent.
d9d854329 Use ansible for nodes validation
e87192234 The lower constraint file has been removed
4b882797e Fix barbican settings missing from glance Edge nodes
a0330d23a Fix ceilometer_agent_compute healthcheck
95ec1f23b Add possibility to set logging source for Horizon
c0c29604c Ensure cloud-init has finished before puppet run
77145eb87 Adding Ceph Dashboard to the Edge roles
ff61a5e5e [train/stein only] Add parameter to identify previous nbd-tls state
08ec765f8 Add qemu metadata to compute node when tls for live migration
8bc8771bc Add NovaApiMaxLimit configure max_limit for nova
7d69700eb Identify HSMs using labels instead of Slot ID
e99d7212a [stable/ussuri,train] Add cidr to outputs of port_from_pool.j2
e0ce36ea2 Set correct default NovaLibvirtCPUMode
99b236f77 Switch novajoin to use RpcUserName
a2510a5e1 Use bind mounts for tls certificates
1747a9976 Add file which enables QoS related L3 agent extensions
43049567a [TRAIN-ONLY] Fix tripleo-work-dir role name in ceph-base
47ec46164 Make sure apache metadata is set for nova-metadata service
83b5691a5 Move enable ksm on compute node to deploy step 1
6eb4cd281 Refresh ceph-ansible group_vars values
d32539262 Remove corosync.conf if it's a dir from remote.
d9fa437f0 Config options for AMQP1 transport in collectd sensubility
af90cef66 [train-only][ffwd] Dont reuse tripleo_step4 for hybrid state
4f4601466 Relax facts gathering plays on the overcloud
cc60d8134 Use tripleo linear when not using tripleo free
ca5860b4f Switch deploy steps to tripleo_free
3669724d0 [train-only][ffwd] Update InstanceHA script in hybrid mode
00b87e6c6 Add CinderBackupOptVolumes parameter
a52fff665 [train-only][ffwd] Create specific paunch config for hybrid state
0b39f391e [stable/train] Check correct location for skip-deploy-identifier
680d341ca node_exporter_container_image is needed in 'all' group
5a0dbe240 Properly compute hostname when looking for the ceph-mon container
4f29c3493 Filter computes with nova_host defined
7585a2854 Enable Ceilometer data transfer for STF
445d159f6 Fix MetricsQdrUseSSL value
6b99abc5d Remove Nova parameters that are no longer used
a1f4c4883 Always set dashboard_protocol when Ceph Dashboard is enabled
ef2ebb18d Fix memcached logging
fc4145068 Simplify consumer job tags
80911871b [c7-train] Switch c7 jobs to content provider
1c97de9a6 Failure status should be set on 0 rather than 1
28762852b Add package install for openssl-perl
d6b29f134 Remove centos-7-standalone-upgrade
f07ca38a8 Don't manage bridge mappings in scenario file
4afee56af [train] Switch to content provider jobs/templates
e3477d92f Run tripleo_lvmfilter role to restrict block devices visible to LVM2
0180a7ef6 Use `undercloud` instead of `Undercloud` when delegating tasks
f525e4ab6 Return details in output of container health check
597c00cea Add config option for collectd libpodstats
4667fffa0 Don't use POLL_SERVER_CFN transport for DeployedServer
9071b63b3 Expose new THT params for cpu model flags
6fb47d088 Fix names of the puppet parameters used to set min bw limits in Neutron
d574cfe71 Add CephClientConfigOverrides resource
746d26986 [train-only] Introduce hybrid state also for ovn_controller
f90a2fcc7 [train-only] Switch sriov agent in hybrid state
7b7687315 [manila] Add "ManilaEnabledShareProtocols" param
88ed572d0 Fix tripleo-hieradata role name in Barbican deployment
5c3b374fb Also configure Ironic for UC minions
d4ad97028 Change permissions on /run/octavia to octavia
c73a0be54 Force CephAnsiblePlaybook to its default value on FFU prepare
74a6ac6eb [FFU] Remove cinder's v1 keystone service
ec2aa2313 Retry container pull 3 times
1482410db [TRAIN-ONLY] Change default sensubility execution shell
0a10aaba1 Revert "Adapt container health check for built-in podman health checks"
f35c34550 [train] mysql: adjust CLI args based on container cli
f76fab723 Make NovaLibvirtOptVolumes role specific
14e1b12ed Remove dashboard_frontend_vip from the ceph mgr template
01153c914 Squashed backport for 'NovaAllowResizeToSameHost' parameter
b2a439fd0 Add ability to manage irqbalance on compute per role
d56070a23 Create external bridge on Compute nodes by default for OVN with DVR
33578636d Gather more extra stats with the collectd virt plugin
114c9551b Force container fetch
a304f6ff9 Rely on templates for multinode updates job triggering
3d9362c3a Default cinder_volume_node_names to []
31a1f9c8e Adapt container health check for built-in podman health checks
848569c3f [Train-only] Configure podman registries during a minor update.
062e60eeb Assume Grafana and Ceph Dashboard to be on the storage or ctlplane nets
4c95c55f4 Set NeutronEnableDVR to False for OVN-HA
64a8ca4ac Implement a Minimal role
9a84c0380 Create container-puppet-tasks files per step in check mode
2f8c408a9 Configure rsyncd without pid file for Swift
6dd9eeef6 Allow optional volumes for nova_libvirt container
991d990d5 [train-only] Fix unhealthy ovn_metadata_agent during hybrid state
ef3a39c27 enable-ssh-admin: allow to override plan name
15ffac7fa Clear cached facts based on the tag as well
7d4f2f500 Adds new configuration for panko-expirer
cbf5e6e70 Centralized logging minor fixes
2f26828a7 Add more metadata to logs
c8b424ea0 [Train only] Add missing stop service steps for FFU.
ed898531e Revert "Disable Designate service for scenario 03"
5a7f9e14d Get the CIDR of the neutron port for NetworkConfig
205957a8e [train-only] Ensure obsolete module nf_conntrack_proto_sctp is not loaded
80aff677d Add dashboard_tls_external ceph-ansible parameter
0195b441c [TRAIN-ONLY] Remove OVNDBs from multinode sc file
46b45ed6e Remove race during mysql database creation
41d5a77cf Fix up ovn-dbs update tasks
9fdd2c61b Complete missing description
528a7f6d0 Bind mount /var/lib/container-config-scripts inside the restart bundles
29a02c1db Add pacemaker& clustercheck in multinode scenario
b08b78bfe Memcached collectd plugin uses host URI instead of IP address.
19de5e8ce Mount libpod container volume into collectd container
ea0cd3c37 Use UUID for mounted SwiftRawDisks
af905a541 Add parameter and CI config to enable Ceph OTW encryption
688b59301 Use appropriate allocation pools for StorageNFS
0498a62ea Add the NovaImageCacheTTL to the nova compute service
6b98944e3 Fix Swift ring file synchronization issue
8f4cd41c7 Remove Etcd from DCN roles that don't need it
7eb563da2 Replace all the bridge_name variables in templates
ca3bd9c3d DCN: use FQDN in glance endpoint with internal TLS
c7eb59279 Make sure IPA has the right ACI
02355504f Enable collectd-ceph plugin only where needed
b34ca4e1c Use container_file_t for Cinder*NfsMountOptions by default
70f52b992 [Train Only] Renamve tripleo_upgrade_hiera into tripleo-upgrade-hiera.
3505d9563 [ffwd] Add fix for OVN DB vip change
18c36861c Remove remaining Skydive references
6ce282296 Remove skydive
172e03fcd Default to storage_dashboard, when set, for the CephDashboard service
94ba27090 Set a higher PIDs limit for nova_libvirt container
ad090f94c minor update: only migrate HA VIP away when needed
a549491bd Avoid failing on deleted file
322566b94 Run external_deploy_tasks per step for each role
5a600db08 [ffwd] Don't remove package python2-chardet
aacf9c18b Use tripleo_network_config
aea1f70ed Create container config scripts with a new module
49b4b2c9e Create Container configs with a new module
73fb30689 Modify how libvirt related containers use SELinux
d224d4150 [FFWD Ceph] Fix ceph post_upgrade_tasks for osd options
1848fa025 Fix endpoint map tls - zaqar wss port
3dd00efb8 Add new Luna HSM parameter for Barbican
1fdfa3332 Fix pcs restart in composable HA
fffbdc0df Fix HA resource restart when no replicas are running
da6b7b424 Drop bootstrap_host_exec from pacemaker_restart_bundle
48f068452 Do not hard-code vars_from
a9e7a6fa9 Revamp how etcd's cert and key are handled in containers
82b508a3f Add PermitRootLogin option in sshd_config before leapp.
4b283ae9e pcmk_remote FFU support for Instance HA
906256a1b [Train-only] Move config-data context switching to Upgrade
9f1e98275 Add support for Gnocchi NFS Backend
af3b0f202 Remove ffwd-upgrade leftovers from THT.
d0c5bcac8 Fix delegation with FreeIPA cleanup
855379056 Reset sriov_numvfs to 0 before leapp upgrade
8120c2df1 Unset keystone::public_endpoint
b273143f0 Port jobs from centos7 to centos8
1eb954241 Update octavia playbooks parameters
d5aff2e17 [Train Only] Add CephAnsibleWarning into upgrade lifecycle environment files.
2f382ac90 Align kernel args for system upgrade using leapp
7859e7999 Stop using a conditional for role tasks
ef76e92bb Add non-string value support for CephAnsibleEnvironmentVariables
8cf38e95c [TRAIN-ONLY] Set the right container_client when set/unset noout
82d8fda57 Add CephAnsibleRepo warning to make this validation more flexible
ce6a7a100 Prevent ovn dbs related facts to run on each step.
76e284311 Remove redundant file management for /run/redis
a55c34d69 Expose the zaqar_ws_timeout_tunnel variable.
ed65866d4 Add openvswitch special treatment to update too.
e17ed6430 Add dashboard_protocol variable when internal_tls is enabled
e965239d6 Ensure redis_tls_proxy starts after all redis instances
bbaded6ca Add BarbicanClient service for configuring edge sites
a9076cb59 Generated passthrough_whitelist shall use all the user_configs fields
c7036d8ba Add missing config_files kolla directives
63154e137 Add podman service to scenario007 environment
31d8500d9 Remove /run from some services
cfb99a967 [TRAIN-only] Remove duplicate register
15df75c31 Drop the relabel flag for bind-mount
69d63e0bc Fix vbmc_setup.yaml for c8 standalone
2ee69f20b Attempt to remove octavia tls proxy service only present
5087bc9c1 Use distinct params for ca cert in nova-vnc-proxy and nova-libvirt
d48b22c15 Set and then unset Ceph's noout flag before/after node is rebooted
c33f91005 Simplify host entries generation
3a87458ac Add become: true to the container json file modules
0ba5cfa94 FFU support for ceph_nfs
b3ee1252c deploy-steps-playbooks-common: fix logic for scale_ignore_unreachable
7bd1d7379 Convert roles section into tasks-include_role in deploy-steps.j2.
cc603f197 Fixed libvirt volume path for nova-migration-target-container
ec3568e68 Generate container startup configs with a new module
247105809 Allow overriding InterfaceDefaultRoute with ips_from_pool template
cf26dcda4 Don't use pacemaker in ironic sa job
ed7096f31 Check for correct column name for execution show
c276a7e30 Fix bind mount volumes for novajoin containers
716870109 Fix privilege escalation
8d2604dee Use command to set pythonintepreter
9db0d3661 Revert "[train/backport] Prevent nftables to interfere with tripleo firewall"
4e0604603 Task should fail on any failure
4157d5832 Unmount NFS shares before launching LEAPP
cbefd789d Collapse deploy steps
16fc8da63 Manual backport of "Move sidecar kill scripts to host prep" to Train
39c977afb undercloud/heat: set YAQL memory quota to 200000
39945d563 Exclude /etc/hostname
934de903c Don't set RABBITMQ_SERVER_ERL_ARGS
40e2bf5dd Always clear cached facts first
4f3597daf Collapse host prep tasks
6dfbdbbca [TRAIN ONLY] Wait until DB is ready for neutron DB rename
883d778f8 Add filestore to bluestore migration tags
ea7c886e2 [Q->T] Add FFU steps for manila
d0a3da09c Add project template for IPA multinode
728babbc5 Disable Sahara in scenario003-standalone
0dc690ff1 [TRAIN ONLY] Provide way to initialize Leapp
cd0d92930 [train-only] Ensure removal of deprecated xinetd
c20d10d41 collectd: add support for mcelog service
889163cd8 Add new parameter PublicTLSCACert
4ffe8c3cc Fix Error: invalid arguments you must use just one container
555bba7a5 Adding amphora architecture to heat templates
1495ced5c [train-only] Make sure UpgradeLevelNovaCompute is empty string for upgrade
04abe36ca Disable Designate service for scenario 03
6585e21db Sync httpd conf.modules.d configs
1fd3a3654 Cleanup all container startup configs before generating the new ones
eff6fff6c Change the :Z mount flag to :z
9ee059e80 [TRAIN-ONLY] Add keystone_resources for Panko
975e47f21 [TRAIN ONLY] Fix the glance-api-edge firewall configuration
69d2d4581 Improve documentations for NovaLibvirtFileBackedMemory
987df6685 Increase the default UpgradeLeappRebootTimeout to 60 mins
ab3548f23 Allow more tasks to be run in check mode
5b4566278 Disable presettled metrics
0395513af [TRAIN ONLY] post Leapp package fixups
5babfe002 [TRAIN ONLY] Ensure interim db migration containers work properly
5c55a46df Move nova online migrations to nova-conductor
acc12770b [TRAIN-ONLY] Be explicit when passing vars into deploy steps
8ba26c4a7 Support for Dell EMC VXFlexOS Backend
4980171e0 [TRAIN ONLY] Add FFU parameters in lifecycle env files.
7b0321a9a Adding env file for octavia with kvm
539692ef9 Update minion rabbit credentials
a97a738d8 [TRAIN ONLY] Introduce hybrid state for nova compute
09908f92e Allow triggering ceph-ansible filestore-to-bluestore with ceph_fstobs tag
20bb24a0e Ironic create_swift_temp_url_key use internal edpoint
3988e5c07 Add composible service for tls enrollment
4eb593c17 Support for Xtremio Cinder Backend
8b0d9239a Unify metrics_qdr name to underscore
cac2eff0c Fix dry-run for NetworkConfig tasks
7ae0132bc Consider user configuration during the derivation of passthrough whitelist
bc62de223 Fix reserved name variable
4b4e27305 Only enable leapp tasks when distribution is correct
11125aced Enable glance cache prefetcher interval
b6f9ea097 Remove ValidateNtp
80537150a Use empty string for overcloud InternalTLSCAFile param
6108044f7 Add an option to adjust help URL in horizon
6cbee27e9 Add the ability to offload amphora logs
238d751b6 Check transfer data flag to skip pacemaker normal upgrade.
fa1e82707 Ensure net.ipv6.conf.lo.disable_ipv6=0
7778c19a4 Fix node scaling
3651e49d4 MaxFailPercentage: default to 0
eaed4046d Revert "Only enable leapp tasks when distribution is correct"
3d16a7009 Add reserved ports for some services
ae28b1246 Add parameters for vPMEM features
024afc22a Improve facter cache reliability
637c8ce96 Fix syntax error
05d8e24a5 enable dpdk plugin on neutron ovn and ovs
c530e2af7 Set default InternalTLSCAFile in enable-tls.yaml
3b0aa5da1 Configure SNMP on undercloud
872110d14 Update loop_vars
695d96e49 Remove Ceph{Admin,Mon,Mds}Key parameters
3cb88f9be rhsm: add rhsm_release in environment for doc purpose
bfbb55e14 Force container deletion if namespace does not exist in service_kill
a4af78ed6 Add ci environment file for standalone IPA parameters
273d53278 Add new parameter NovaSchedulerQueryPlacementForAvailabilityZone
78ac9ca05 Move chcon for /var/lib/config-data
85c99e873 Fix sending SIGTERM to the sidecar containers
ca9b11584 Fix typo in the description of the Neutron related options
2b85b569b Include tripleo_ceph_workdir role on rgw variables override
1b2679680 Make user value for GlanceImageImportPlugin prevail on logic
075129286 Add ansible hieradata file
b4dffb942 Configure valid_exit_code for startup containers
c416ddabb Only enable leapp tasks when distribution is correct
1013e6f0c Split ansible_limit with a colon.
6e3c933ff Add common_deploy_steps to post_upgrade_steps.
979e59782 Enable adding packages into Leapp's to_remove/to_install files.
81792032f Remove unnecessary check after removing libvirt rpm dependencies
427df766b Correctly match openvswitch package
55ecd97d3 Add support for resource provider bandwidth in Neutron config
d56dcc61b Make /var/lib/mistral traversable by all users
c8a0a77b1 Stop nova placement during upgrade data tranfer
405ebda2b Add cacert to clouds.yaml
c21972f39 Add option to not install ipa client packages
56acca507 Add mode option when creating persistent directories.
8e20a1fc4 Add retries to initial image fetch
41e856356 Add support for lunasa hsm in barbican
7f6831ed3 Neutron ML2/OVS: add support to enable of IGMP snooping
2367b8aa5 Skip operating system upgrade tasks via UpgradeLeappEnabled param.
45c159f38 Make per_node.yaml py3 safe
d92443f96 Execute kvm-setup inside nova_libvirt container
663f103da Fix listen_on_master_ip_only
1d0594ff9 Enable external LB support with ovn
d2e6e5e8d Change Collectd ports type to numbers.
bd4cc8e85 Support for SC Cinder Backend
a8ecd8e5a Fixing powermax config errors
692717bd4 Fix cinder and etcd running with internal TLS enabled
513d5da06 Change Schedule to Scheduler for consistent naming
45760e089 Add hook to run RHOSP policies enforcement.
91dbf71eb Fix IHA with ansible 2.9
51565c0c3 Fix typo in setting octavia wsgi server name
e6dd20f73 Add an option to disable the DNS record modification in FreeIPA
b9f16d501 Add a 600s timeout when creating enable-ssh-admin workflow
e054fc3cc Make sure IdMServer is optional
908280a05 tripleo-ci-centos-7-containerized-undercloud-upgrades -> NV
3214bf08c Fix missing OctaviaClientCert* parameters
91c3360e8 Changes in env files due to new SRIOV roles
75111e9c4 Add NeutronDhcpAgentDnsmasqEnableAddr6List param
fd775e50a Add tripleo_delegate_to var for ceph health validation
0d3d01edf Revert systemd sidecars
f238c25c9 Update container certificate
dd9a9ac76 Check for InternalApi in role for HostnameResolveNetwork
cbbf6d562 (train) manual backport of: update startup-configs with latest hashes
0e2426423 Split out selinux management
7e1babbab Set Neutron's l3_ha flag to True in standalone ML2/OVS job
7d2aac526 Remove healthcheck from ceilometer_gnocchi_upgrade container
0523324b3 Move /etc/ssh/ssh_known_hosts bind mount where it's needed
3cf7f416f Make neutron ml2/ansible's base plugin variable
765d19889 Ensure <service>_restart_bundle do not run concurrently
b938f7cd9 [train-squash] Remove hardcoded reference to cinder LVM loopback device
c2e22af3e Exclude /etc/puppet from config generation
b95d78df8 Fixed package names for CentOS-8 octavia deployment
885e9e344 Fix NovaCrossAzAttach hiera key
72cb712e1 Add NovaCrossAZAttach parameter
26a21d597 Support for PowerMax Cinder Backend
069a37fa2 Support for mariadb's ed25519 authentication
9d1a35548 [Q->T] Alow supplying command options to leapp
697800360 Add IronicDhcpv6StatefulAddressCount parameter
19f6f42a5 swift-external: deprecate External*Url
d570a95c4 Move ceph-rgw and config overrides variables
bc63a7b1c [OVN] SRIOV with native OVN DHCP server
553b61ca2 Add new parameter NovaSchedulerEnableIsolatedAggregateFiltering
fd1767193 nova-compute: disable scale_tasks when docker is used
cf3c03ebd Use kolla tools for memcached configuration
947d3b118 [TRAIN-ONLY] Fix indentation
12bdd6feb [Q->T] Introduce Queens to Train Upgrade
6c04309a3 Move the haproxy iptables rules creation to host_prep_tasks
5b5780c15 Skip both tenant and management networks when generating certs
eb414b0de Added scale_tasks to handle cleanup on scale down of nodes
69c2b13f9 Add Octavia OVN Provider configuration
3b5fca296 Exclude /var/lib/ironic/* from container-puppet.sh rsync
0d783d38e Properly place undercloud hosts record upgrade task
2e57b2b8a Create DNS entries in IPA for openstack services
afb7b78e3 Add new composable service for IpaClient
86f149ae3 Include {{step}} when setting facts
4ac2d6436 Switch to docker pull
aeb5bc9b9 Workaround for cinder A/A and etcd with TLS-everywhere
fc36448fe Introduce {{role.name}}ExtraGroupVars
f3aaeda76 Add new parameter NovaSchedulePlacementAggregateRequiredForTenants
d6cd50b37 Switch to podman_image module
3caf2186c Fetch containers early
cd29180c3 Use exec when spawning any neutron sidecar container
a5e551cb6 Fix regression in container-puppet.py
7ac642644 Fix selinux denial on centos8/rhel8 when relabelling /var/lib/nova
eedb679db Do not fail if /usr/sbin/nft is not present
b9c43e1f4 add tht/common to trigger path
0ce171614 [TRAIN-ONLY] Fix systemd-wrapper integration during update.
c759bb68c ovn_dbs_virtual_ip created even though ovn is disabled
7529b8cd4 Drop unused remnants of the hosts-config bits
ba7193495 Use lists for storing host entries in Heat
3fff96c36 Fail NetworkConfig task on timeout
92433d5c9 Add DNS related settings
7dea79a9e Create a new parameter for the HAProxy external network
eea3ff0e1 Tolerate NFS exports in /var/lib/nova when selinux relabelling
59f34c3af Ensure consistency with hostname comparison
f6b5ecde9 Revert "Stop using swift temp url for config transport"
eec17c517 Pass server metadata to ansible group vars
cbec6b3c2 Allow disabling the octavia provider
b9ae8b6b5 Add always tags for hieradata render in external upgrade.
e7a4cee7b HA: drop spurious mysql user on stack deploy
ae38157db Neutron ML2/OVN: Add support to enable IGMP Snooping
c3b24599d [train/backport] Prevent nftables to interfere with tripleo firewall
c40fa7055 DCN/Edge: Handle ipv6 address for local glance endpoint
2c29f7cb4 Introduce environments/disable-swift.yaml
5f00163a0 HA: check before restarting resource on stack update
1e1f6c769 Parse healthchecks.log instead fetching systemd data
bf9c153d0 Fix dashboard_frontend_vip parameter
52a3f896d Move ceph-ansible required variables in the main group
18e574ac4 Use jinja raw tag instead of quoted concatenation
fa4214095 Use exists filter instead of stat where possible
8df8c9e38 Fix the mounting issues for the TLS everywhere deployment
99f24b64b Remove unneccessary indentation from common tasks
0e6720a19 ControlPlaneSubnetCidr in net_vip_map_external
393b3b16d Use a smaller,static custom mapping file for Mistral and TripleO
dbda46256 Add STF environment
8b8194b17 Generate /etc/hosts early on both under and overcloud
7f8b87a90 Always set hieradata for certmonger_ca
9a7b054f5 Add CephBasePoolVars and CephKeyVars structures
d69ec8a5c Fix TenantInterfaceDefaultRoute in net-env-v6
31c6b199b Replace chronyc "waitsync" with "makestep"
85850d8af [TRAIN and before] Introduce ContainerCpusetCpus
76de3fd93 Use exec when spawning dnsmasq inside sidecar container
025171a3a Add j2 per-role MetricsQdrNetwork
7c01813e2 Don't add IpList for disabled networks
40a1e5ba1 rabbitmq: Open ports 25673-25683 for CLI tools
6c2b9900a Create ResellerAdmin role when deploying Ceph RGW
445387589 Use a common playbook import for common plays
bee336a03 Use a jinja block to reduce str_replace repetition
6d194bc93 [TRAIN-ONLY] Finish Ceilometer-Panko decouple
16e5e1737 Remove duplicated topic parts from default value
5108054aa [TRAIN-ONLY] Add systemd-wrapper update tasks
2661ea24b [update/upgrade] Use include_tasks instead of import_tasks
95f2e100d Optionally configure Ceph RGW listener with SSL
81c223792 Trigger ceph-ansible on ceph_systemd tag too
e4abce799 Cleanup tasks for container-puppet.py
100ed1925 Add the certificate specs in ceph_mgr service
d82e6d3ed Update the number of keystone workers
87e241134 Fix mapping of KeystoneOpenIdcEnableOAuth
851bbb31e Remove all ignore_errors to avoid confusion when debugging
8687f5f2a Remove comment about tripleo_container_manage being experimental
ae2aac5d0 nova-compute-container: add missing condition for ksmdisabled
5caef8de1 Run the swift_rsync container unprivileged
2bd4cdeb2 HA: reorder init_bundle and restart_bundle for improved updates
aabb3cace Restart ovn-dbs resource to take new VIP property.
33ce60d6a Check Ceph*Key value format and halt on error
5ac7a8c49 Remove support for ceph-ansible fetch directory
49fc109bb Configure Undercloud hostname in the overcloud during upgrade.
779f1c846 Add support for glance multistore
a20a4f6dc Use ipc:host for cinder-backup
3e2d1fa61 Add setfacl statements for neutron metadata proxy
a95fc76f2 Fix krb-service-principals with service_net_map_replace
dc4ecf797 Add ceph_ansible_repo variable on ceph-base
fb7127a6e Enable sudo rule creation
0a1aeba00 Fix dcn-hci resource mapping path
9545cbc38 NodeDataLookup utility should rely on python env
5f85abc14 Remove BlockStorageCinderVolume service from certain DCN roles
6f2e19988 Add an environment to disable Paunch
5322f30b3 [TRAIN] Backport squash for container-puppet.py
ed158f786 Set octavia-ansible dir ownership to Ansible user
8eeba7f51 Add swiftoperator role on ceph-rgw template
fadbafd42 tripleo_container_manage: set tripleo_container_manage_check_puppet_config
32279c4a3 [train-squash] Backport "all Keystone resources with Ansible"
bf6154170 Introduce CephExternalMultiConfig
0cd97e44c Force facts cache refreshing after OS upgrade.
b2f4d6899 Add DCN Scale Out Roles
ed4ed7762 Ensures rsync is present on the overcloud nodes
0ac37029f Ensure /var/run/octavia is present upon reboot
c41efb62d Fix permission issue when removing octavia temp dirs
83d4e84a4 Add DeployIdentifier to extra config containers
a9c6cd058 [stable/train only] Use service_name in heira for firewall rules
2f9a570fb [train-squash] Backport keystone/bootstrap changes
8316a6142 Deploy /etc/openstack/clouds.yaml with Ansible
c92f5c4a3 Add support to run Container Puppet tasks without Paunch
aa365ee11 [update] Ensure we get fresh hiera data before running update_steps.
a885c0e17 Add dependency for enable KSM for RHEL/CentOS8
852dc1013 Remove libvirt packaged dependencies
2d265e868 Use a systemd service to handle sidecar containers
7683b8bca Dynamically include container-puppet tasks
cabbd38cf Increase concurrency when starting containers
289632dd6 Remove static reference to InternalApi network
6bfd65adf Enable configuration of notifier publishers
d58c133d3 Replace '' by [] when a bind mount isn't needed
60d21eef4 Remove unnecessary slash volume maps
e7351d44c [train-squash] Backport legacy log folder and readme cleanups
18f2c2796 Create /var/lib/config-data if it doesn't exist.
cb174c919 Default all roles for deployed-server to net-config-static-bridge
2dd84fa5c Rename common deploy step 1 tasks
0551958a1 container-puppet.sh: add -r to rm command
591dd0809 Dynamically include generate-config tasks
45850442d [SQUASH] backport tripleo-container-manage to stable/train
c8144799e Update ro excludes
ab9f1c1a8 Use action plugin for all_nodes data
b2f6cee43 Fix undefined variable in cinder_backup service.
bd4c3f6dc container-puppet: update 'env' when not null
87d994905 Generate startup configs files per step and per container
03925f8c9 Fix Placement password hiera is not set for Neutron
26e00764f Swap tasks to avoid non-existing variable error.
b2de751d7 Ignore SR-IOV VFs on dhcp_all_interfaces list
73bb3149f Remove all the "container_cli rmi -f" from HA containers
fc52667ee Update ffwd-upgrade branch names
e04f031b8 Remove stray conditional from aodh-evaluator tasks
2051459b8 Revert "Remove panko"
268610fc3 Ensure Ceph dependencies are installed in pre-provisioned nodes
a5e278ea9 Fix keepalived logging on disk
d7b13a24d Fix hieradata for Heat API timeout
6d625c3e9 [train/stein] Increase resource bundle timeout during update.
e204f16e5 Fix kill-script
97c2d4b99 Switch from 'podman rm' to tripleo-container-rm role
2cbcbb08e Revert "Remove libvirt packaged dependencies" due to https://bugs.launchpad.net/tripleo/+bug/1860971 and planning a backport later
7e1f831fd Correct current cinder-backup image var for upgrades
79c82c231 Add network vip mapping into service data
ad95b28c8 Drop z flag on /var/run, it prevents redeployment
557c0c358 Check to make sure compute service is deployed before scale down
f632ea38a Force facts cache refreshing before upgrade.
36f9cc78c Set octavia services' stop grace period to 300sec
bbe15dae0 split() function expects string not array
a854080cb Fix generation of TRIPLEO_CONFIG_HASH for services
b1ac5e1e2 [TRAIN ONLY] Check for correct file during --skip-deploy-identifier handling.
fb6cbd625 roles: Update description of ComputeRealTime role
b1e1e5d31 Add 'scale-up' upgrade steps for cinder-volume
b363837fd Add 'scale-up' upgrade steps for cinder-backup
279de1604 Add 'scale-up' upgrade steps for manila
fa67cb17a Fix incorrect parameter to set max delay in cinder db purge cron
1e9b551b1 Assign service role for ironic user
f38d39d14 Enable external public endpoint for MetricsQdr
c9b8b1576 roles: Remove use of NovaVcpuPinSet from ComputeRealTime
66f13a180 Add swiftoperator role on ceph-rgw template
f7a0aff19 Use list join for rendering rear config file in heat
eb245497e Remove docker_config step 3 for ovn already cover by kolla script
82e2f9dea clustercheck: use fqdn instead of ip for bind address
b10f7e2f0 depends_on: add .service to avoid errors in logs
f90eb2caa Fix deployment on pacemaker remote nodes
7f9b6c40f Ovn upgrade - test if db already exist
90ed42da1 Don't disable compute cell in scale down tasks for additional cells
d8de6badf Add missing any_errors_fatal
9cb5fb76d Open ports for Metrics QDRs
220661582 Remove libvirt packaged dependencies
4d21352e3 Bypass openvswitch update logic if expected packages are not present
4feedd4f0 nova: Always provide LIBGUESTFS_BACKEND=libvirt:qemu:///system
084acebd9 Remove previously deprecated deployed-server bootstrap files
2fc743762 Add 'never' to the tags set for the Ceph systemd units migration task
536550371 Remove upload_validations workflow execution
dada51248 Modify import_role to include_role for boot params service
f9afb87b4 horizon: put plugins toggles in quotes
02faf53ea Mount /boot from the host within the nova-compute container
8a3735015 Fix permission error if Barbican is enabled for Swift
d76180973 Adding ReaR THT
e5e6b95bb Run update without yum update to apply hotfixes.
8f93d271a HA: Fix the cluster common tag behaviour with podman
30bde6129 Introduce CephExtraKeys
f19e2c714 Use include_tasks instead of import_tasks
02f643cd9 Create a dedicated log file for healthchecks for collectd
00c17b368 Add ability to deploy glance at DCN/Edge sites
259de9b99 Do not configure Hiera and Hieradata in Ansible check mode
7148ebd21 Try deleting container for failures too
7362626ca Use async tasks for long running common tasks
829cefa76 Execute deploy_steps_tasks per step
3bdf0c980 Use ansible for hosts entries
bb456e970 Fix rsyslog issues
3d4298a67 Fix typos in hiera values
7ee6cdec1 Make pcsd listen on PacemakerNetwork/PacemakerRemoteNetwork
6fb2aa195 Correct invalid jinja set
13380daec Provide option to set reserved_huge_pages
c9dd7ebcf Provide utility to generate NodeDataLookup from Ironic
4b6eb4ca9 Move some common tasks to step 1
add09e863 HA: increase resource default op timeout for podman bundles
9c2008514 ovn standalone: Start OVN ovsdb-servers using the kolla startup script
b3bbc24ca Enable horizon healthcheck
8184b9497 Fix Octavia to use correct Puppet class
414449705 Enable healthcheck script in clustercheck service
d48f73b18 Remove ceph backend by default for gnocchi
fd61d8c98 Move the legacy telemetry environment template to correct location
ef66a0f4f Add Octavia anti-affinity parameters
5352a88fe Revert "Disable ceph dashboard to fix upstream ci"
3b6f7d057 Remove unused post update and upgrade tasks
Diffstat (except docs and test files)
-------------------------------------
README.rst                                         |    2 +
all-nodes-validation.yaml                          |   51 -
bindep.txt                                         |    6 +
ci/common/all-nodes-validation-disabled.yaml       |   43 -
ci/common/ironic_standalone_post.yaml              |    6 -
ci/common/vbmc_setup.yaml                          |   33 +-
ci/environments/disable-unbound.yaml               |    2 +-
ci/environments/multinode-3nodes-registry.yaml     |    1 +
ci/environments/multinode-containers.yaml          |    6 +-
.../network-isolation-absolute.yaml                |    1 -
.../multiple-nics-ipv6/network-isolation.yaml      |    1 -
ci/environments/neutron_l3_qos.yaml                |    2 +
ci/environments/octavia-kvm.yaml                   |    7 +
.../scenario000-multinode-containers.yaml          |    4 +-
.../scenario001-multinode-containers.yaml          |   24 +-
ci/environments/scenario001-standalone.yaml        |   99 +-
.../scenario002-multinode-containers.yaml          |    3 +
ci/environments/scenario002-standalone.yaml        |   10 +-
ci/environments/scenario003-standalone.yaml        |    5 -
.../scenario004-multinode-containers.yaml          |    1 +
ci/environments/scenario004-standalone.yaml        |   14 +-
.../scenario007-multinode-containers.yaml          |    4 +-
ci/environments/scenario007-standalone.yaml        |    4 +-
.../scenario010-multinode-containers.yaml          |    4 +-
ci/environments/scenario010-standalone.yaml        |   12 +-
ci/environments/scenario012-standalone.yaml        |   16 +-
ci/environments/standalone-ipa.yaml                |   23 +
common/container-puppet.py                         |  813 ++++++++------
common/container-puppet.sh                         |   30 +-
common/deploy-steps-playbooks-common.yaml          |   77 ++
common/deploy-steps-tasks-step-0.j2.yaml           |   38 +-
common/deploy-steps-tasks-step-1.yaml              |  157 ++-
common/deploy-steps-tasks.yaml                     |  538 ++++-----
common/deploy-steps.j2                             | 1036 +++++-------------
common/generate-config-tasks.yaml                  |  109 ++
common/hiera-steps-tasks.yaml                      |   35 +
common/host-container-puppet-tasks.yaml            |   86 ++
common/services/role.role.j2.yaml                  |   31 +-
config-download-software.yaml                      |    1 +
config-download-structured.yaml                    |    1 +
container_config_scripts/cinder_ffu_db_sync.sh     |   42 +
container_config_scripts/glance_ffu_db_sync.sh     |   21 +
container_config_scripts/keystone_ffu_db_sync.sh   |   25 +
container_config_scripts/manila_ffu_db_sync.sh     |   34 +
container_config_scripts/mistral_ffu_db_sync.sh    |   20 +
.../monitoring/collectd_check_health.py            |   70 ++
container_config_scripts/neutron_db_rename.sh      |   38 +
container_config_scripts/neutron_ffu_db_sync.sh    |   20 +
container_config_scripts/nova_ffu_db_sync.sh       |   45 +
.../nova_statedir_ownership.py                     |  119 +-
.../pacemaker_restart_bundle.sh                    |  113 +-
container_config_scripts/pacemaker_wait_bundle.sh  |  320 ++++++
container_config_scripts/wait-port-and-run.sh      |   18 +
.../deployed-server-bootstrap-centos.sh            |   38 -
.../deployed-server-bootstrap-centos.yaml          |   27 -
deployed-server/deployed-server-bootstrap-rhel.sh  |   35 -
.../deployed-server-bootstrap-rhel.yaml            |   27 -
deployed-server/deployed-server-roles-data.yaml    |    1 +
deployed-server/scripts/enable-ssh-admin.sh        |   32 +-
deployment/README.rst                              |   45 +-
deployment/aodh/aodh-api-container-puppet.yaml     |  112 +-
deployment/aodh/aodh-base.yaml                     |    9 +-
.../aodh/aodh-evaluator-container-puppet.yaml      |   32 +-
.../aodh/aodh-listener-container-puppet.yaml       |   31 +-
.../aodh/aodh-notifier-container-puppet.yaml       |   30 +-
deployment/apache/apache-baremetal-puppet.j2.yaml  |   24 +-
.../backup-and-restore/rear-baremetal-ansible.yaml |  105 ++
.../barbican/barbican-api-container-puppet.yaml    |  183 +++-
.../barbican-backend-pkcs11-crypto-puppet.yaml     |   14 +-
deployment/barbican/barbican-client-puppet.yaml    |   61 ++
.../liquidio-compute-config-container-puppet.yaml  |    2 +-
.../ceilometer-agent-central-container-puppet.yaml |   44 +-
.../ceilometer-agent-compute-container-puppet.yaml |   34 +-
.../ceilometer-agent-ipmi-container-puppet.yaml    |   31 +-
...ometer-agent-notification-container-puppet.yaml |  153 ++-
.../ceilometer-base-container-puppet.yaml          |   56 +-
deployment/ceph-ansible/ceph-base.yaml             |  526 ++++++---
deployment/ceph-ansible/ceph-client.yaml           |   15 +-
deployment/ceph-ansible/ceph-external.yaml         |    5 +-
deployment/ceph-ansible/ceph-grafana.yaml          |   30 +-
deployment/ceph-ansible/ceph-mds.yaml              |   13 +-
deployment/ceph-ansible/ceph-mgr.yaml              |  105 +-
deployment/ceph-ansible/ceph-mon.yaml              |   26 +-
deployment/ceph-ansible/ceph-nfs.yaml              |   51 +-
deployment/ceph-ansible/ceph-osd.yaml              |   65 +-
deployment/ceph-ansible/ceph-rbdmirror.yaml        |    5 +-
deployment/ceph-ansible/ceph-rgw.yaml              |  135 ++-
.../certs/certmonger-user-baremetal-puppet.yaml    |   15 +-
deployment/cinder/cinder-api-container-puppet.yaml |  270 +++--
.../cinder-backend-dellemc-powermax-puppet.yaml    |  110 ++
.../cinder/cinder-backend-dellemc-sc-puppet.yaml   |  149 +++
.../cinder-backend-dellemc-vxflexos-puppet.yaml    |  148 +++
.../cinder-backend-dellemc-xtremio-puppet.yaml     |  118 ++
.../cinder/cinder-backend-netapp-puppet.yaml       |    2 +-
.../cinder/cinder-backup-container-puppet.yaml     |   12 +-
.../cinder/cinder-backup-pacemaker-puppet.yaml     |  160 +--
deployment/cinder/cinder-base.yaml                 |    2 +-
.../cinder/cinder-common-container-puppet.yaml     |  121 +-
.../cinder/cinder-scheduler-container-puppet.yaml  |   45 +-
.../cinder/cinder-volume-container-puppet.yaml     |   51 +-
.../cinder/cinder-volume-pacemaker-puppet.yaml     |  151 +--
.../openstack-clients-baremetal-puppet.yaml        |    1 +
deployment/containers-common.yaml                  |   30 +-
deployment/database/mysql-base.yaml                |   22 +
deployment/database/mysql-container-puppet.yaml    |   64 +-
deployment/database/mysql-pacemaker-puppet.yaml    |  142 ++-
deployment/database/redis-container-puppet.yaml    |   36 +-
deployment/database/redis-pacemaker-puppet.yaml    |  132 +--
.../docker/docker-baremetal-ansible.yaml           |   12 +
.../panko/panko-api-container-puppet.yaml          |  375 +++++++
deployment/etcd/etcd-container-puppet.yaml         |  110 +-
.../designate/designate-api-container-puppet.yaml  |   31 +-
.../experimental/designate/designate-base.yaml     |    2 +-
.../designate-central-container-puppet.yaml        |   21 +-
.../designate/designate-mdns-container-puppet.yaml |   12 +-
.../designate-producer-container-puppet.yaml       |   13 +-
.../designate/designate-sink-container-puppet.yaml |   13 +-
.../designate-worker-container-puppet.yaml         |   15 +-
deployment/glance/glance-api-container-puppet.yaml |  283 +++--
.../glance/glance-api-edge-container-puppet.yaml   |   91 ++
.../glance/glance-api-logging-file-container.yaml  |   11 +-
.../gnocchi/gnocchi-api-container-puppet.yaml      |  199 ++--
.../gnocchi/gnocchi-metricd-container-puppet.yaml  |   47 +-
.../gnocchi/gnocchi-statsd-container-puppet.yaml   |   49 +-
deployment/haproxy/haproxy-container-puppet.yaml   |   31 +-
.../haproxy/haproxy-edge-container-puppet.yaml     |  149 +++
.../haproxy-internal-tls-certmonger.j2.yaml        |   19 +
deployment/haproxy/haproxy-pacemaker-puppet.yaml   |  135 ++-
.../haproxy/haproxy-public-tls-certmonger.yaml     |   33 +-
deployment/haproxy/haproxy-public-tls-inject.yaml  |   48 +-
deployment/heat/heat-api-cfn-container-puppet.yaml |   67 +-
.../heat/heat-api-cloudwatch-disabled-puppet.yaml  |   24 -
deployment/heat/heat-api-container-puppet.yaml     |   93 +-
deployment/heat/heat-base-puppet.yaml              |    7 +-
deployment/heat/heat-engine-container-puppet.yaml  |   80 +-
deployment/horizon/horizon-container-puppet.yaml   |  106 +-
deployment/ipa/ipaclient-baremetal-ansible.yaml    |   27 +-
deployment/ipa/ipaservices-baremetal-ansible.yaml  |  179 +++
deployment/ironic/ironic-api-container-puppet.yaml |  174 +--
.../ironic/ironic-conductor-container-puppet.yaml  |   62 +-
.../ironic/ironic-inspector-container-puppet.yaml  |  194 ++--
.../ironic-neutron-agent-container-puppet.yaml     |    2 +-
deployment/ironic/ironic-pxe-container-puppet.yaml |   24 +-
deployment/iscsid/iscsid-container-puppet.yaml     |   69 +-
.../keepalived/keepalived-container-puppet.yaml    |   17 +-
deployment/kernel/kernel-baremetal-ansible.yaml    |    4 +
.../kernel-boot-params-baremetal-ansible.yaml      |   24 +-
deployment/keystone/keystone-container-puppet.yaml |  345 +++---
deployment/logging/files/barbican-api.yaml         |   13 +-
deployment/logging/files/heat-api-cfn.yaml         |   13 +-
deployment/logging/files/heat-api.yaml             |   13 +-
deployment/logging/files/heat-engine.yaml          |   11 +-
deployment/logging/files/keystone.yaml             |   13 +-
deployment/logging/files/neutron-api.yaml          |   13 +-
deployment/logging/files/neutron-common.yaml       |   11 +-
deployment/logging/files/nova-api.yaml             |   13 +-
deployment/logging/files/nova-common.yaml          |   11 +-
deployment/logging/files/nova-libvirt.yaml         |   10 +-
deployment/logging/files/nova-metadata.yaml        |   13 +-
deployment/logging/files/panko-api.yaml            |   51 +
deployment/logging/files/placement-api.yaml        |   13 +-
deployment/logging/rsyslog-container-puppet.yaml   |   40 +-
deployment/logging/stdout/haproxy.yaml             |    2 +-
deployment/logging/stdout/panko-api.yaml           |   63 ++
.../logrotate-crond-container-puppet.yaml          |    2 +-
deployment/logrotate/tmpwatch-install.yaml         |    3 +-
deployment/manila/manila-api-container-puppet.yaml |  182 +--
deployment/manila/manila-backend-cephfs.yaml       |    2 +
deployment/manila/manila-base.yaml                 |    2 +-
.../manila/manila-scheduler-container-puppet.yaml  |   33 +-
deployment/manila/manila-share-common.yaml         |    2 +-
.../manila/manila-share-container-puppet.yaml      |   31 +-
.../manila/manila-share-pacemaker-puppet.yaml      |  161 +--
.../memcached/memcached-container-puppet.yaml      |   56 +-
.../messaging/rpc-qdrouterd-container-puppet.yaml  |    5 +-
deployment/metrics/collectd-container-puppet.yaml  |  300 +++--
deployment/metrics/qdr-container-puppet.yaml       |  131 ++-
deployment/mistral/mapping.json                    |  373 +++++++
.../mistral/mistral-api-container-puppet.yaml      |  110 +-
deployment/mistral/mistral-base.yaml               |   13 +-
.../mistral/mistral-engine-container-puppet.yaml   |   13 +-
.../mistral-event-engine-container-puppet.yaml     |   13 +-
.../mistral/mistral-executor-container-puppet.yaml |   15 +-
deployment/multipathd/multipathd-container.yaml    |    4 +-
.../neutron/derive_pci_passthrough_whitelist.py    |  247 ++++-
deployment/neutron/kill-script                     |   27 +-
.../neutron-agents-ib-config-container-puppet.yaml |    7 +
.../neutron/neutron-api-container-puppet.yaml      |  181 +--
deployment/neutron/neutron-base.yaml               |    2 +-
.../neutron/neutron-dhcp-container-puppet.yaml     |  116 +-
.../neutron-l2gw-agent-baremetal-puppet.yaml       |    2 +-
.../neutron/neutron-l3-container-puppet.yaml       |  119 +-
.../neutron/neutron-metadata-container-puppet.yaml |   47 +-
.../neutron-mlnx-agent-container-puppet.yaml       |   13 +-
.../neutron-ovn-dpdk-config-container-puppet.yaml  |    6 +
.../neutron-ovs-agent-container-puppet.yaml        |   55 +-
.../neutron-ovs-dpdk-agent-container-puppet.yaml   |   32 +-
...eutron-plugin-ml2-ansible-container-puppet.yaml |    2 +-
deployment/neutron/neutron-plugin-ml2-ovn.yaml     |    5 +
deployment/neutron/neutron-plugin-ml2.yaml         |   14 +
.../neutron-sriov-agent-container-puppet.yaml      |  116 +-
deployment/nova/nova-api-container-puppet.yaml     |  373 +++----
deployment/nova/nova-az-config.yaml                |    2 +-
deployment/nova/nova-base-puppet.yaml              |   13 +-
deployment/nova/nova-compute-container-puppet.yaml |  564 +++++++---
.../nova/nova-conductor-container-puppet.yaml      |  104 +-
deployment/nova/nova-ironic-container-puppet.yaml  |   60 +-
deployment/nova/nova-libvirt-container-puppet.yaml |  334 +++---
.../nova/nova-libvirt-guests-container-puppet.yaml |   11 +-
.../nova/nova-metadata-container-puppet.yaml       |   41 +-
.../nova-migration-target-container-puppet.yaml    |   30 +-
.../nova/nova-scheduler-container-puppet.yaml      |   53 +-
.../nova/nova-vnc-proxy-container-puppet.yaml      |   82 +-
deployment/nova/novajoin-container-puppet.yaml     |   46 +-
.../octavia/octavia-api-container-puppet.yaml      |  192 ++--
deployment/octavia/octavia-base.yaml               |   24 +-
.../octavia/octavia-deployment-config.j2.yaml      |   36 +-
.../octavia-health-manager-container-puppet.yaml   |  106 +-
.../octavia-housekeeping-container-puppet.yaml     |   26 +-
.../octavia/octavia-worker-container-puppet.yaml   |   51 +-
.../octavia/providers/ovn-provider-config.yaml     |  150 +++
...vswitch-dpdk-netcontrold-container-ansible.yaml |    2 +-
.../ovn/ovn-controller-container-puppet.yaml       |  140 ++-
deployment/ovn/ovn-dbs-container-puppet.yaml       |   99 +-
deployment/ovn/ovn-dbs-pacemaker-puppet.yaml       |  159 +--
deployment/ovn/ovn-metadata-container-puppet.yaml  |   95 +-
.../pacemaker/clustercheck-container-puppet.yaml   |   14 +-
.../compute-instanceha-baremetal-puppet.yaml       |   17 +
.../pacemaker/pacemaker-baremetal-puppet.yaml      |  101 +-
.../pacemaker-remote-baremetal-puppet.yaml         |   66 ++
.../placement/placement-api-container-puppet.yaml  |   61 +-
deployment/podman/podman-baremetal-ansible.yaml    |   77 +-
deployment/qdr/qdrouterd-container-puppet.yaml     |   13 +-
deployment/rabbitmq/rabbitmq-container-puppet.yaml |   52 +-
...rabbitmq-messaging-notify-container-puppet.yaml |   47 +-
...rabbitmq-messaging-notify-pacemaker-puppet.yaml |  120 +-
.../rabbitmq-messaging-pacemaker-puppet.yaml       |  120 +-
.../rabbitmq-messaging-rpc-container-puppet.yaml   |   47 +-
.../rabbitmq-messaging-rpc-pacemaker-puppet.yaml   |  120 +-
deployment/sahara/sahara-api-container-puppet.yaml |   69 +-
deployment/sahara/sahara-base.yaml                 |    2 +-
.../sahara/sahara-engine-container-puppet.yaml     |   31 +-
.../skydive/skydive-agent-baremetal-ansible.yaml   |   40 -
.../skydive-analyzer-baremetal-ansible.yaml        |  179 ---
deployment/snmp/snmp-baremetal-puppet.yaml         |    2 +-
.../external-swift-proxy-baremetal-puppet.yaml     |   72 +-
.../swift-refresh-rings-cc327f998490b0df.yaml      |    6 +
deployment/swift/swift-proxy-container-puppet.yaml |   90 +-
.../swift/swift-ringbuilder-container-puppet.yaml  |   27 +-
.../swift/swift-storage-container-puppet.yaml      |  163 +--
deployment/timesync/chrony-baremetal-ansible.yaml  |    4 +-
deployment/tls/undercloud-tls.yaml                 |   99 ++
.../tripleo-packages-baremetal-puppet.yaml         |  536 ++++-----
deployment/undercloud/minion-rabbitmq-puppet.yaml  |   25 +-
.../undercloud/tempest-container-puppet.yaml       |   11 +-
deployment/undercloud/undercloud-upgrade.yaml      |  188 +---
...tas-hyperscale-controller-baremetal-puppet.yaml |   28 +-
deployment/vpp/vpp-baremetal-puppet.yaml           |    2 +-
deployment/zaqar/zaqar-container-puppet.yaml       |   87 +-
environments/backup-and-restore/rear.yaml          |    3 +
environments/barbican-backend-pkcs11-lunasa.yaml   |   50 +
environments/ceph-ansible/ceph-ansible.yaml        |    7 +
environments/cinder-dellemc-powermax-config.yaml   |   29 +
environments/cinder-dellemc-sc-config.yaml         |   39 +
environments/cinder-dellemc-vxflexos-config.yaml   |   35 +
environments/cinder-dellemc-xtremio-config.yaml    |   28 +
environments/cinder-netapp-config.yaml             |    2 +-
environments/compute-real-time-example.yaml        |   20 +-
environments/dcn-hci.yaml                          |   22 +-
environments/dcn.yaml                              |   18 +
...ployed-server-bootstrap-environment-centos.yaml |   11 -
...deployed-server-bootstrap-environment-rhel.yaml |   11 -
environments/deployed-server-environment.j2.yaml   |    4 +-
environments/disable-panko.yaml                    |   11 +
environments/disable-paunch.yaml                   |    6 +
environments/disable-swift.yaml                    |    6 +
environments/disable-telemetry.yaml                |    1 +
.../enable-legacy-telemetry.yaml                   |    8 +-
environments/enable-stf.yaml                       |   39 +
environments/hyperconverged-ceph.yaml              |    2 +-
environments/lifecycle/ffwd-upgrade-converge.yaml  |    1 +
environments/lifecycle/ffwd-upgrade-prepare.yaml   |    3 +-
.../lifecycle/undercloud-upgrade-prepare.yaml      |    1 +
environments/lifecycle/update-prepare.yaml         |    4 +
environments/lifecycle/upgrade-converge.yaml       |   24 +-
environments/lifecycle/upgrade-prepare.yaml        |   17 +-
environments/metrics/ceilometer-write-qdr.yaml     |    6 +-
environments/metrics/collectd-write-qdr.yaml       |    8 +-
environments/metrics/qdr-edge-only.yaml            |    8 +-
environments/metrics/qdr-form-controller-mesh.yaml |    6 -
environments/network-environment-v6.j2.yaml        |   10 +-
environments/network-isolation-v6-all.j2.yaml      |    2 -
environments/network-isolation-v6.j2.yaml          |    2 -
environments/nova-nuage-config.yaml                |    1 -
environments/public-tls-undercloud.yaml            |    1 +
environments/rhsm.yaml                             |    2 +
.../services-baremetal/neutron-ovn-dvr-ha.yaml     |    2 +
.../services-baremetal/neutron-ovn-ha.yaml         |    4 +
.../services-baremetal/undercloud-ceilometer.yaml  |    3 +
.../services-baremetal/undercloud-panko.yaml       |    2 +
environments/services/barbican-edge.yaml           |    4 +
environments/services/neutron-ovn-dvr-ha.yaml      |    2 +
environments/services/neutron-ovn-ha.yaml          |    5 +
environments/services/neutron-ovn-sriov.yaml       |    1 -
environments/services/neutron-ovn-standalone.yaml  |    2 +
environments/services/neutron-ovs.yaml             |    1 +
environments/services/skydive-environment.yaml     |   12 -
environments/services/undercloud-ceilometer.yaml   |    3 +
environments/services/undercloud-panko.yaml        |    4 +
environments/services/undercloud-tls.yaml          |    4 +
environments/ssl/enable-internal-tls.j2.yaml       |    2 +
environments/ssl/enable-tls.yaml                   |    4 +
environments/ssl/no-tls-endpoints-public-ip.yaml   |    8 +
environments/ssl/tls-endpoints-public-dns.yaml     |   10 +-
environments/ssl/tls-endpoints-public-ip.yaml      |   10 +-
environments/ssl/tls-everywhere-endpoints-dns.yaml |   10 +-
environments/standalone.yaml                       |    3 +-
environments/standalone/standalone-overcloud.yaml  |    2 +
environments/standalone/standalone-tripleo.yaml    |    8 +-
environments/stdout-logging.yaml                   |    1 +
environments/storage-environment.yaml              |    6 +-
environments/storage/cinder-netapp-config.yaml     |    2 +-
environments/storage/cinder-nfs.yaml               |    2 +-
environments/swift-external.yaml                   |    6 +-
environments/undercloud.yaml                       |    5 +
environments/undercloud/undercloud-minion.yaml     |   85 +-
.../krb-service-principals/role.role.j2.yaml       |    2 +-
extraconfig/post_deploy/clouds_yaml.py             |   54 -
extraconfig/post_deploy/standalone_post.yaml       |   73 --
extraconfig/post_deploy/undercloud_post.py         |    9 +-
extraconfig/post_deploy/undercloud_post.yaml       |   43 +-
firstboot/userdata_timesync.yaml                   |    2 +-
hosts-config.yaml                                  |   38 -
lower-constraints.txt                              |  166 ---
net-config-bridge.j2.yaml                          |    8 +
net-config-linux-bridge.j2.yaml                    |    9 +
...config-static-bridge-with-external-dhcp.j2.yaml |    8 +
.../config/multiple-nics-vlans/role.role.j2.yaml   |    8 +-
network/config/multiple-nics/role.role.j2.yaml     |    6 +-
network/endpoints/endpoint_data.yaml               |   35 +
network/endpoints/endpoint_map.yaml                | 1153 +++++++++++++++++++-
network/ports/net_ip_list_map.j2.yaml              |   12 +-
network/ports/net_vip_map_external.j2.yaml         |    6 +
network/ports/net_vip_map_external_v6.j2.yaml      |    6 +
network/ports/port_from_pool.j2                    |   31 +-
network/scripts/run-os-net-config.sh               |    7 +-
network/service_net_map.j2.yaml                    |   33 +-
network_data_ganesha.yaml                          |   50 +-
overcloud-resource-registry-puppet.j2.yaml         |   29 +-
overcloud.j2.yaml                                  |  155 ++-
puppet/extraconfig/pre_deploy/per_node.yaml        |    4 +-
puppet/role.role.j2.yaml                           |   54 +-
...ainerNovaLibvirtPidsLimit-cdad2166b6c0195f.yaml |    6 +
.../IGMP-snooping-for-ml2ovs-d794ed4eab7c098c.yaml |    3 +
.../NovaReservedHugePages-35a13e828bfc92e9.yaml    |   10 +
...r-to-net_vip_map_external-c2c83431feaf7f35.yaml |   10 +
...d-barbican-client-for-dcn-7182e8bab41fce21.yaml |   13 +
...-anti-affinity-parameters-fe9222f17b16ee1f.yaml |    4 +
.../add-octavia-provider-ovn-e3780665300e7c58.yaml |    5 +
...publictlscafile-parameter-0fd9c19dcd20be0b.yaml |    6 +
...ce_image_cache_prefetcher-288120ffa6ee2a13.yaml |    6 +
.../adding-rear-service-5fac71fa6fbd9c9e.yaml      |    5 +
...ddmemcachedmaxconnections-b591c0fa39e821f5.yaml |    6 +
...allow-resize-to-same-host-62f05a5370993425.yaml |    5 +
.../automated-lvmfilter-3bee670c0108585a.yaml      |   23 +
...ng-manila-share-protocols-6ea6bcbbe21b25ee.yaml |    7 +
.../notes/bug-1895899-8d675670a0d05c15.yaml        |   12 +
...eph_external_multi_config-80d707e5bf75e886.yaml |    5 +
...chcon-only-podman-upgrade-a2356adf59cde74b.yaml |    6 +
.../notes/cinder-v1-cleanup-7154ca07652804cf.yaml  |   11 +
releasenotes/notes/cpu-flags-5b027db3eb2b86c2.yaml |    7 +
.../notes/cpuset_cpus-4dbde2cec2152b30.yaml        |    6 +
...-net-config-static-bridge-c15bf767d3a28759.yaml |    7 +
...sable-notification-driver-a888d4e9b8eed1dc.yaml |    6 +
...lated_aggregate_filtering-2aec5a693bf79852.yaml |   12 +
...dge-by-default-on-compute-f3ff6bf46ab80640.yaml |   15 +
.../notes/extra_group_vars-aafa71945882442f.yaml   |    7 +
...e-for-StorageNFS-net.yaml-bd77be924e8b7056.yaml |   20 +
...ure-when-network-disabled-156190243ff239ea.yaml |    6 +
...h-service-net-map-replace-463dd1296766cc47.yaml |    6 +
...er-agent-failed-on-reboot-373a31d28ea72587.yaml |    5 +
.../notes/glance-multistore-82d4fc260acfb355.yaml  |   12 +
.../gnocchi-nfs-backend-90febc9f87e7df08.yaml      |    9 +
...v6-stateful-address-count-ca568a32f07aec53.yaml |    7 +
...ronic_cleanup_config_data-1d4ae909c0869a90.yaml |   15 +
...use_bind_mounts_for_certs-64cb88f78538a64b.yaml |   13 +
.../notes/mysql-auth-ed25519-28aaea4e69fbfdf7.yaml |    7 +
...dnsmasq_enable_addr6_list-ead32a7739431607.yaml |    6 +
.../notes/new-pmem-params-18fb9c25808a7fe6.yaml    |   14 +
...ova_api_max_limit-support-43fe9792eca63599.yaml |    5 +
..._compute_default_cpu_mode-cda2bb3e56463b3a.yaml |   11 +
.../notes/nova_compute_ksm-444f1cc51ceafb66.yaml   |    8 +
.../nova_image_cache_ttl-824f241363b9dd4e.yaml     |    8 +
...tadata_http_cert_metadata-274e7e8a66727983.yaml |    9 +
...gate_required_for_tenants-6c7d90fd01bcc88d.yaml |   11 +
...ent_for_availability_zone-ffd415710a9cb903.yaml |    9 +
.../octavia-log-offload-d1617e767f688da1.yaml      |    4 +
...ovn_igmp_snooping_support-eccdecde74f4b9c8.yaml |    5 +
...cluster-common-tag-podman-f9a71344af5c73d6.yaml |    7 +
.../notes/powermax-driver-d428e372280c44e6.yaml    |    6 +
.../notes/remove-ValidateNtp-15724eaa8345aa4f.yaml |    8 +
...deployed-server-bootstrap-07590a3cf4688cc9.yaml |   11 +
.../notes/remove_ffwd_tasks-d1ab630d96a66a59.yaml  |    6 +
releasenotes/notes/sc-driver-a428e372280c44e6.yaml |    6 +
...pport-glance-at-dcn-sites-6163b8f5333e31a7.yaml |    8 +
...swift-barbican-key-id-fix-108f8b58a5092d0a.yaml |    5 +
.../swift-fix-ring-sync-7bf3ddbb1ea1e342.yaml      |    6 +
.../swift-mount-by-uuid-7744fe7696db4b85.yaml      |    6 +
.../notes/swift_external-d9870450f191b89a.yaml     |    6 +
...ansible-for-hosts-entries-b4905552515e17ff.yaml |    6 +
.../notes/vxflexos-driver-bec8e372280c44e6.yaml    |    4 +
.../notes/xtremio-driver-a428f372280c44e6.yaml     |    7 +
.../zaqar_ws_timeout_tunnel-d5d1e900dce79b34.yaml  |    7 +
roles/BlockStorage.yaml                            |    1 +
roles/CellController.yaml                          |    1 -
roles/Compute.yaml                                 |    2 +-
roles/ComputeAlt.yaml                              |    1 -
roles/ComputeDVR.yaml                              |    1 -
roles/ComputeHCI.yaml                              |    2 +-
roles/ComputeHCIOvsDpdk.yaml                       |    2 +-
roles/ComputeInstanceHA.yaml                       |    1 -
roles/ComputeLiquidio.yaml                         |    1 -
roles/ComputeLocalEphemeral.yaml                   |    2 +-
roles/ComputeOvsDpdk.yaml                          |    2 +-
roles/ComputeOvsDpdkRT.yaml                        |    3 +-
roles/ComputeOvsDpdkSriov.yaml                     |    1 -
roles/ComputeOvsDpdkSriovRT.yaml                   |    2 +-
roles/ComputePPC64LE.yaml                          |    2 +-
roles/ComputeRBDEphemeral.yaml                     |    2 +-
roles/ComputeRealTime.yaml                         |   21 +-
roles/ComputeSriov.yaml                            |    2 +-
roles/ComputeSriovIB.yaml                          |    1 -
roles/ComputeSriovRT.yaml                          |    3 +-
roles/Controller.yaml                              |   11 +-
roles/ControllerAllNovaStandalone.yaml             |    3 +-
roles/ControllerNoCeph.yaml                        |    8 +-
roles/ControllerNovaStandalone.yaml                |    7 +-
roles/ControllerOpenstack.yaml                     |    4 +-
roles/ControllerSriov.yaml                         |  183 ++++
roles/ControllerStorageDashboard.yaml              |    8 +-
roles/ControllerStorageNfs.yaml                    |    8 +-
roles/DistributedCompute.yaml                      |    7 +-
roles/DistributedComputeHCI.yaml                   |    8 +-
roles/DistributedComputeHCIDashboard.yaml          |   80 ++
roles/DistributedComputeHCIScaleOut.yaml           |   69 ++
roles/DistributedComputeScaleOut.yaml              |   66 ++
roles/HciCephAll.yaml                              |    2 +-
roles/HciCephFile.yaml                             |    2 +-
roles/HciCephMon.yaml                              |    2 +-
roles/HciCephObject.yaml                           |    2 +-
roles/Minimal.yaml                                 |   30 +
roles/Networker.yaml                               |    1 -
roles/NetworkerSriov.yaml                          |   55 +
roles/Novacontrol.yaml                             |    1 -
roles/ObjectStorage.yaml                           |    1 +
roles/README.rst                                   |    1 +
roles/Standalone.yaml                              |    8 +-
roles/Telemetry.yaml                               |    1 +
roles/Undercloud.yaml                              |    4 +
roles/UndercloudMinion.yaml                        |    1 +
roles_data.yaml                                    |   15 +-
roles_data_undercloud.yaml                         |    5 +-
sample-env-generator/dcn.yaml                      |   18 +-
sample-env-generator/ssl.yaml                      |   45 +-
sample-env-generator/standalone.yaml               |   15 +-
sample-env-generator/storage.yaml                  |    1 +
sample-env-generator/undercloud-minion.yaml        |   52 +-
scripts/hosts-config.sh                            |   47 -
tools/make_ceph_disk_list.py                       |  141 +++
tools/yaml-validate.py                             |   32 +-
tox.ini                                            |    7 -
validation-scripts/all-nodes.sh                    |   40 -
zuul.d/layout.yaml                                 |  128 +--
474 files changed, 15544 insertions(+), 8394 deletions(-)

[release-announce] tripleo-heat-templates 11.4.0 (train)

no-reply＠openstack.org