We joyfully announce the release of: tripleo-heat-templates 11.4.0: Heat templates for deploying OpenStack with OpenStack. This release is part of the train stable release series. The source is available from: https://opendev.org/openstack/tripleo-heat-templates Download the package from: https://tarballs.openstack.org/tripleo-heat-templates/ Please report issues through: https://bugs.launchpad.net/tripleo/+bugs For more details, please see below. 11.4.0 ^^^^^^ New Features ************ * Adds a new ContainerNovaLibvirtPidsLimit parameter in order to set the PIDs limit for nova_libvirt container. Defaults to 65536, set to 0 for unlimited. * Adds support for IGMP snooping (Multicast) in the Neutron ML2/OVS driver. * Added the configuration option to set reserved_huge_pages. When NovaReservedHugePages is set, "reserved_huge_pages" is set to the value of NovaReservedHugePages. If NovaReservedHugePages is unset and OvsDpdkSocketMemory is set, reserved_huge_pages value is calcuated from KernelArgs and OvsDpdkSocketMemory. KernelArgs helps determine the default huge page size used, the default is set to 2048kb and OvsDpdkSocketMemory helps determine the number of hugepages to reserve. * Add new BarbicanClient tripleo service for configuring DCN/Edge nodes to access a barbican service running in the control plane. The client service is disabled by default, and can be enabled by including the environments/services/barbican-edge.yaml environment file when deploying a DCN/Edge stack. * Added the Octavia anti-affinity parameters. * Added enhancements to Octavia's OVN driver configuration, so it can connect to OVN_Northbound DB using SSL/TLS. * Added new PublicTLSCAFile parameter, that is used to set the ca cert in clouds.yaml for keystone public endpoint. This defaults to empty string ('') assuming that the certs are already trusted. * Add GlanceImagePrefetcherInterval parameter to run periodic job which fetches the queued images for caching in cache directory, when image cache is enabled. * Inclusion and configuration of ReaR service to undercloud and overcloud nodes. * Added "MemcachedMaxConnections" setting with a default of 8192 maximum connections in order to allow an operator to override that value in environments where memcached is heavily sollicited. * Add parameter "NovaAllowResizeToSameHost" to allow instances to resize to the host they are currently on. Normally the source host is excluded. * To isolate LVM volumes created by compute guests, within Cinder volumes, from the LVM volumes created/managed by the host itself, a new task has been introduced to create an allowlist and denylist of devices which should be accessible (or not) to the host, configured in lvm.conf using the global_filter key. The allowlist is generated gathering the list of existing in-use physical disks (or partitions) and appending to it any user provided device passed via *LVMFilterAllowlist* parameter. The denylist is configured via *LVMFilterDenylist* and defaults to ['.*'], which means it blocks any device not explicitly allowed. Both the list parameters can be specified per-role. The feature is, by default, disabled and can be enabled passing *LVMFilterEnabled: true*; when disabled the existing lvm.conf won't be touched and a version of it which includes the global_filter will be left, for debugging, in */tmp/tripleo_lvmfilter.conf*. * The new parameter CephExternalMultiConfig may be used to configure OpenStack to use multiple external Ceph clusters. * Add parameters *NovaLibvirtCPUMode*, *NovaLibvirtCPUModels* and *NovaLibvirtCPUModelExtraFlags* to allow configuration of CPU related parameters *libvirt/cpu_mode*, *libvirt/cpu_model* and *libvirt/cpu_model_extra_flags* respectively. * Add a role specific parameter, ContainerCpusetCpus, default to 'all', which allows to limit the specific CPUs or cores a container can use. To disable it and rely on container engine default, set it to ''. * Add boolean parameter *NovaSchedulerEnableIsolatedAggregateFiltering* which allows to set *scheduler/enable_isolated_aggregate_filtering* parameter. This configures scheduler to restrict hosts in aggregates based on matching required traits in the aggregate metadata and the instance flavor/image. If an aggregate is configured with a property with key trait:$TRAIT_NAME and value required, the instance flavor extra_specs and/or image metadata must also contain trait:$TRAIT_NAME=required to be eligible to be scheduled to hosts in that aggregate. Default value for NovaSchedulerEnableIsolatedAggregateFiltering is False. * This change updates the multiple-nics and multiple-nics-vlans templates so that an external bridge is created if either the role uses the External network or the "external_bridge" tag is set in the role definition. This is done instead of checking if the role name is "Controller". This change also assigns the "external_bridge" tag to the Controller as well as the Compute roles so that both roles can access the Neutron external bridge for floating IPs or SNAT by default so that OVN can use DVR. * Introduce "{{role.name}}ExtraGroupVars" which allows to define a dictionary of Ansible group vars per role. These extra group vars will override any pre-defined group var from a service. * Add parameters for configuring multiple glance-api backends. The existing "GlanceBackend" parameter represents the default backend, and a new "GlanceMultistoreConfig" parameter is a hash representing the configuration of additional backends. A new "GlanceStoreDescription" parameter provides a means of describing each backend. The configuration can specify any combination of supported backend types. Multiple rbd backends can be specified, but cinder, file and swift backends are limited to one each. * The following parameters were added to support configuration of gnocchi nfs backend. * GnocchiNfsEnabled * GnocchiNfsShare * GnocchiNfsOptions * For baremetal operations on DHCPv6-stateful networks multiple IPv6 addresses can now be allocated for neutron ports created for provisioning, cleaning, rescue or inspection. The new parameter "IronicDhcpv6StatefulAddressCount" controls the number of addresses to allocate. * Add Heat parameter "EnableMysqlAuthEd25519", which when set to true, configures MySQL user credentials to require ed25519-based authentication to the mariadb server, instead of the default SHA1-based native authentication. * Add boolean parameter "NeutronDhcpAgentDnsmasqEnableAddr6List" to support the "dnsmasq_enable_addr6_list" option in dhcp agent settings. (See bug: #1861032 (https://bugs.launchpad.net/neutron/+bug/1861032)) * Adding two parameters to manage vPMEM [0] configuration parameters. *NovaPMEMMappings* parameter set Nova's configuration option *pmem_namespaces* that reflects mappings between vPMEM and physical PMEM namespaces. *NovaPMEMNamespaces* creates and manages physical backend PMEM namespaces which win be used as backend for vPMEM. *NovaPMEMMappings* example: 6GB:ns0|ns1|ns2,LARGE:ns3 will expose namespaces ns0, ns1, ns2 using label *6GB* and namespace ns3 using label *LARGE*. *NovaPMEMNamespaces* example: 100G:ns0|14096M:ns1 will create two namespaces: ns0 - size 100G, ns1 - size 14096M. * The NovaApiMaxLimit parameter allows the operator to set Nova API max_limit using a Heat parameter in their templates. * Add the NovaImageCacheTTL to the nova compute service. This exposes the remove_unused_original_minimum_age_seconds from nova.conf which controls the time (in seconds) that nova compute should continue caching an image once it is no longer used by and instances on the host. Defaults to 86400 (24hrs) * Add boolean parameter *NovaSchedulerPlacementAggregateRequiredForTenants* which allows to set *scheduler/placement_aggregate_required_for_tenants* parameter. It controls whether or not a tenant with no aggregate affinity will be allowed to schedule to any available node. If aggregates are used to limit some tenants but not all, then this should be False. If all tenants should be confined via aggregate, then this should be True. Default value for NovaSchedulerPlacementAggregateRequiredForTenants is false. * Add boolean parameter *NovaSchedulerQueryPlacementForAvailabilityZone* that sets *scheduler/query_placement_for_availability_zone* parameter. It allows the scheduler to look up a host aggregate with metadata key of availability zone set to the value provided by incoming request, and request result from placement be limited to that aggregate. Default value for NovaSchedulerQueryPlacementForAvailabilityZone is false. * Adds the "OctaviaLogOffload" setting to enable amphora log offloading. * Adds support for IGMP snooping (Multicast) in the OVN driver. Defaults to False. IGMP snooping requires OVN version 2.12 or above. * Support for PowerMax backend cinder driver. Supports both iSCSI and FC volume drivers and support deploying one or multiple cinder PowerMax storage backends. * Support for Dell EMC SC backend cinder driver. Supports both iSCSI and FC volume drivers and support deploying one or multiple cinder SC storage backends. * Add the ability to deploy the glance-api service at DCN/Edge sites. Glance service at the Edge shares the same database as the Glance service in the central control plane, but allows other services such as Cinder and Nova to access a Glance endpoint that is local to the DCN/Edge site. * When SwiftRawDisks is set, try to mount the disks using uuids instead of paths. This makes mounts more stable, eg. if a kernel gets updates and device orders are changed. * The ansible tripleo-hosts-entries is now used for adding individual entries to /etc/hosts for each overcloud node. This role is used instead of the output data from the Heat stack. * Added support for VxFlexOS cinder block storage backend driver * Support for Dell EMC Xtremio backend cinder driver. Supports both iSCSI and FC volume drivers and support deploying one or multiple cinder Xtremio storage backends. * A new Heat parameter 'ZaqarWsTimeout' exposes the Puppet variable 'tripleo::haproxy::zaqar_ws_timeout_tunnel'. This allows operators to configure the Mistral API timeout. It currently defaults to four hours. Upgrade Notes ************* * Cinder's legacy "volume" service and its associated endpoints are automatically removed from the keystone catalog. The "volume" service is associated with Cinder's v1 API, which was removed in Queens. * Now NotificationDriver is set to noop by default, as legacy telemetry services are disabled by default. Explicitly set NotificationDriver parameter to notifications from each services. * The "external_bridge" tag is now used for the Compute node. An external network bridge is required on the compute nodes in order to host floating IPs when using DVR. OVN deploys with DVR by default. * The CIDR for the StorageNFS network in the sample network_data_ganesha.yaml file has been modified to provide more usable IPs for the corresponding Neutron overcloud StorageNFS provider network. Since the CIDR of an existing network cannot be modified, deployments with existing StorageNFS networks should be sure to customize the StorageNFS network definition to use the same CIDR as that in their existing deployment in order to avoid a heat resource failure when updating or upgrading the overcloud. * Exclude /var/lib/ironic/* from container-puppet.sh rsync, this is a leftover from the initial containerization of TripleO; now we have host prep tasks, the ironic conductor and inspector bind mount /var/lib/ironic and generate the data that they need. But this data should not be in the config volume or it can conflict from each other when rsync runs at the same time. Check launchpad bug 1868934 (https://bugs.launchpad.net/tripleo/+bug/1868934). TripleO upgrade tasks and host prep tasks will take care of removing the var directory from the config volumes and the containers will just use the bind mount, like it should be doing now. These tasks will run during a minor update, major upgrade, and fast forward upgrade. Deprecation Notes ***************** * The deployed-server bootstrap environments, templates, and scripts that were previously deprecated are now removed. These removals include deployed-server/deployed-server-bootstrap-centos.sh deployed-server/deployed-server-bootstrap-centos.yaml deployed- server/deployed-server-bootstrap-rhel.sh deployed-server/deployed- server-bootstrap-rhel.yaml environments/deployed-server-bootstrap- environment-centos.yaml environments/deployed-server-bootstrap- environment-rhel.yaml * As the fast forward upgrade workflow to skip multiple releases now relies on the very same upgrade_tasks, there is no need to mantain the fast_forward_upgrade_tasks, as well as any of its references. * ExternalPublicUrl, ExternalAdminUrl and ExternalInternalUrl are deprecated. ExternalSwiftPublicUrl, ExternalSwiftAdminUrl and ExternalSwiftInternalUrl should now be used. Bug Fixes ********* * The parameter "ControlPlaneSubnetCidr" was missing in the "network/ports/net_vip_map_external.j2.yaml" and "network/ports/net_vip_map_external_v6.j2.yaml" template files. This caused deployment failure since the "VipMap" resource pass this property. (See Bug: #1864912 (https://bugs.launchpad.net/tripleo/+bug/1864912)) * Ensure the barbican Key Manager settings are configured on DCN/Edge nodes when the barbican service is deployed in the control plane. See bug 1886070 (https://bugs.launchpad.net/tripleo/+bug/1886070). * As per launchpad bug 1855704, the lvmfilter task aims at hiding to the host the LVM2 volumes created by compute guests in Cinder volumes or Glance images. * When using the Shared File Systems service (manila), you may now use the Heat template parameter "ManilaEnabledShareProtocols" to configure the NAS protocols that users may use. If not set, the value is inferred per the storage backends that have been enabled. * Ansible GroupVars incorrectly keept a single subnet prefix per- network. This caused a problem when multiple subnets using different subnet prefixes where defined. Resulting in the wrong subnet prefix being referenced in the NetworkConfig for roles. AnsibleHostVars stores networks subnet prefixes instead. See bug: 1895899 (https://bugs.launchpad.net/tripleo/+bug/1895899). * The keystone catalog is automatically updated to remove any entries associated with Cinder's v1 API "volume" service. This fixes bug 1897761 (https://bugs.launchpad.net/tripleo/+bug/1897761). * All roles now default to using the net-config-static-bridge.yaml nic config when using deployed-server. Since OVN is the default in TripleO, Compute roles need to have br-ex. Previously when using deployed-server, the default nic config for the non-Controller roles was net-config-static.yaml, which did not create br-ex. * Fixed issue in the sample network_data_ganesha.yaml file where the IPv4 allocation range for the StorageNFS network occupies almost the whole of its CIDR. If network_data_ganesha.yaml is used without modification in a customer deployment then there are too few IPs left over in its CIDR for use by the corresponding overcloud Neutron StorageNFS provider network for its overcloud DHCP service. (See bug: #1889682 (https://bugs.launchpad.net/tripleo/+bug/1889682)) * Fixed an issue where disabling one or more networks in "network_data.yaml" caused deployment failure. (See bug: #1842001 (https://bugs.launchpad.net/tripleo/+bug/1842001)) * Fixes an issue where the parameter "CloudNameStorageManagement" was used for all custom networks with service_net_map_replace defined. (See bug: 1862679 (https://bugs.launchpad.net/tripleo/+bug/1862679).) * Fixed an issue where containers octavia_api and octavia_driver_agent would fail to start on node reboot. * Certificates get merged into the containers using kolla_config mechanism. If a certificate changes, or e.g. UseTLSTransportForNbd gets disabled and enabled at a later point the containers running the qemu process miss the required certificates and live migration fails. This change moves to use bind mount for the certificates and in case of UseTLSTransportForNbd ans creates the required certificates even if UseTLSTransportForNbd is set to False. With this UseTLSTransportForNbd can be enabled/disabled as the required bind mounts/certificates are already present. * https://review.opendev.org/q/I8df21d5d171976cbb8670dc5aef744b5fae65 7b2 introduced THT parameters to set libvirt/cpu_mode. The patch sets the NovaLibvirtCPUMode wrong to 'none' string which results in puppet-nova not to handle the default cases correct and sets libvirt/cpu_mode to none which results in 'qemu64' CPU model, which is highly buggy and undesirable for production usage. This changes the default to the recommended CPU mode 'host-model', for various benefits documented elsewhere. * When using RHSM Service (deployment/rhsm/rhsm-baremetal- ansible.yaml) based registration of the overcloud nodes and enabling the KSM using NovaComputeEnableKsm=True the overcloud deployment will fail because the RHSM registration and the ksm task run as host_prep task. The handling of enable/disable ksm is now handled in deploy step 1. * In case of cellv2 multicell environment nova-metadata is the only httpd managed service on the cell controller role. In case of tls- everywhere it is required that the cell controller host has ther needed metadata to be able to request the HTTP certificates. Otherwise the getcert request fails with "Insufficient 'add' privilege to add the entry 'krbprincipalname=HTTP/cell1-cellcontrol-0....'" * HA container naming scheme has been updated to look like 'container.common.tag/<servicename>:pcmklatest', in order for podman to not prepend any host suffix in front of this tag, otherwise this confuses the podman resource agent in pacemaker. * Fixes an issue where TripleO fails to set the Barbican key ID for Swift with a permission error if the config files are not relabeled. * Fix Swift ring synchronization to ensure every node on the overcloud has the same copy to start with. This is especially required when replacing nodes or using manually modifed rings. Other Notes *********** * Moving this chcon call to the specific podman container upgrade part allows to prevent consuming time for nothing. This chcon call is needed only if we move from docker to podman, meaning upgrading to train. * The ValidateNtp has been removed from the all nodes validation configuration. During the time sync configuration we already do a check to ensure the ntp servers are available. If they are not we will fail with an appropriate message. The ValidateNtp option came from a time before we could fail in a more explicit way. Changes in tripleo-heat-templates 11.3.1..11.4.0 ------------------------------------------------ 57f5a899e Making sure virt-guest-shutdown.target exists d539906ee Define a new CinderVolumeEdge service 6dde10a52 Set up right DNF module stream for Upgrades and Updates. 491b54571 Disable notification from services by default e76ad346d [Ussuri/Train] Check mode doesn't work for async tasks e14489eef [TRAIN ONLY] Remove duplicate /var/run/openvswitch bind mount edacbada6 remove c7 update/upgrdae jobs 73eb35255 Enable tripleo_free strategy for upgrade 8cc56bb50 Add setting to override max memcached connections bee00aa6b Fix swift containers idempotency 549cfe21d Refresh Swift ring files without restarting containers b2ac1d378 Add missing IPA services for queens to train upgrades 9410d79e6 Adding key_size option on the certificate creation 63a2f24cd move c7 container upgrades to nv in train tht 1cda5afd2 Remove vfio-pci.conf module load file 98377d020 Ensure cinder LVM volumes work after system restart cf3da8ed8 Wire up new tripleo upgrades jobs template c6a551617 Add NovaDisableImageDownloadToRbd parameter 4b392af30 Don't pass empty values for ipaclient_servers to ipaclient role 9e3509f84 Rely on the HOSTNAME var to resolve the mon container name 98c7bb164 Skip Trilio dirs when setting ownership in /var/lib/nova 5a1a3cc1e Remove Luna HSM clients on scaledown a1cb1e716 Run os-net-config on step 3 5a44e4ad9 Move ipa check to external_deploy_tasks 1ee73dcb8 Run online migration tasks from external_update_tasks too. 64a8cd2d3 [Train Only] Make the docker restart in hybrid state idempotent. d9d854329 Use ansible for nodes validation e87192234 The lower constraint file has been removed 4b882797e Fix barbican settings missing from glance Edge nodes a0330d23a Fix ceilometer_agent_compute healthcheck 95ec1f23b Add possibility to set logging source for Horizon c0c29604c Ensure cloud-init has finished before puppet run 77145eb87 Adding Ceph Dashboard to the Edge roles ff61a5e5e [train/stein only] Add parameter to identify previous nbd-tls state 08ec765f8 Add qemu metadata to compute node when tls for live migration 8bc8771bc Add NovaApiMaxLimit configure max_limit for nova 7d69700eb Identify HSMs using labels instead of Slot ID e99d7212a [stable/ussuri,train] Add cidr to outputs of port_from_pool.j2 e0ce36ea2 Set correct default NovaLibvirtCPUMode 99b236f77 Switch novajoin to use RpcUserName a2510a5e1 Use bind mounts for tls certificates 1747a9976 Add file which enables QoS related L3 agent extensions 43049567a [TRAIN-ONLY] Fix tripleo-work-dir role name in ceph-base 47ec46164 Make sure apache metadata is set for nova-metadata service 83b5691a5 Move enable ksm on compute node to deploy step 1 6eb4cd281 Refresh ceph-ansible group_vars values d32539262 Remove corosync.conf if it's a dir from remote. d9fa437f0 Config options for AMQP1 transport in collectd sensubility af90cef66 [train-only][ffwd] Dont reuse tripleo_step4 for hybrid state 4f4601466 Relax facts gathering plays on the overcloud cc60d8134 Use tripleo linear when not using tripleo free ca5860b4f Switch deploy steps to tripleo_free 3669724d0 [train-only][ffwd] Update InstanceHA script in hybrid mode 00b87e6c6 Add CinderBackupOptVolumes parameter a52fff665 [train-only][ffwd] Create specific paunch config for hybrid state 0b39f391e [stable/train] Check correct location for skip-deploy-identifier 680d341ca node_exporter_container_image is needed in 'all' group 5a0dbe240 Properly compute hostname when looking for the ceph-mon container 4f29c3493 Filter computes with nova_host defined 7585a2854 Enable Ceilometer data transfer for STF 445d159f6 Fix MetricsQdrUseSSL value 6b99abc5d Remove Nova parameters that are no longer used a1f4c4883 Always set dashboard_protocol when Ceph Dashboard is enabled ef2ebb18d Fix memcached logging fc4145068 Simplify consumer job tags 80911871b [c7-train] Switch c7 jobs to content provider 1c97de9a6 Failure status should be set on 0 rather than 1 28762852b Add package install for openssl-perl d6b29f134 Remove centos-7-standalone-upgrade f07ca38a8 Don't manage bridge mappings in scenario file 4afee56af [train] Switch to content provider jobs/templates e3477d92f Run tripleo_lvmfilter role to restrict block devices visible to LVM2 0180a7ef6 Use `undercloud` instead of `Undercloud` when delegating tasks f525e4ab6 Return details in output of container health check 597c00cea Add config option for collectd libpodstats 4667fffa0 Don't use POLL_SERVER_CFN transport for DeployedServer 9071b63b3 Expose new THT params for cpu model flags 6fb47d088 Fix names of the puppet parameters used to set min bw limits in Neutron d574cfe71 Add CephClientConfigOverrides resource 746d26986 [train-only] Introduce hybrid state also for ovn_controller f90a2fcc7 [train-only] Switch sriov agent in hybrid state 7b7687315 [manila] Add "ManilaEnabledShareProtocols" param 88ed572d0 Fix tripleo-hieradata role name in Barbican deployment 5c3b374fb Also configure Ironic for UC minions d4ad97028 Change permissions on /run/octavia to octavia c73a0be54 Force CephAnsiblePlaybook to its default value on FFU prepare 74a6ac6eb [FFU] Remove cinder's v1 keystone service ec2aa2313 Retry container pull 3 times 1482410db [TRAIN-ONLY] Change default sensubility execution shell 0a10aaba1 Revert "Adapt container health check for built-in podman health checks" f35c34550 [train] mysql: adjust CLI args based on container cli f76fab723 Make NovaLibvirtOptVolumes role specific 14e1b12ed Remove dashboard_frontend_vip from the ceph mgr template 01153c914 Squashed backport for 'NovaAllowResizeToSameHost' parameter b2a439fd0 Add ability to manage irqbalance on compute per role d56070a23 Create external bridge on Compute nodes by default for OVN with DVR 33578636d Gather more extra stats with the collectd virt plugin 114c9551b Force container fetch a304f6ff9 Rely on templates for multinode updates job triggering 3d9362c3a Default cinder_volume_node_names to [] 31a1f9c8e Adapt container health check for built-in podman health checks 848569c3f [Train-only] Configure podman registries during a minor update. 062e60eeb Assume Grafana and Ceph Dashboard to be on the storage or ctlplane nets 4c95c55f4 Set NeutronEnableDVR to False for OVN-HA 64a8ca4ac Implement a Minimal role 9a84c0380 Create container-puppet-tasks files per step in check mode 2f8c408a9 Configure rsyncd without pid file for Swift 6dd9eeef6 Allow optional volumes for nova_libvirt container 991d990d5 [train-only] Fix unhealthy ovn_metadata_agent during hybrid state ef3a39c27 enable-ssh-admin: allow to override plan name 15ffac7fa Clear cached facts based on the tag as well 7d4f2f500 Adds new configuration for panko-expirer cbf5e6e70 Centralized logging minor fixes 2f26828a7 Add more metadata to logs c8b424ea0 [Train only] Add missing stop service steps for FFU. ed898531e Revert "Disable Designate service for scenario 03" 5a7f9e14d Get the CIDR of the neutron port for NetworkConfig 205957a8e [train-only] Ensure obsolete module nf_conntrack_proto_sctp is not loaded 80aff677d Add dashboard_tls_external ceph-ansible parameter 0195b441c [TRAIN-ONLY] Remove OVNDBs from multinode sc file 46b45ed6e Remove race during mysql database creation 41d5a77cf Fix up ovn-dbs update tasks 9fdd2c61b Complete missing description 528a7f6d0 Bind mount /var/lib/container-config-scripts inside the restart bundles 29a02c1db Add pacemaker& clustercheck in multinode scenario b08b78bfe Memcached collectd plugin uses host URI instead of IP address. 19de5e8ce Mount libpod container volume into collectd container ea0cd3c37 Use UUID for mounted SwiftRawDisks af905a541 Add parameter and CI config to enable Ceph OTW encryption 688b59301 Use appropriate allocation pools for StorageNFS 0498a62ea Add the NovaImageCacheTTL to the nova compute service 6b98944e3 Fix Swift ring file synchronization issue 8f4cd41c7 Remove Etcd from DCN roles that don't need it 7eb563da2 Replace all the bridge_name variables in templates ca3bd9c3d DCN: use FQDN in glance endpoint with internal TLS c7eb59279 Make sure IPA has the right ACI 02355504f Enable collectd-ceph plugin only where needed b34ca4e1c Use container_file_t for Cinder*NfsMountOptions by default 70f52b992 [Train Only] Renamve tripleo_upgrade_hiera into tripleo-upgrade-hiera. 3505d9563 [ffwd] Add fix for OVN DB vip change 18c36861c Remove remaining Skydive references 6ce282296 Remove skydive 172e03fcd Default to storage_dashboard, when set, for the CephDashboard service 94ba27090 Set a higher PIDs limit for nova_libvirt container ad090f94c minor update: only migrate HA VIP away when needed a549491bd Avoid failing on deleted file 322566b94 Run external_deploy_tasks per step for each role 5a600db08 [ffwd] Don't remove package python2-chardet aacf9c18b Use tripleo_network_config aea1f70ed Create container config scripts with a new module 49b4b2c9e Create Container configs with a new module 73fb30689 Modify how libvirt related containers use SELinux d224d4150 [FFWD Ceph] Fix ceph post_upgrade_tasks for osd options 1848fa025 Fix endpoint map tls - zaqar wss port 3dd00efb8 Add new Luna HSM parameter for Barbican 1fdfa3332 Fix pcs restart in composable HA fffbdc0df Fix HA resource restart when no replicas are running da6b7b424 Drop bootstrap_host_exec from pacemaker_restart_bundle 48f068452 Do not hard-code vars_from a9e7a6fa9 Revamp how etcd's cert and key are handled in containers 82b508a3f Add PermitRootLogin option in sshd_config before leapp. 4b283ae9e pcmk_remote FFU support for Instance HA 906256a1b [Train-only] Move config-data context switching to Upgrade 9f1e98275 Add support for Gnocchi NFS Backend af3b0f202 Remove ffwd-upgrade leftovers from THT. d0c5bcac8 Fix delegation with FreeIPA cleanup 855379056 Reset sriov_numvfs to 0 before leapp upgrade 8120c2df1 Unset keystone::public_endpoint b273143f0 Port jobs from centos7 to centos8 1eb954241 Update octavia playbooks parameters d5aff2e17 [Train Only] Add CephAnsibleWarning into upgrade lifecycle environment files. 2f382ac90 Align kernel args for system upgrade using leapp 7859e7999 Stop using a conditional for role tasks ef76e92bb Add non-string value support for CephAnsibleEnvironmentVariables 8cf38e95c [TRAIN-ONLY] Set the right container_client when set/unset noout 82d8fda57 Add CephAnsibleRepo warning to make this validation more flexible ce6a7a100 Prevent ovn dbs related facts to run on each step. 76e284311 Remove redundant file management for /run/redis a55c34d69 Expose the zaqar_ws_timeout_tunnel variable. ed65866d4 Add openvswitch special treatment to update too. e17ed6430 Add dashboard_protocol variable when internal_tls is enabled e965239d6 Ensure redis_tls_proxy starts after all redis instances bbaded6ca Add BarbicanClient service for configuring edge sites a9076cb59 Generated passthrough_whitelist shall use all the user_configs fields c7036d8ba Add missing config_files kolla directives 63154e137 Add podman service to scenario007 environment 31d8500d9 Remove /run from some services cfb99a967 [TRAIN-only] Remove duplicate register 15df75c31 Drop the relabel flag for bind-mount 69d63e0bc Fix vbmc_setup.yaml for c8 standalone 2ee69f20b Attempt to remove octavia tls proxy service only present 5087bc9c1 Use distinct params for ca cert in nova-vnc-proxy and nova-libvirt d48b22c15 Set and then unset Ceph's noout flag before/after node is rebooted c33f91005 Simplify host entries generation 3a87458ac Add become: true to the container json file modules 0ba5cfa94 FFU support for ceph_nfs b3ee1252c deploy-steps-playbooks-common: fix logic for scale_ignore_unreachable 7bd1d7379 Convert roles section into tasks-include_role in deploy-steps.j2. cc603f197 Fixed libvirt volume path for nova-migration-target-container ec3568e68 Generate container startup configs with a new module 247105809 Allow overriding InterfaceDefaultRoute with ips_from_pool template cf26dcda4 Don't use pacemaker in ironic sa job ed7096f31 Check for correct column name for execution show c276a7e30 Fix bind mount volumes for novajoin containers 716870109 Fix privilege escalation 8d2604dee Use command to set pythonintepreter 9db0d3661 Revert "[train/backport] Prevent nftables to interfere with tripleo firewall" 4e0604603 Task should fail on any failure 4157d5832 Unmount NFS shares before launching LEAPP cbefd789d Collapse deploy steps 16fc8da63 Manual backport of "Move sidecar kill scripts to host prep" to Train 39c977afb undercloud/heat: set YAQL memory quota to 200000 39945d563 Exclude /etc/hostname 934de903c Don't set RABBITMQ_SERVER_ERL_ARGS 40e2bf5dd Always clear cached facts first 4f3597daf Collapse host prep tasks 6dfbdbbca [TRAIN ONLY] Wait until DB is ready for neutron DB rename 883d778f8 Add filestore to bluestore migration tags ea7c886e2 [Q->T] Add FFU steps for manila d0a3da09c Add project template for IPA multinode 728babbc5 Disable Sahara in scenario003-standalone 0dc690ff1 [TRAIN ONLY] Provide way to initialize Leapp cd0d92930 [train-only] Ensure removal of deprecated xinetd c20d10d41 collectd: add support for mcelog service 889163cd8 Add new parameter PublicTLSCACert 4ffe8c3cc Fix Error: invalid arguments you must use just one container 555bba7a5 Adding amphora architecture to heat templates 1495ced5c [train-only] Make sure UpgradeLevelNovaCompute is empty string for upgrade 04abe36ca Disable Designate service for scenario 03 6585e21db Sync httpd conf.modules.d configs 1fd3a3654 Cleanup all container startup configs before generating the new ones eff6fff6c Change the :Z mount flag to :z 9ee059e80 [TRAIN-ONLY] Add keystone_resources for Panko 975e47f21 [TRAIN ONLY] Fix the glance-api-edge firewall configuration 69d2d4581 Improve documentations for NovaLibvirtFileBackedMemory 987df6685 Increase the default UpgradeLeappRebootTimeout to 60 mins ab3548f23 Allow more tasks to be run in check mode 5b4566278 Disable presettled metrics 0395513af [TRAIN ONLY] post Leapp package fixups 5babfe002 [TRAIN ONLY] Ensure interim db migration containers work properly 5c55a46df Move nova online migrations to nova-conductor acc12770b [TRAIN-ONLY] Be explicit when passing vars into deploy steps 8ba26c4a7 Support for Dell EMC VXFlexOS Backend 4980171e0 [TRAIN ONLY] Add FFU parameters in lifecycle env files. 7b0321a9a Adding env file for octavia with kvm 539692ef9 Update minion rabbit credentials a97a738d8 [TRAIN ONLY] Introduce hybrid state for nova compute 09908f92e Allow triggering ceph-ansible filestore-to-bluestore with ceph_fstobs tag 20bb24a0e Ironic create_swift_temp_url_key use internal edpoint 3988e5c07 Add composible service for tls enrollment 4eb593c17 Support for Xtremio Cinder Backend 8b0d9239a Unify metrics_qdr name to underscore cac2eff0c Fix dry-run for NetworkConfig tasks 7ae0132bc Consider user configuration during the derivation of passthrough whitelist bc62de223 Fix reserved name variable 4b4e27305 Only enable leapp tasks when distribution is correct 11125aced Enable glance cache prefetcher interval b6f9ea097 Remove ValidateNtp 80537150a Use empty string for overcloud InternalTLSCAFile param 6108044f7 Add an option to adjust help URL in horizon 6cbee27e9 Add the ability to offload amphora logs 238d751b6 Check transfer data flag to skip pacemaker normal upgrade. fa1e82707 Ensure net.ipv6.conf.lo.disable_ipv6=0 7778c19a4 Fix node scaling 3651e49d4 MaxFailPercentage: default to 0 eaed4046d Revert "Only enable leapp tasks when distribution is correct" 3d16a7009 Add reserved ports for some services ae28b1246 Add parameters for vPMEM features 024afc22a Improve facter cache reliability 637c8ce96 Fix syntax error 05d8e24a5 enable dpdk plugin on neutron ovn and ovs c530e2af7 Set default InternalTLSCAFile in enable-tls.yaml 3b0aa5da1 Configure SNMP on undercloud 872110d14 Update loop_vars 695d96e49 Remove Ceph{Admin,Mon,Mds}Key parameters 3cb88f9be rhsm: add rhsm_release in environment for doc purpose bfbb55e14 Force container deletion if namespace does not exist in service_kill a4af78ed6 Add ci environment file for standalone IPA parameters 273d53278 Add new parameter NovaSchedulerQueryPlacementForAvailabilityZone 78ac9ca05 Move chcon for /var/lib/config-data 85c99e873 Fix sending SIGTERM to the sidecar containers ca9b11584 Fix typo in the description of the Neutron related options 2b85b569b Include tripleo_ceph_workdir role on rgw variables override 1b2679680 Make user value for GlanceImageImportPlugin prevail on logic 075129286 Add ansible hieradata file b4dffb942 Configure valid_exit_code for startup containers c416ddabb Only enable leapp tasks when distribution is correct 1013e6f0c Split ansible_limit with a colon. 6e3c933ff Add common_deploy_steps to post_upgrade_steps. 979e59782 Enable adding packages into Leapp's to_remove/to_install files. 81792032f Remove unnecessary check after removing libvirt rpm dependencies 427df766b Correctly match openvswitch package 55ecd97d3 Add support for resource provider bandwidth in Neutron config d56dcc61b Make /var/lib/mistral traversable by all users c8a0a77b1 Stop nova placement during upgrade data tranfer 405ebda2b Add cacert to clouds.yaml c21972f39 Add option to not install ipa client packages 56acca507 Add mode option when creating persistent directories. 8e20a1fc4 Add retries to initial image fetch 41e856356 Add support for lunasa hsm in barbican 7f6831ed3 Neutron ML2/OVS: add support to enable of IGMP snooping 2367b8aa5 Skip operating system upgrade tasks via UpgradeLeappEnabled param. 45c159f38 Make per_node.yaml py3 safe d92443f96 Execute kvm-setup inside nova_libvirt container 663f103da Fix listen_on_master_ip_only 1d0594ff9 Enable external LB support with ovn d2e6e5e8d Change Collectd ports type to numbers. bd4cc8e85 Support for SC Cinder Backend a8ecd8e5a Fixing powermax config errors 692717bd4 Fix cinder and etcd running with internal TLS enabled 513d5da06 Change Schedule to Scheduler for consistent naming 45760e089 Add hook to run RHOSP policies enforcement. 91dbf71eb Fix IHA with ansible 2.9 51565c0c3 Fix typo in setting octavia wsgi server name e6dd20f73 Add an option to disable the DNS record modification in FreeIPA b9f16d501 Add a 600s timeout when creating enable-ssh-admin workflow e054fc3cc Make sure IdMServer is optional 908280a05 tripleo-ci-centos-7-containerized-undercloud-upgrades -> NV 3214bf08c Fix missing OctaviaClientCert* parameters 91c3360e8 Changes in env files due to new SRIOV roles 75111e9c4 Add NeutronDhcpAgentDnsmasqEnableAddr6List param fd775e50a Add tripleo_delegate_to var for ceph health validation 0d3d01edf Revert systemd sidecars f238c25c9 Update container certificate dd9a9ac76 Check for InternalApi in role for HostnameResolveNetwork cbbf6d562 (train) manual backport of: update startup-configs with latest hashes 0e2426423 Split out selinux management 7e1babbab Set Neutron's l3_ha flag to True in standalone ML2/OVS job 7d2aac526 Remove healthcheck from ceilometer_gnocchi_upgrade container 0523324b3 Move /etc/ssh/ssh_known_hosts bind mount where it's needed 3cf7f416f Make neutron ml2/ansible's base plugin variable 765d19889 Ensure <service>_restart_bundle do not run concurrently b938f7cd9 [train-squash] Remove hardcoded reference to cinder LVM loopback device c2e22af3e Exclude /etc/puppet from config generation b95d78df8 Fixed package names for CentOS-8 octavia deployment 885e9e344 Fix NovaCrossAzAttach hiera key 72cb712e1 Add NovaCrossAZAttach parameter 26a21d597 Support for PowerMax Cinder Backend 069a37fa2 Support for mariadb's ed25519 authentication 9d1a35548 [Q->T] Alow supplying command options to leapp 697800360 Add IronicDhcpv6StatefulAddressCount parameter 19f6f42a5 swift-external: deprecate External*Url d570a95c4 Move ceph-rgw and config overrides variables bc63a7b1c [OVN] SRIOV with native OVN DHCP server 553b61ca2 Add new parameter NovaSchedulerEnableIsolatedAggregateFiltering fd1767193 nova-compute: disable scale_tasks when docker is used cf3c03ebd Use kolla tools for memcached configuration 947d3b118 [TRAIN-ONLY] Fix indentation 12bdd6feb [Q->T] Introduce Queens to Train Upgrade 6c04309a3 Move the haproxy iptables rules creation to host_prep_tasks 5b5780c15 Skip both tenant and management networks when generating certs eb414b0de Added scale_tasks to handle cleanup on scale down of nodes 69c2b13f9 Add Octavia OVN Provider configuration 3b5fca296 Exclude /var/lib/ironic/* from container-puppet.sh rsync 0d783d38e Properly place undercloud hosts record upgrade task 2e57b2b8a Create DNS entries in IPA for openstack services afb7b78e3 Add new composable service for IpaClient 86f149ae3 Include {{step}} when setting facts 4ac2d6436 Switch to docker pull aeb5bc9b9 Workaround for cinder A/A and etcd with TLS-everywhere fc36448fe Introduce {{role.name}}ExtraGroupVars f3aaeda76 Add new parameter NovaSchedulePlacementAggregateRequiredForTenants d6cd50b37 Switch to podman_image module 3caf2186c Fetch containers early cd29180c3 Use exec when spawning any neutron sidecar container a5e551cb6 Fix regression in container-puppet.py 7ac642644 Fix selinux denial on centos8/rhel8 when relabelling /var/lib/nova eedb679db Do not fail if /usr/sbin/nft is not present b9c43e1f4 add tht/common to trigger path 0ce171614 [TRAIN-ONLY] Fix systemd-wrapper integration during update. c759bb68c ovn_dbs_virtual_ip created even though ovn is disabled 7529b8cd4 Drop unused remnants of the hosts-config bits ba7193495 Use lists for storing host entries in Heat 3fff96c36 Fail NetworkConfig task on timeout 92433d5c9 Add DNS related settings 7dea79a9e Create a new parameter for the HAProxy external network eea3ff0e1 Tolerate NFS exports in /var/lib/nova when selinux relabelling 59f34c3af Ensure consistency with hostname comparison f6b5ecde9 Revert "Stop using swift temp url for config transport" eec17c517 Pass server metadata to ansible group vars cbec6b3c2 Allow disabling the octavia provider b9ae8b6b5 Add always tags for hieradata render in external upgrade. e7a4cee7b HA: drop spurious mysql user on stack deploy ae38157db Neutron ML2/OVN: Add support to enable IGMP Snooping c3b24599d [train/backport] Prevent nftables to interfere with tripleo firewall c40fa7055 DCN/Edge: Handle ipv6 address for local glance endpoint 2c29f7cb4 Introduce environments/disable-swift.yaml 5f00163a0 HA: check before restarting resource on stack update 1e1f6c769 Parse healthchecks.log instead fetching systemd data bf9c153d0 Fix dashboard_frontend_vip parameter 52a3f896d Move ceph-ansible required variables in the main group 18e574ac4 Use jinja raw tag instead of quoted concatenation fa4214095 Use exists filter instead of stat where possible 8df8c9e38 Fix the mounting issues for the TLS everywhere deployment 99f24b64b Remove unneccessary indentation from common tasks 0e6720a19 ControlPlaneSubnetCidr in net_vip_map_external 393b3b16d Use a smaller,static custom mapping file for Mistral and TripleO dbda46256 Add STF environment 8b8194b17 Generate /etc/hosts early on both under and overcloud 7f8b87a90 Always set hieradata for certmonger_ca 9a7b054f5 Add CephBasePoolVars and CephKeyVars structures d69ec8a5c Fix TenantInterfaceDefaultRoute in net-env-v6 31c6b199b Replace chronyc "waitsync" with "makestep" 85850d8af [TRAIN and before] Introduce ContainerCpusetCpus 76de3fd93 Use exec when spawning dnsmasq inside sidecar container 025171a3a Add j2 per-role MetricsQdrNetwork 7c01813e2 Don't add IpList for disabled networks 40a1e5ba1 rabbitmq: Open ports 25673-25683 for CLI tools 6c2b9900a Create ResellerAdmin role when deploying Ceph RGW 445387589 Use a common playbook import for common plays bee336a03 Use a jinja block to reduce str_replace repetition 6d194bc93 [TRAIN-ONLY] Finish Ceilometer-Panko decouple 16e5e1737 Remove duplicated topic parts from default value 5108054aa [TRAIN-ONLY] Add systemd-wrapper update tasks 2661ea24b [update/upgrade] Use include_tasks instead of import_tasks 95f2e100d Optionally configure Ceph RGW listener with SSL 81c223792 Trigger ceph-ansible on ceph_systemd tag too e4abce799 Cleanup tasks for container-puppet.py 100ed1925 Add the certificate specs in ceph_mgr service d82e6d3ed Update the number of keystone workers 87e241134 Fix mapping of KeystoneOpenIdcEnableOAuth 851bbb31e Remove all ignore_errors to avoid confusion when debugging 8687f5f2a Remove comment about tripleo_container_manage being experimental ae2aac5d0 nova-compute-container: add missing condition for ksmdisabled 5caef8de1 Run the swift_rsync container unprivileged 2bd4cdeb2 HA: reorder init_bundle and restart_bundle for improved updates aabb3cace Restart ovn-dbs resource to take new VIP property. 33ce60d6a Check Ceph*Key value format and halt on error 5ac7a8c49 Remove support for ceph-ansible fetch directory 49fc109bb Configure Undercloud hostname in the overcloud during upgrade. 779f1c846 Add support for glance multistore a20a4f6dc Use ipc:host for cinder-backup 3e2d1fa61 Add setfacl statements for neutron metadata proxy a95fc76f2 Fix krb-service-principals with service_net_map_replace dc4ecf797 Add ceph_ansible_repo variable on ceph-base fb7127a6e Enable sudo rule creation 0a1aeba00 Fix dcn-hci resource mapping path 9545cbc38 NodeDataLookup utility should rely on python env 5f85abc14 Remove BlockStorageCinderVolume service from certain DCN roles 6f2e19988 Add an environment to disable Paunch 5322f30b3 [TRAIN] Backport squash for container-puppet.py ed158f786 Set octavia-ansible dir ownership to Ansible user 8eeba7f51 Add swiftoperator role on ceph-rgw template fadbafd42 tripleo_container_manage: set tripleo_container_manage_check_puppet_config 32279c4a3 [train-squash] Backport "all Keystone resources with Ansible" bf6154170 Introduce CephExternalMultiConfig 0cd97e44c Force facts cache refreshing after OS upgrade. b2f4d6899 Add DCN Scale Out Roles ed4ed7762 Ensures rsync is present on the overcloud nodes 0ac37029f Ensure /var/run/octavia is present upon reboot c41efb62d Fix permission issue when removing octavia temp dirs 83d4e84a4 Add DeployIdentifier to extra config containers a9c6cd058 [stable/train only] Use service_name in heira for firewall rules 2f9a570fb [train-squash] Backport keystone/bootstrap changes 8316a6142 Deploy /etc/openstack/clouds.yaml with Ansible c92f5c4a3 Add support to run Container Puppet tasks without Paunch aa365ee11 [update] Ensure we get fresh hiera data before running update_steps. a885c0e17 Add dependency for enable KSM for RHEL/CentOS8 852dc1013 Remove libvirt packaged dependencies 2d265e868 Use a systemd service to handle sidecar containers 7683b8bca Dynamically include container-puppet tasks cabbd38cf Increase concurrency when starting containers 289632dd6 Remove static reference to InternalApi network 6bfd65adf Enable configuration of notifier publishers d58c133d3 Replace '' by [] when a bind mount isn't needed 60d21eef4 Remove unnecessary slash volume maps e7351d44c [train-squash] Backport legacy log folder and readme cleanups 18f2c2796 Create /var/lib/config-data if it doesn't exist. cb174c919 Default all roles for deployed-server to net-config-static-bridge 2dd84fa5c Rename common deploy step 1 tasks 0551958a1 container-puppet.sh: add -r to rm command 591dd0809 Dynamically include generate-config tasks 45850442d [SQUASH] backport tripleo-container-manage to stable/train c8144799e Update ro excludes ab9f1c1a8 Use action plugin for all_nodes data b2f6cee43 Fix undefined variable in cinder_backup service. bd4c3f6dc container-puppet: update 'env' when not null 87d994905 Generate startup configs files per step and per container 03925f8c9 Fix Placement password hiera is not set for Neutron 26e00764f Swap tasks to avoid non-existing variable error. b2de751d7 Ignore SR-IOV VFs on dhcp_all_interfaces list 73bb3149f Remove all the "container_cli rmi -f" from HA containers fc52667ee Update ffwd-upgrade branch names e04f031b8 Remove stray conditional from aodh-evaluator tasks 2051459b8 Revert "Remove panko" 268610fc3 Ensure Ceph dependencies are installed in pre-provisioned nodes a5e278ea9 Fix keepalived logging on disk d7b13a24d Fix hieradata for Heat API timeout 6d625c3e9 [train/stein] Increase resource bundle timeout during update. e204f16e5 Fix kill-script 97c2d4b99 Switch from 'podman rm' to tripleo-container-rm role 2cbcbb08e Revert "Remove libvirt packaged dependencies" due to https://bugs.launchpad.net/tripleo/+bug/1860971 and planning a backport later 7e1f831fd Correct current cinder-backup image var for upgrades 79c82c231 Add network vip mapping into service data ad95b28c8 Drop z flag on /var/run, it prevents redeployment 557c0c358 Check to make sure compute service is deployed before scale down f632ea38a Force facts cache refreshing before upgrade. 36f9cc78c Set octavia services' stop grace period to 300sec bbe15dae0 split() function expects string not array a854080cb Fix generation of TRIPLEO_CONFIG_HASH for services b1ac5e1e2 [TRAIN ONLY] Check for correct file during --skip-deploy-identifier handling. fb6cbd625 roles: Update description of ComputeRealTime role b1e1e5d31 Add 'scale-up' upgrade steps for cinder-volume b363837fd Add 'scale-up' upgrade steps for cinder-backup 279de1604 Add 'scale-up' upgrade steps for manila fa67cb17a Fix incorrect parameter to set max delay in cinder db purge cron 1e9b551b1 Assign service role for ironic user f38d39d14 Enable external public endpoint for MetricsQdr c9b8b1576 roles: Remove use of NovaVcpuPinSet from ComputeRealTime 66f13a180 Add swiftoperator role on ceph-rgw template f7a0aff19 Use list join for rendering rear config file in heat eb245497e Remove docker_config step 3 for ovn already cover by kolla script 82e2f9dea clustercheck: use fqdn instead of ip for bind address b10f7e2f0 depends_on: add .service to avoid errors in logs f90eb2caa Fix deployment on pacemaker remote nodes 7f9b6c40f Ovn upgrade - test if db already exist 90ed42da1 Don't disable compute cell in scale down tasks for additional cells d8de6badf Add missing any_errors_fatal 9cb5fb76d Open ports for Metrics QDRs 220661582 Remove libvirt packaged dependencies 4d21352e3 Bypass openvswitch update logic if expected packages are not present 4feedd4f0 nova: Always provide LIBGUESTFS_BACKEND=libvirt:qemu:///system 084acebd9 Remove previously deprecated deployed-server bootstrap files 2fc743762 Add 'never' to the tags set for the Ceph systemd units migration task 536550371 Remove upload_validations workflow execution dada51248 Modify import_role to include_role for boot params service f9afb87b4 horizon: put plugins toggles in quotes 02faf53ea Mount /boot from the host within the nova-compute container 8a3735015 Fix permission error if Barbican is enabled for Swift d76180973 Adding ReaR THT e5e6b95bb Run update without yum update to apply hotfixes. 8f93d271a HA: Fix the cluster common tag behaviour with podman 30bde6129 Introduce CephExtraKeys f19e2c714 Use include_tasks instead of import_tasks 02f643cd9 Create a dedicated log file for healthchecks for collectd 00c17b368 Add ability to deploy glance at DCN/Edge sites 259de9b99 Do not configure Hiera and Hieradata in Ansible check mode 7148ebd21 Try deleting container for failures too 7362626ca Use async tasks for long running common tasks 829cefa76 Execute deploy_steps_tasks per step 3bdf0c980 Use ansible for hosts entries bb456e970 Fix rsyslog issues 3d4298a67 Fix typos in hiera values 7ee6cdec1 Make pcsd listen on PacemakerNetwork/PacemakerRemoteNetwork 6fb2aa195 Correct invalid jinja set 13380daec Provide option to set reserved_huge_pages c9dd7ebcf Provide utility to generate NodeDataLookup from Ironic 4b6eb4ca9 Move some common tasks to step 1 add09e863 HA: increase resource default op timeout for podman bundles 9c2008514 ovn standalone: Start OVN ovsdb-servers using the kolla startup script b3bbc24ca Enable horizon healthcheck 8184b9497 Fix Octavia to use correct Puppet class 414449705 Enable healthcheck script in clustercheck service d48f73b18 Remove ceph backend by default for gnocchi fd61d8c98 Move the legacy telemetry environment template to correct location ef66a0f4f Add Octavia anti-affinity parameters 5352a88fe Revert "Disable ceph dashboard to fix upstream ci" 3b6f7d057 Remove unused post update and upgrade tasks Diffstat (except docs and test files) ------------------------------------- README.rst | 2 + all-nodes-validation.yaml | 51 - bindep.txt | 6 + ci/common/all-nodes-validation-disabled.yaml | 43 - ci/common/ironic_standalone_post.yaml | 6 - ci/common/vbmc_setup.yaml | 33 +- ci/environments/disable-unbound.yaml | 2 +- ci/environments/multinode-3nodes-registry.yaml | 1 + ci/environments/multinode-containers.yaml | 6 +- .../network-isolation-absolute.yaml | 1 - .../multiple-nics-ipv6/network-isolation.yaml | 1 - ci/environments/neutron_l3_qos.yaml | 2 + ci/environments/octavia-kvm.yaml | 7 + .../scenario000-multinode-containers.yaml | 4 +- .../scenario001-multinode-containers.yaml | 24 +- ci/environments/scenario001-standalone.yaml | 99 +- .../scenario002-multinode-containers.yaml | 3 + ci/environments/scenario002-standalone.yaml | 10 +- ci/environments/scenario003-standalone.yaml | 5 - .../scenario004-multinode-containers.yaml | 1 + ci/environments/scenario004-standalone.yaml | 14 +- .../scenario007-multinode-containers.yaml | 4 +- ci/environments/scenario007-standalone.yaml | 4 +- .../scenario010-multinode-containers.yaml | 4 +- ci/environments/scenario010-standalone.yaml | 12 +- ci/environments/scenario012-standalone.yaml | 16 +- ci/environments/standalone-ipa.yaml | 23 + common/container-puppet.py | 813 ++++++++------ common/container-puppet.sh | 30 +- common/deploy-steps-playbooks-common.yaml | 77 ++ common/deploy-steps-tasks-step-0.j2.yaml | 38 +- common/deploy-steps-tasks-step-1.yaml | 157 ++- common/deploy-steps-tasks.yaml | 538 ++++----- common/deploy-steps.j2 | 1036 +++++------------- common/generate-config-tasks.yaml | 109 ++ common/hiera-steps-tasks.yaml | 35 + common/host-container-puppet-tasks.yaml | 86 ++ common/services/role.role.j2.yaml | 31 +- config-download-software.yaml | 1 + config-download-structured.yaml | 1 + container_config_scripts/cinder_ffu_db_sync.sh | 42 + container_config_scripts/glance_ffu_db_sync.sh | 21 + container_config_scripts/keystone_ffu_db_sync.sh | 25 + container_config_scripts/manila_ffu_db_sync.sh | 34 + container_config_scripts/mistral_ffu_db_sync.sh | 20 + .../monitoring/collectd_check_health.py | 70 ++ container_config_scripts/neutron_db_rename.sh | 38 + container_config_scripts/neutron_ffu_db_sync.sh | 20 + container_config_scripts/nova_ffu_db_sync.sh | 45 + .../nova_statedir_ownership.py | 119 +- .../pacemaker_restart_bundle.sh | 113 +- container_config_scripts/pacemaker_wait_bundle.sh | 320 ++++++ container_config_scripts/wait-port-and-run.sh | 18 + .../deployed-server-bootstrap-centos.sh | 38 - .../deployed-server-bootstrap-centos.yaml | 27 - deployed-server/deployed-server-bootstrap-rhel.sh | 35 - .../deployed-server-bootstrap-rhel.yaml | 27 - deployed-server/deployed-server-roles-data.yaml | 1 + deployed-server/scripts/enable-ssh-admin.sh | 32 +- deployment/README.rst | 45 +- deployment/aodh/aodh-api-container-puppet.yaml | 112 +- deployment/aodh/aodh-base.yaml | 9 +- .../aodh/aodh-evaluator-container-puppet.yaml | 32 +- .../aodh/aodh-listener-container-puppet.yaml | 31 +- .../aodh/aodh-notifier-container-puppet.yaml | 30 +- deployment/apache/apache-baremetal-puppet.j2.yaml | 24 +- .../backup-and-restore/rear-baremetal-ansible.yaml | 105 ++ .../barbican/barbican-api-container-puppet.yaml | 183 +++- .../barbican-backend-pkcs11-crypto-puppet.yaml | 14 +- deployment/barbican/barbican-client-puppet.yaml | 61 ++ .../liquidio-compute-config-container-puppet.yaml | 2 +- .../ceilometer-agent-central-container-puppet.yaml | 44 +- .../ceilometer-agent-compute-container-puppet.yaml | 34 +- .../ceilometer-agent-ipmi-container-puppet.yaml | 31 +- ...ometer-agent-notification-container-puppet.yaml | 153 ++- .../ceilometer-base-container-puppet.yaml | 56 +- deployment/ceph-ansible/ceph-base.yaml | 526 ++++++--- deployment/ceph-ansible/ceph-client.yaml | 15 +- deployment/ceph-ansible/ceph-external.yaml | 5 +- deployment/ceph-ansible/ceph-grafana.yaml | 30 +- deployment/ceph-ansible/ceph-mds.yaml | 13 +- deployment/ceph-ansible/ceph-mgr.yaml | 105 +- deployment/ceph-ansible/ceph-mon.yaml | 26 +- deployment/ceph-ansible/ceph-nfs.yaml | 51 +- deployment/ceph-ansible/ceph-osd.yaml | 65 +- deployment/ceph-ansible/ceph-rbdmirror.yaml | 5 +- deployment/ceph-ansible/ceph-rgw.yaml | 135 ++- .../certs/certmonger-user-baremetal-puppet.yaml | 15 +- deployment/cinder/cinder-api-container-puppet.yaml | 270 +++-- .../cinder-backend-dellemc-powermax-puppet.yaml | 110 ++ .../cinder/cinder-backend-dellemc-sc-puppet.yaml | 149 +++ .../cinder-backend-dellemc-vxflexos-puppet.yaml | 148 +++ .../cinder-backend-dellemc-xtremio-puppet.yaml | 118 ++ .../cinder/cinder-backend-netapp-puppet.yaml | 2 +- .../cinder/cinder-backup-container-puppet.yaml | 12 +- .../cinder/cinder-backup-pacemaker-puppet.yaml | 160 +-- deployment/cinder/cinder-base.yaml | 2 +- .../cinder/cinder-common-container-puppet.yaml | 121 +- .../cinder/cinder-scheduler-container-puppet.yaml | 45 +- .../cinder/cinder-volume-container-puppet.yaml | 51 +- .../cinder/cinder-volume-pacemaker-puppet.yaml | 151 +-- .../openstack-clients-baremetal-puppet.yaml | 1 + deployment/containers-common.yaml | 30 +- deployment/database/mysql-base.yaml | 22 + deployment/database/mysql-container-puppet.yaml | 64 +- deployment/database/mysql-pacemaker-puppet.yaml | 142 ++- deployment/database/redis-container-puppet.yaml | 36 +- deployment/database/redis-pacemaker-puppet.yaml | 132 +-- .../docker/docker-baremetal-ansible.yaml | 12 + .../panko/panko-api-container-puppet.yaml | 375 +++++++ deployment/etcd/etcd-container-puppet.yaml | 110 +- .../designate/designate-api-container-puppet.yaml | 31 +- .../experimental/designate/designate-base.yaml | 2 +- .../designate-central-container-puppet.yaml | 21 +- .../designate/designate-mdns-container-puppet.yaml | 12 +- .../designate-producer-container-puppet.yaml | 13 +- .../designate/designate-sink-container-puppet.yaml | 13 +- .../designate-worker-container-puppet.yaml | 15 +- deployment/glance/glance-api-container-puppet.yaml | 283 +++-- .../glance/glance-api-edge-container-puppet.yaml | 91 ++ .../glance/glance-api-logging-file-container.yaml | 11 +- .../gnocchi/gnocchi-api-container-puppet.yaml | 199 ++-- .../gnocchi/gnocchi-metricd-container-puppet.yaml | 47 +- .../gnocchi/gnocchi-statsd-container-puppet.yaml | 49 +- deployment/haproxy/haproxy-container-puppet.yaml | 31 +- .../haproxy/haproxy-edge-container-puppet.yaml | 149 +++ .../haproxy-internal-tls-certmonger.j2.yaml | 19 + deployment/haproxy/haproxy-pacemaker-puppet.yaml | 135 ++- .../haproxy/haproxy-public-tls-certmonger.yaml | 33 +- deployment/haproxy/haproxy-public-tls-inject.yaml | 48 +- deployment/heat/heat-api-cfn-container-puppet.yaml | 67 +- .../heat/heat-api-cloudwatch-disabled-puppet.yaml | 24 - deployment/heat/heat-api-container-puppet.yaml | 93 +- deployment/heat/heat-base-puppet.yaml | 7 +- deployment/heat/heat-engine-container-puppet.yaml | 80 +- deployment/horizon/horizon-container-puppet.yaml | 106 +- deployment/ipa/ipaclient-baremetal-ansible.yaml | 27 +- deployment/ipa/ipaservices-baremetal-ansible.yaml | 179 +++ deployment/ironic/ironic-api-container-puppet.yaml | 174 +-- .../ironic/ironic-conductor-container-puppet.yaml | 62 +- .../ironic/ironic-inspector-container-puppet.yaml | 194 ++-- .../ironic-neutron-agent-container-puppet.yaml | 2 +- deployment/ironic/ironic-pxe-container-puppet.yaml | 24 +- deployment/iscsid/iscsid-container-puppet.yaml | 69 +- .../keepalived/keepalived-container-puppet.yaml | 17 +- deployment/kernel/kernel-baremetal-ansible.yaml | 4 + .../kernel-boot-params-baremetal-ansible.yaml | 24 +- deployment/keystone/keystone-container-puppet.yaml | 345 +++--- deployment/logging/files/barbican-api.yaml | 13 +- deployment/logging/files/heat-api-cfn.yaml | 13 +- deployment/logging/files/heat-api.yaml | 13 +- deployment/logging/files/heat-engine.yaml | 11 +- deployment/logging/files/keystone.yaml | 13 +- deployment/logging/files/neutron-api.yaml | 13 +- deployment/logging/files/neutron-common.yaml | 11 +- deployment/logging/files/nova-api.yaml | 13 +- deployment/logging/files/nova-common.yaml | 11 +- deployment/logging/files/nova-libvirt.yaml | 10 +- deployment/logging/files/nova-metadata.yaml | 13 +- deployment/logging/files/panko-api.yaml | 51 + deployment/logging/files/placement-api.yaml | 13 +- deployment/logging/rsyslog-container-puppet.yaml | 40 +- deployment/logging/stdout/haproxy.yaml | 2 +- deployment/logging/stdout/panko-api.yaml | 63 ++ .../logrotate-crond-container-puppet.yaml | 2 +- deployment/logrotate/tmpwatch-install.yaml | 3 +- deployment/manila/manila-api-container-puppet.yaml | 182 +-- deployment/manila/manila-backend-cephfs.yaml | 2 + deployment/manila/manila-base.yaml | 2 +- .../manila/manila-scheduler-container-puppet.yaml | 33 +- deployment/manila/manila-share-common.yaml | 2 +- .../manila/manila-share-container-puppet.yaml | 31 +- .../manila/manila-share-pacemaker-puppet.yaml | 161 +-- .../memcached/memcached-container-puppet.yaml | 56 +- .../messaging/rpc-qdrouterd-container-puppet.yaml | 5 +- deployment/metrics/collectd-container-puppet.yaml | 300 +++-- deployment/metrics/qdr-container-puppet.yaml | 131 ++- deployment/mistral/mapping.json | 373 +++++++ .../mistral/mistral-api-container-puppet.yaml | 110 +- deployment/mistral/mistral-base.yaml | 13 +- .../mistral/mistral-engine-container-puppet.yaml | 13 +- .../mistral-event-engine-container-puppet.yaml | 13 +- .../mistral/mistral-executor-container-puppet.yaml | 15 +- deployment/multipathd/multipathd-container.yaml | 4 +- .../neutron/derive_pci_passthrough_whitelist.py | 247 ++++- deployment/neutron/kill-script | 27 +- .../neutron-agents-ib-config-container-puppet.yaml | 7 + .../neutron/neutron-api-container-puppet.yaml | 181 +-- deployment/neutron/neutron-base.yaml | 2 +- .../neutron/neutron-dhcp-container-puppet.yaml | 116 +- .../neutron-l2gw-agent-baremetal-puppet.yaml | 2 +- .../neutron/neutron-l3-container-puppet.yaml | 119 +- .../neutron/neutron-metadata-container-puppet.yaml | 47 +- .../neutron-mlnx-agent-container-puppet.yaml | 13 +- .../neutron-ovn-dpdk-config-container-puppet.yaml | 6 + .../neutron-ovs-agent-container-puppet.yaml | 55 +- .../neutron-ovs-dpdk-agent-container-puppet.yaml | 32 +- ...eutron-plugin-ml2-ansible-container-puppet.yaml | 2 +- deployment/neutron/neutron-plugin-ml2-ovn.yaml | 5 + deployment/neutron/neutron-plugin-ml2.yaml | 14 + .../neutron-sriov-agent-container-puppet.yaml | 116 +- deployment/nova/nova-api-container-puppet.yaml | 373 +++---- deployment/nova/nova-az-config.yaml | 2 +- deployment/nova/nova-base-puppet.yaml | 13 +- deployment/nova/nova-compute-container-puppet.yaml | 564 +++++++--- .../nova/nova-conductor-container-puppet.yaml | 104 +- deployment/nova/nova-ironic-container-puppet.yaml | 60 +- deployment/nova/nova-libvirt-container-puppet.yaml | 334 +++--- .../nova/nova-libvirt-guests-container-puppet.yaml | 11 +- .../nova/nova-metadata-container-puppet.yaml | 41 +- .../nova-migration-target-container-puppet.yaml | 30 +- .../nova/nova-scheduler-container-puppet.yaml | 53 +- .../nova/nova-vnc-proxy-container-puppet.yaml | 82 +- deployment/nova/novajoin-container-puppet.yaml | 46 +- .../octavia/octavia-api-container-puppet.yaml | 192 ++-- deployment/octavia/octavia-base.yaml | 24 +- .../octavia/octavia-deployment-config.j2.yaml | 36 +- .../octavia-health-manager-container-puppet.yaml | 106 +- .../octavia-housekeeping-container-puppet.yaml | 26 +- .../octavia/octavia-worker-container-puppet.yaml | 51 +- .../octavia/providers/ovn-provider-config.yaml | 150 +++ ...vswitch-dpdk-netcontrold-container-ansible.yaml | 2 +- .../ovn/ovn-controller-container-puppet.yaml | 140 ++- deployment/ovn/ovn-dbs-container-puppet.yaml | 99 +- deployment/ovn/ovn-dbs-pacemaker-puppet.yaml | 159 +-- deployment/ovn/ovn-metadata-container-puppet.yaml | 95 +- .../pacemaker/clustercheck-container-puppet.yaml | 14 +- .../compute-instanceha-baremetal-puppet.yaml | 17 + .../pacemaker/pacemaker-baremetal-puppet.yaml | 101 +- .../pacemaker-remote-baremetal-puppet.yaml | 66 ++ .../placement/placement-api-container-puppet.yaml | 61 +- deployment/podman/podman-baremetal-ansible.yaml | 77 +- deployment/qdr/qdrouterd-container-puppet.yaml | 13 +- deployment/rabbitmq/rabbitmq-container-puppet.yaml | 52 +- ...rabbitmq-messaging-notify-container-puppet.yaml | 47 +- ...rabbitmq-messaging-notify-pacemaker-puppet.yaml | 120 +- .../rabbitmq-messaging-pacemaker-puppet.yaml | 120 +- .../rabbitmq-messaging-rpc-container-puppet.yaml | 47 +- .../rabbitmq-messaging-rpc-pacemaker-puppet.yaml | 120 +- deployment/sahara/sahara-api-container-puppet.yaml | 69 +- deployment/sahara/sahara-base.yaml | 2 +- .../sahara/sahara-engine-container-puppet.yaml | 31 +- .../skydive/skydive-agent-baremetal-ansible.yaml | 40 - .../skydive-analyzer-baremetal-ansible.yaml | 179 --- deployment/snmp/snmp-baremetal-puppet.yaml | 2 +- .../external-swift-proxy-baremetal-puppet.yaml | 72 +- .../swift-refresh-rings-cc327f998490b0df.yaml | 6 + deployment/swift/swift-proxy-container-puppet.yaml | 90 +- .../swift/swift-ringbuilder-container-puppet.yaml | 27 +- .../swift/swift-storage-container-puppet.yaml | 163 +-- deployment/timesync/chrony-baremetal-ansible.yaml | 4 +- deployment/tls/undercloud-tls.yaml | 99 ++ .../tripleo-packages-baremetal-puppet.yaml | 536 ++++----- deployment/undercloud/minion-rabbitmq-puppet.yaml | 25 +- .../undercloud/tempest-container-puppet.yaml | 11 +- deployment/undercloud/undercloud-upgrade.yaml | 188 +--- ...tas-hyperscale-controller-baremetal-puppet.yaml | 28 +- deployment/vpp/vpp-baremetal-puppet.yaml | 2 +- deployment/zaqar/zaqar-container-puppet.yaml | 87 +- environments/backup-and-restore/rear.yaml | 3 + environments/barbican-backend-pkcs11-lunasa.yaml | 50 + environments/ceph-ansible/ceph-ansible.yaml | 7 + environments/cinder-dellemc-powermax-config.yaml | 29 + environments/cinder-dellemc-sc-config.yaml | 39 + environments/cinder-dellemc-vxflexos-config.yaml | 35 + environments/cinder-dellemc-xtremio-config.yaml | 28 + environments/cinder-netapp-config.yaml | 2 +- environments/compute-real-time-example.yaml | 20 +- environments/dcn-hci.yaml | 22 +- environments/dcn.yaml | 18 + ...ployed-server-bootstrap-environment-centos.yaml | 11 - ...deployed-server-bootstrap-environment-rhel.yaml | 11 - environments/deployed-server-environment.j2.yaml | 4 +- environments/disable-panko.yaml | 11 + environments/disable-paunch.yaml | 6 + environments/disable-swift.yaml | 6 + environments/disable-telemetry.yaml | 1 + .../enable-legacy-telemetry.yaml | 8 +- environments/enable-stf.yaml | 39 + environments/hyperconverged-ceph.yaml | 2 +- environments/lifecycle/ffwd-upgrade-converge.yaml | 1 + environments/lifecycle/ffwd-upgrade-prepare.yaml | 3 +- .../lifecycle/undercloud-upgrade-prepare.yaml | 1 + environments/lifecycle/update-prepare.yaml | 4 + environments/lifecycle/upgrade-converge.yaml | 24 +- environments/lifecycle/upgrade-prepare.yaml | 17 +- environments/metrics/ceilometer-write-qdr.yaml | 6 +- environments/metrics/collectd-write-qdr.yaml | 8 +- environments/metrics/qdr-edge-only.yaml | 8 +- environments/metrics/qdr-form-controller-mesh.yaml | 6 - environments/network-environment-v6.j2.yaml | 10 +- environments/network-isolation-v6-all.j2.yaml | 2 - environments/network-isolation-v6.j2.yaml | 2 - environments/nova-nuage-config.yaml | 1 - environments/public-tls-undercloud.yaml | 1 + environments/rhsm.yaml | 2 + .../services-baremetal/neutron-ovn-dvr-ha.yaml | 2 + .../services-baremetal/neutron-ovn-ha.yaml | 4 + .../services-baremetal/undercloud-ceilometer.yaml | 3 + .../services-baremetal/undercloud-panko.yaml | 2 + environments/services/barbican-edge.yaml | 4 + environments/services/neutron-ovn-dvr-ha.yaml | 2 + environments/services/neutron-ovn-ha.yaml | 5 + environments/services/neutron-ovn-sriov.yaml | 1 - environments/services/neutron-ovn-standalone.yaml | 2 + environments/services/neutron-ovs.yaml | 1 + environments/services/skydive-environment.yaml | 12 - environments/services/undercloud-ceilometer.yaml | 3 + environments/services/undercloud-panko.yaml | 4 + environments/services/undercloud-tls.yaml | 4 + environments/ssl/enable-internal-tls.j2.yaml | 2 + environments/ssl/enable-tls.yaml | 4 + environments/ssl/no-tls-endpoints-public-ip.yaml | 8 + environments/ssl/tls-endpoints-public-dns.yaml | 10 +- environments/ssl/tls-endpoints-public-ip.yaml | 10 +- environments/ssl/tls-everywhere-endpoints-dns.yaml | 10 +- environments/standalone.yaml | 3 +- environments/standalone/standalone-overcloud.yaml | 2 + environments/standalone/standalone-tripleo.yaml | 8 +- environments/stdout-logging.yaml | 1 + environments/storage-environment.yaml | 6 +- environments/storage/cinder-netapp-config.yaml | 2 +- environments/storage/cinder-nfs.yaml | 2 +- environments/swift-external.yaml | 6 +- environments/undercloud.yaml | 5 + environments/undercloud/undercloud-minion.yaml | 85 +- .../krb-service-principals/role.role.j2.yaml | 2 +- extraconfig/post_deploy/clouds_yaml.py | 54 - extraconfig/post_deploy/standalone_post.yaml | 73 -- extraconfig/post_deploy/undercloud_post.py | 9 +- extraconfig/post_deploy/undercloud_post.yaml | 43 +- firstboot/userdata_timesync.yaml | 2 +- hosts-config.yaml | 38 - lower-constraints.txt | 166 --- net-config-bridge.j2.yaml | 8 + net-config-linux-bridge.j2.yaml | 9 + ...config-static-bridge-with-external-dhcp.j2.yaml | 8 + .../config/multiple-nics-vlans/role.role.j2.yaml | 8 +- network/config/multiple-nics/role.role.j2.yaml | 6 +- network/endpoints/endpoint_data.yaml | 35 + network/endpoints/endpoint_map.yaml | 1153 +++++++++++++++++++- network/ports/net_ip_list_map.j2.yaml | 12 +- network/ports/net_vip_map_external.j2.yaml | 6 + network/ports/net_vip_map_external_v6.j2.yaml | 6 + network/ports/port_from_pool.j2 | 31 +- network/scripts/run-os-net-config.sh | 7 +- network/service_net_map.j2.yaml | 33 +- network_data_ganesha.yaml | 50 +- overcloud-resource-registry-puppet.j2.yaml | 29 +- overcloud.j2.yaml | 155 ++- puppet/extraconfig/pre_deploy/per_node.yaml | 4 +- puppet/role.role.j2.yaml | 54 +- ...ainerNovaLibvirtPidsLimit-cdad2166b6c0195f.yaml | 6 + .../IGMP-snooping-for-ml2ovs-d794ed4eab7c098c.yaml | 3 + .../NovaReservedHugePages-35a13e828bfc92e9.yaml | 10 + ...r-to-net_vip_map_external-c2c83431feaf7f35.yaml | 10 + ...d-barbican-client-for-dcn-7182e8bab41fce21.yaml | 13 + ...-anti-affinity-parameters-fe9222f17b16ee1f.yaml | 4 + .../add-octavia-provider-ovn-e3780665300e7c58.yaml | 5 + ...publictlscafile-parameter-0fd9c19dcd20be0b.yaml | 6 + ...ce_image_cache_prefetcher-288120ffa6ee2a13.yaml | 6 + .../adding-rear-service-5fac71fa6fbd9c9e.yaml | 5 + ...ddmemcachedmaxconnections-b591c0fa39e821f5.yaml | 6 + ...allow-resize-to-same-host-62f05a5370993425.yaml | 5 + .../automated-lvmfilter-3bee670c0108585a.yaml | 23 + ...ng-manila-share-protocols-6ea6bcbbe21b25ee.yaml | 7 + .../notes/bug-1895899-8d675670a0d05c15.yaml | 12 + ...eph_external_multi_config-80d707e5bf75e886.yaml | 5 + ...chcon-only-podman-upgrade-a2356adf59cde74b.yaml | 6 + .../notes/cinder-v1-cleanup-7154ca07652804cf.yaml | 11 + releasenotes/notes/cpu-flags-5b027db3eb2b86c2.yaml | 7 + .../notes/cpuset_cpus-4dbde2cec2152b30.yaml | 6 + ...-net-config-static-bridge-c15bf767d3a28759.yaml | 7 + ...sable-notification-driver-a888d4e9b8eed1dc.yaml | 6 + ...lated_aggregate_filtering-2aec5a693bf79852.yaml | 12 + ...dge-by-default-on-compute-f3ff6bf46ab80640.yaml | 15 + .../notes/extra_group_vars-aafa71945882442f.yaml | 7 + ...e-for-StorageNFS-net.yaml-bd77be924e8b7056.yaml | 20 + ...ure-when-network-disabled-156190243ff239ea.yaml | 6 + ...h-service-net-map-replace-463dd1296766cc47.yaml | 6 + ...er-agent-failed-on-reboot-373a31d28ea72587.yaml | 5 + .../notes/glance-multistore-82d4fc260acfb355.yaml | 12 + .../gnocchi-nfs-backend-90febc9f87e7df08.yaml | 9 + ...v6-stateful-address-count-ca568a32f07aec53.yaml | 7 + ...ronic_cleanup_config_data-1d4ae909c0869a90.yaml | 15 + ...use_bind_mounts_for_certs-64cb88f78538a64b.yaml | 13 + .../notes/mysql-auth-ed25519-28aaea4e69fbfdf7.yaml | 7 + ...dnsmasq_enable_addr6_list-ead32a7739431607.yaml | 6 + .../notes/new-pmem-params-18fb9c25808a7fe6.yaml | 14 + ...ova_api_max_limit-support-43fe9792eca63599.yaml | 5 + ..._compute_default_cpu_mode-cda2bb3e56463b3a.yaml | 11 + .../notes/nova_compute_ksm-444f1cc51ceafb66.yaml | 8 + .../nova_image_cache_ttl-824f241363b9dd4e.yaml | 8 + ...tadata_http_cert_metadata-274e7e8a66727983.yaml | 9 + ...gate_required_for_tenants-6c7d90fd01bcc88d.yaml | 11 + ...ent_for_availability_zone-ffd415710a9cb903.yaml | 9 + .../octavia-log-offload-d1617e767f688da1.yaml | 4 + ...ovn_igmp_snooping_support-eccdecde74f4b9c8.yaml | 5 + ...cluster-common-tag-podman-f9a71344af5c73d6.yaml | 7 + .../notes/powermax-driver-d428e372280c44e6.yaml | 6 + .../notes/remove-ValidateNtp-15724eaa8345aa4f.yaml | 8 + ...deployed-server-bootstrap-07590a3cf4688cc9.yaml | 11 + .../notes/remove_ffwd_tasks-d1ab630d96a66a59.yaml | 6 + releasenotes/notes/sc-driver-a428e372280c44e6.yaml | 6 + ...pport-glance-at-dcn-sites-6163b8f5333e31a7.yaml | 8 + ...swift-barbican-key-id-fix-108f8b58a5092d0a.yaml | 5 + .../swift-fix-ring-sync-7bf3ddbb1ea1e342.yaml | 6 + .../swift-mount-by-uuid-7744fe7696db4b85.yaml | 6 + .../notes/swift_external-d9870450f191b89a.yaml | 6 + ...ansible-for-hosts-entries-b4905552515e17ff.yaml | 6 + .../notes/vxflexos-driver-bec8e372280c44e6.yaml | 4 + .../notes/xtremio-driver-a428f372280c44e6.yaml | 7 + .../zaqar_ws_timeout_tunnel-d5d1e900dce79b34.yaml | 7 + roles/BlockStorage.yaml | 1 + roles/CellController.yaml | 1 - roles/Compute.yaml | 2 +- roles/ComputeAlt.yaml | 1 - roles/ComputeDVR.yaml | 1 - roles/ComputeHCI.yaml | 2 +- roles/ComputeHCIOvsDpdk.yaml | 2 +- roles/ComputeInstanceHA.yaml | 1 - roles/ComputeLiquidio.yaml | 1 - roles/ComputeLocalEphemeral.yaml | 2 +- roles/ComputeOvsDpdk.yaml | 2 +- roles/ComputeOvsDpdkRT.yaml | 3 +- roles/ComputeOvsDpdkSriov.yaml | 1 - roles/ComputeOvsDpdkSriovRT.yaml | 2 +- roles/ComputePPC64LE.yaml | 2 +- roles/ComputeRBDEphemeral.yaml | 2 +- roles/ComputeRealTime.yaml | 21 +- roles/ComputeSriov.yaml | 2 +- roles/ComputeSriovIB.yaml | 1 - roles/ComputeSriovRT.yaml | 3 +- roles/Controller.yaml | 11 +- roles/ControllerAllNovaStandalone.yaml | 3 +- roles/ControllerNoCeph.yaml | 8 +- roles/ControllerNovaStandalone.yaml | 7 +- roles/ControllerOpenstack.yaml | 4 +- roles/ControllerSriov.yaml | 183 ++++ roles/ControllerStorageDashboard.yaml | 8 +- roles/ControllerStorageNfs.yaml | 8 +- roles/DistributedCompute.yaml | 7 +- roles/DistributedComputeHCI.yaml | 8 +- roles/DistributedComputeHCIDashboard.yaml | 80 ++ roles/DistributedComputeHCIScaleOut.yaml | 69 ++ roles/DistributedComputeScaleOut.yaml | 66 ++ roles/HciCephAll.yaml | 2 +- roles/HciCephFile.yaml | 2 +- roles/HciCephMon.yaml | 2 +- roles/HciCephObject.yaml | 2 +- roles/Minimal.yaml | 30 + roles/Networker.yaml | 1 - roles/NetworkerSriov.yaml | 55 + roles/Novacontrol.yaml | 1 - roles/ObjectStorage.yaml | 1 + roles/README.rst | 1 + roles/Standalone.yaml | 8 +- roles/Telemetry.yaml | 1 + roles/Undercloud.yaml | 4 + roles/UndercloudMinion.yaml | 1 + roles_data.yaml | 15 +- roles_data_undercloud.yaml | 5 +- sample-env-generator/dcn.yaml | 18 +- sample-env-generator/ssl.yaml | 45 +- sample-env-generator/standalone.yaml | 15 +- sample-env-generator/storage.yaml | 1 + sample-env-generator/undercloud-minion.yaml | 52 +- scripts/hosts-config.sh | 47 - tools/make_ceph_disk_list.py | 141 +++ tools/yaml-validate.py | 32 +- tox.ini | 7 - validation-scripts/all-nodes.sh | 40 - zuul.d/layout.yaml | 128 +-- 474 files changed, 15544 insertions(+), 8394 deletions(-)