We eagerly announce the release of: tripleo-heat-templates 12.1.0: Heat templates for deploying OpenStack with OpenStack. This release is part of the ussuri release series. The source is available from: https://opendev.org/openstack/tripleo-heat-templates Download the package from: https://tarballs.openstack.org/tripleo-heat-templates/ Please report issues through: https://bugs.launchpad.net/tripleo/+bugs For more details, please see below. 12.1.0 ^^^^^^ New Features ************ * Added the configuration option to set reserved_huge_pages. When NovaReservedHugePages is set, "reserved_huge_pages" is set to the value of NovaReservedHugePages. If NovaReservedHugePages is unset and OvsDpdkSocketMemory is set, reserved_huge_pages value is calcuated from KernelArgs and OvsDpdkSocketMemory. KernelArgs helps determine the default huge page size used, the default is set to 2048kb and OvsDpdkSocketMemory helps determine the number of hugepages to reserve. * Adds parameter for configuring heat client_retry_limit config option to increase the number of retries for transient errors. * Added the Octavia anti-affinity parameters. * The new parameter CephExternalMultiConfig may be used to configure OpenStack to use multiple external Ceph clusters. * Introduces two new parameters to configure the archive deleted instances cron job. 1) NovaCronArchiveDeleteAllCells To make sure deleted instances get archived also from the cell0 in a single cell deployment and also in additional cell databases in case of a multi cell deployment. 2) NovaCronArchiveDeleteRowsAge --before is required to prevent the orphaning of libvirt guests if/when nova-compute is down when a db archive cron job fires. This change also modifies 1) the default from 100 to 1000 for NovaCronArchiveDeleteRowsMaxRows to match the default from the nova- manage command instead the default of 100 from the puppet-nova parameter. 2) changes the default for NovaCronPurgeShadowTablesAllCells from false to true also the nova-manage db purge command needs to run for all cells instead of only the default cell. * Added a TripleO service OvsDpdkNetcontrold to enable netcontrold PMD rebalance tool for OvS-DPDK deployments. * HA services use a special container image name derived from the one configured in Heat parameter plus a fixed tag part, i.e. '<registry>/<namespace>/<servicename>:pcmklatest'. To implement rolling update without service disruption, this 'pcmklatest' tag is adjusted automatically during minor update every time a new image is pulled. A new Heat parameter ClusterCommonTag can now control the prefix part of the container image name. When set to true, the container name for HA services will look like 'container-common- tag/<servicename>:pcmklatest'. This allows rolling update of HA services even when the <namespace> changes in Heat. * Enable the new container image naming scheme for HA services. They are now configured in pacemaker to use container image name like 'container-common-tag/<servicename>:pcmklatest'. This allows rolling update of HA services even when the <namespace> changes in Heat. * Add the ability to deploy the glance-api service at DCN/Edge sites. Glance service at the Edge shares the same database as the Glance service in the central control plane, but allows other services such as Cinder and Nova to access a Glance endpoint that is local to the DCN/Edge site. * Enabling additional healtchecks for Swift to monitor account, container and object replicators as well as the rsync process. * The ansible tripleo-hosts-entries is now used for adding individual entries to /etc/hosts for each overcloud node. This role is used instead of the output data from the Heat stack. Deprecation Notes ***************** * NovaEnableNUMALiveMigration was removed and has no effect, becuase the corresponding parameter in nova was deprecated in Train release. * The deployed-server bootstrap environments, templates, and scripts that were previously deprecated are now removed. These removals include deployed-server/deployed-server-bootstrap-centos.sh deployed-server/deployed-server-bootstrap-centos.yaml deployed- server/deployed-server-bootstrap-rhel.sh deployed-server/deployed- server-bootstrap-rhel.yaml environments/deployed-server-bootstrap- environment-centos.yaml environments/deployed-server-bootstrap- environment-rhel.yaml * The environment file at environments/service/neutron-server.yaml has been removed in ussuri as it was previously deprecated in train. * Environment file host-config-and-reboot.yaml has been removed and the required functionality is part of BootParams service. * ExternalPublicUrl, ExternalAdminUrl and ExternalInternalUrl are deprecated. ExternalSwiftPublicUrl, ExternalSwiftAdminUrl and ExternalSwiftInternalUrl should now be used. Bug Fixes ********* * After we switch default neutron driver to ovn also NeutronPluginExtensions should contain dns because "qos,port_security,dns" is default value for ovn * All roles now default to using the net-config-static-bridge.yaml nic config when using deployed-server. Since OVN is the default in TripleO, Compute roles need to have br-ex. Previously when using deployed-server, the default nic config for the non-Controller roles was net-config-static.yaml, which did not create br-ex. * Fixes an issue where filtering of networks for kerberos service principals was too aggressive, causing deployment failure. See bug 1854846 (https://bugs.launchpad.net/tripleo/+bug/1854846). * The WSGI timeout for Heat API is now set to 600 seconds to match the HAProxy timeout and the RPC response timeout. Previously, it was set to 60 seconds, which resulted in API requests timing out. * HA container naming scheme has been updated to look like 'container.common.tag/<servicename>:pcmklatest', in order for podman to not prepend any host suffix in front of this tag, otherwise this confuses the podman resource agent in pacemaker. * Fixes an issue where TripleO fails to set the Barbican key ID for Swift with a permission error if the config files are not relabeled. Other Notes *********** * Not a functionnal change, only cosmetics. For better understanding and readability, changing all the svirt_sandbox_file_t to shorter, nicer container_file_t Changes in tripleo-heat-templates 12.0.0..12.1.0 ------------------------------------------------ ed720b0c8 Add support to run Container Puppet tasks without Paunch 087589555 Replace svirt_sandbox_file_t by container_file_t ee5d5e55e Create /var/lib/config-data if it doesn't exist. 98118b629 Replace '' by [] when a bind mount isn't needed 60f043378 container-puppet.sh: add -r to rm command 1602d68da Dynamically include container-puppet tasks 150935ae1 Remove static reference to InternalApi network c8bc412e4 Dynamically include generate-config tasks c8dcce708 Use action plugin for all_nodes data 80f44a438 Rename roles that we're missed caef56e26 Remove py27 jobs da19fdbcc Add py27 testenv for tox.ini 168958bc5 remove duplicated HAproxy line from scen000 39a7b6754 Introduce CephExternalMultiConfig 45337bdb0 Add missing firewall rule for iscsid in HA deployments 134795a13 Remove unnecessary block/whitespace from step1 tasks bca35e611 Swap tasks to avoid non-existing variable error. b2162a2e4 Enable configuration of notifier publishers 42168c4ac Don't use pacemaker in ironic sa job 573051a72 Fix Placement password hiera is not set for Neutron c6dd5553d Revert "mark scen10 and scen000 update/upgrade non-voting" 9a830255b Remove all the "container_cli rmi -f" from HA containers 1f98e96d3 Revert "Use YAML anchors/aliases to reduce playbook task repetition" c350126be mark scen10 and scen000 update/upgrade non-voting 436ea9666 Fix undefined variable in cinder_backup service. bc0148642 Ignore SR-IOV VFs on dhcp_all_interfaces list 5d8425dda Rename common deploy step 1 tasks 242678060 Remove /run bind-mount from mistral containers bc4df9c5a Use YAML anchors/aliases to reduce playbook task repetition 020ad398d Add ceph_ansible_repo variable on ceph-base 547a510f6 Fix keepalived logging on disk 7bbee2d86 Increase concurrency when starting containers 5dd32cde0 Add CellController to multiple-nics ci template 2092b1303 Update ffwd-upgrade branch names edd10576c Remove stray conditional from aodh-evaluator tasks b8c6154e7 Create qemu user/group on controller 8cc62c5f1 Remove deprecated authtoken::auth_uri 6330d95cb Remove unused admin_password d2db2292e Fix hieradata for Heat API timeout 119769384 Check to make sure compute service is deployed before scale down 719d8329d Drop z flag on /var/run, it prevents redeployment 3230f005c HA: reorder init_bundle and restart_bundle for improved updates 36ea0148e Update ro excludes ba8b99df6 Update inflight validation role name after a rename in ooo-validations 714e1b5d3 Add DeployIdentifier to extra config containers eac636c9e Add network vip mapping into service data 14db20bae Force facts cache refreshing before upgrade. fa52709a8 Fix incorrect parameter to set max delay in cinder db purge cron bc27951ff Drop NovaEnableNumaLiveMigration 2c4802acd split() function expects string not array acf208609 Raise Heat API WSGI timeout to 600s ba487827e roles: Update description of ComputeRealTime role 08ca0a97d Change optparse to argparse a5ffef4a4 Fix generation of TRIPLEO_CONFIG_HASH for services 2b3a5aa1f Default all roles for deployed-server to net-config-static-bridge 9a2a36437 Update all roles to use the new role name 55d400230 Switch from 'podman rm' to tripleo-container-rm role 26305fae9 Set region in authtoken middleware settings 9cd4e6c4f Assign service role for ironic user 643c4028b clustercheck: use fqdn instead of ip for bind address 4e739f7e7 Correct current cinder-backup image var for upgrades 522f3d74a Improve documentation for 'NovaComputeCpuSharedSet' parameter d91a99af3 roles: Remove use of NovaVcpuPinSet from ComputeRealTime a30342f25 Fix deployment on pacemaker remote nodes 1046bf635 container-puppet: remove deprecated directory & json files c0b1055b1 Use ansible to install client packages ee778fc24 Don't disable compute cell in scale down tasks for additional cells 706d9b398 Open ports for Metrics QDRs 1044d0bf3 Add 'scale-up' upgrade steps for cinder-volume a4de1eac9 mysql: refactor upgrade tasks to work without paunch 18e51ca53 Add novajoin to EndpointMap c290ce3f1 Add 'scale-up' upgrade steps for cinder-backup 5bfbcd32e depends_on: add .service to avoid errors in logs 32889f59f Remove references to non-existent services f0aaaed68 Add swiftoperator role on ceph-rgw template a25cb11b3 Add 'scale-up' upgrade steps for manila 2da9cc14b horizon: put plugins toggles in quotes 948fc6bcb nova: Always provide LIBGUESTFS_BACKEND=libvirt:qemu:///system f9dc0dbee nova-compute: add tripleo-container-shutdown service dep c8d53f86c Add missing any_errors_fatal 8d6edac63 Modify import_role to include_role for boot params service 362e92fb8 deployment: document keystone_resources 49c8f9d48 Add 'never' to the tags set for the Ceph systemd units migration task 4c167191d keystone: fix trailing space 77b48f398 Fix permission error if Barbican is enabled for Swift 9f5ba23c8 Adding hourly option to LogrotateRotationInterval parameter f907d061b Bypass openvswitch update logic if expected packages are not present b61f71a74 HA: Fix the cluster common tag behaviour with podman a3dd78130 Revert "Limit concurrency in container-puppet to image pull" 7f40baabc Manage all Keystone resources with Ansible e6d63a90b Remove environments/services/neutron-server.yaml 9d8dcf87b Hyper-converged SR-IOV role for compute nodes. 182f77d91 Introduce CephExtraKeys 4cc2b1196 Run update without yum update to apply hotfixes. 9305d1efe Remove PreNetworkConfig resource 318ec87c3 Fix sshd firewall rule b8923f6af fix a typo daef223cc Fix pacemaker firewall rules 238800d13 Fix ceph-grafana firewall rules 849e07f24 Fix nuage firewall rules c1f7facac Add an experimental test container volume create service f1e1f4ba0 Do not configure Hiera and Hieradata in Ansible check mode d088cf66b Correct invalid jinja set acd176e81 Limit concurrency in container-puppet to image pull 25a2045e6 Deploy /etc/openstack/clouds.yaml with Ansible 122929c21 Create a dedicated log file for healthchecks for collectd 5fdb1a4c5 Update nonha arch env file 30ca49bf6 Add ability to deploy glance at DCN/Edge sites f1b1273f2 Revert "Optional enable undercloud nova-metadata-api" 7c2fa7b8e mysql: move firewall_rules to mysql-container-puppet 609999933 Provide option to set reserved_huge_pages 0bbd78b5b Fix typos in hiera values 32d3676e5 keystone/bootstrap: fix identity service name 744da29ba HA: increase resource default op timeout for podman bundles 67a8357b6 Revert "Ensure /var/log/journal exists as soon as possible" f7a356006 Create /var/log/journal directory during step-0 e47e7db8a Fix Octavia to use correct Puppet class 3056f25bd Make pcsd listen on PacemakerNetwork/PacemakerRemoteNetwork d23dee75b Use paunch to handle container removal. d31b694a2 Remove upload_validations workflow execution 106ce3267 Use async tasks for long running common tasks 2a6336a74 Execute deploy_steps_tasks per step af88862d9 Move some common tasks to step 1 a85d3d706 Delegate and run once debug start-at-task messages 9c5c36632 Mount /boot from the host within the nova-compute container 9cbfdfa14 Ensure /var/log/journal exists as soon as possible 6f8b2db26 Use include_tasks instead of import_tasks fe6b235e5 scale: fixes for compute scale down d8dd715d3 Add CephGrafana resource to the ControllerStorageNFS role c59583577 Set octavia services' stop grace period to 300sec 9f4832fcc Increase rabbitmq tcp backlog 2f8964133 Try deleting container for failures too 71b5d4086 Enable horizon healthcheck 5f1db96f9 Enable healthcheck script in clustercheck service 3ae7fb610 Enable additional Swift healtchecks 61033c5d8 Add keystone_puppet_config eeec9a52e Configure additional info during bootstrap 6f90cd852 Update environment var for keystone bootstrap 04a5937e1 Properly set loopback_users via rabbitmq::loopback_users 76f683f79 Change default value for NeutronPluginExtensions d4c1c8456 HA: enable cluster-common-tag naming scheme by default bcebf3996 Ensure Ceph dependencies are installed in pre-provisioned nodes 3e36f99f9 Remove previously deprecated deployed-server bootstrap files 1a5e1d920 Use "name" argument for include_role 00cd4b0ae Optional enable undercloud nova-metadata-api f6fe74205 Remove ceph backend by default for gnocchi 0419a5b8e Install tmpwatch on the overcloud f4a4b236c New Parameter NovaCronArchiveDeleteAllCells and NovaCronArchiveDeleteRowsAge 7d1cd360d container-puppet: SystemExit with RC 1 to actually error out 415d4de08 swift-external: deprecate External*Url 8db74afe8 Make tripleo-ci-centos-7-containers-undercloud-minion depends on pep 82408e4b8 Ensure rabbitmq deployment container is restarted at every update 0b8378aa9 Add ClientRetryLimit parameter for heat 7f8a565ea Add Octavia anti-affinity parameters a166ec6bc HA: minor update of arbitrary container image name fa9932911 deploy-steps-tasks/containers: set concurrency to 2 d0563f185 overcloud/service_names: merge service_names & enabled_services af79ae34a Relax filtering in krb-service-principals jinja 88d6c029d Fix the Octavia amphora provider driver description 0808454b1 Revert "Disable ceph dashboard to fix upstream ci" b5eff6783 Re-enable "service_names" hieradata 016f7c600 Remove unnecessary slash volume maps a309f03c1 Move the legacy telemetry environment template to correct location 5ea84f71e Enable external public endpoint for MetricsQdr e686a50cd Fix containers-common.yaml path for RsyslogSidecar service cdda44028 Fix rsyslog issues 2a3a69554 Use a smaller,static custom mapping file for Mistral and TripleO 858cc6c54 Fix sed in run-os-net-config to only replace values, not keys ade6c3b37 Use yaml.SafeLoader instead of yaml.FullLoader 531327eec Remove unused post update and upgrade tasks 36a84820e ovn_dbs upgrade-with-os work 3b146b1e4 Ensure we set proper SELinux label on container-puppet.sh f22dce447 Make sure glance_api_tls_proxy logs are persisted on the host b7e28c9a8 Move 'Ensure network service is enabled' after os-net-config has run 0362abcbd Don't set all_nodes data as group_vars in check mode 393e96b5b Use '0' instead of root in container-puppet.py fb8009458 Provide utility to generate NodeDataLookup from Ironic b82725f5e Force redis::ulimit to be an integer 89ecaeb11 Disable pxe_tftp systemd services during upgrade 4d3b5be7e Add netcontrold service for DPDK roles 1ce103186 Revert "Drop the SELinux flags for openvswitch /var/run directory" 42eb7c98b Remove libvirt packaged dependencies 7a6ad9ae9 Add keystone::bootstrap hiera data 189341fde Create the default storage pool before calling create-node.sh 730ae4a78 Add healthcheck for nova-virtlogd container 597cdb679 Use ansible for hosts entries Diffstat (except docs and test files) ------------------------------------- ci/common/ironic_standalone_post.yaml | 6 - ci/common/vbmc_setup.yaml | 16 + ci/environments/multinode-3nodes-registry.yaml | 1 + .../network/multiple-nics/network-environment.yaml | 1 + .../multiple-nics/network-isolation-absolute.yaml | 5 + .../scenario000-multinode-containers.yaml | 2 +- ci/environments/scenario000-standalone.yaml | 1 + .../scenario001-multinode-containers.yaml | 9 + ci/environments/scenario001-standalone.yaml | 41 +- ci/environments/scenario002-standalone.yaml | 19 +- .../scenario004-multinode-containers.yaml | 1 + ci/environments/scenario004-standalone.yaml | 1 + .../scenario007-multinode-containers.yaml | 1 + ci/environments/scenario007-standalone.yaml | 1 + .../scenario010-multinode-containers.yaml | 1 + ci/environments/scenario010-standalone.yaml | 1 + ci/environments/scenario012-standalone.yaml | 13 +- common/container-puppet.py | 73 ++- common/container-puppet.sh | 11 +- common/container_startup_configs_tasks.yaml | 4 +- common/deploy-steps-tasks-step-0.j2.yaml | 21 +- common/deploy-steps-tasks-step-1.yaml | 607 +++++++++++---------- common/deploy-steps-tasks.yaml | 210 ++----- common/deploy-steps.j2 | 240 +++++--- common/generate-config-tasks.yaml | 104 ++++ common/host-container-puppet-tasks.yaml | 81 +++ common/services/role.role.j2.yaml | 13 +- .../nova_wait_for_api_service.py | 20 +- .../nova_wait_for_compute_service.py | 20 +- .../pacemaker_restart_bundle.sh | 87 ++- container_config_scripts/pacemaker_wait_bundle.sh | 320 +++++++++++ .../deployed-server-bootstrap-centos.sh | 38 -- .../deployed-server-bootstrap-centos.yaml | 27 - deployed-server/deployed-server-bootstrap-rhel.sh | 35 -- .../deployed-server-bootstrap-rhel.yaml | 27 - deployment/README.rst | 8 + deployment/aodh/aodh-api-container-puppet.yaml | 57 +- deployment/aodh/aodh-base.yaml | 9 +- .../aodh/aodh-evaluator-container-puppet.yaml | 11 +- .../aodh/aodh-listener-container-puppet.yaml | 10 +- .../aodh/aodh-notifier-container-puppet.yaml | 12 +- .../backup-and-restore/rear-baremetal-ansible.yaml | 2 +- .../barbican/barbican-api-container-puppet.yaml | 32 +- .../liquidio-compute-config-container-puppet.yaml | 2 +- .../ceilometer-agent-central-container-puppet.yaml | 21 +- .../ceilometer-agent-compute-container-puppet.yaml | 8 +- .../ceilometer-agent-ipmi-container-puppet.yaml | 8 +- ...ometer-agent-notification-container-puppet.yaml | 88 ++- .../ceilometer-base-container-puppet.yaml | 56 +- deployment/ceph-ansible/ceph-base.yaml | 209 ++++--- deployment/ceph-ansible/ceph-grafana.yaml | 6 +- deployment/ceph-ansible/ceph-rgw.yaml | 27 +- deployment/cinder/cinder-api-container-puppet.yaml | 111 ++-- .../cinder/cinder-backup-pacemaker-puppet.yaml | 146 +++-- deployment/cinder/cinder-base.yaml | 2 +- .../cinder/cinder-common-container-puppet.yaml | 8 +- .../cinder/cinder-scheduler-container-puppet.yaml | 10 +- .../cinder/cinder-volume-container-puppet.yaml | 4 +- .../cinder/cinder-volume-pacemaker-puppet.yaml | 143 +++-- .../openstack-clients-baremetal-ansible.yaml | 40 ++ ...ntainer-image-prepare-baremetal-ansible.j2.yaml | 2 +- deployment/containers-common.yaml | 21 +- deployment/database/mysql-base.yaml | 9 - deployment/database/mysql-container-puppet.yaml | 58 +- deployment/database/mysql-pacemaker-puppet.yaml | 115 ++-- deployment/database/redis-base-puppet.yaml | 2 +- deployment/database/redis-container-puppet.yaml | 12 +- deployment/database/redis-pacemaker-puppet.yaml | 109 ++-- .../openstack-clients-baremetal-puppet.yaml | 0 deployment/etcd/etcd-container-puppet.yaml | 4 +- .../designate/designate-api-container-puppet.yaml | 25 +- .../designate-central-container-puppet.yaml | 12 +- .../designate/designate-mdns-container-puppet.yaml | 6 +- .../designate-producer-container-puppet.yaml | 4 +- .../designate/designate-sink-container-puppet.yaml | 4 +- .../designate-worker-container-puppet.yaml | 8 +- deployment/glance/glance-api-container-puppet.yaml | 44 +- .../glance/glance-api-edge-container-puppet.yaml | 82 +++ .../glance/glance-api-logging-file-container.yaml | 4 +- .../gnocchi/gnocchi-api-container-puppet.yaml | 68 +-- .../gnocchi/gnocchi-metricd-container-puppet.yaml | 12 +- .../gnocchi/gnocchi-statsd-container-puppet.yaml | 14 +- deployment/haproxy/haproxy-container-puppet.yaml | 6 +- .../haproxy/haproxy-edge-container-puppet.yaml | 123 +++++ deployment/haproxy/haproxy-pacemaker-puppet.yaml | 101 ++-- deployment/heat/heat-api-cfn-container-puppet.yaml | 48 +- .../heat/heat-api-cloudwatch-disabled-puppet.yaml | 6 +- deployment/heat/heat-api-container-puppet.yaml | 62 ++- deployment/heat/heat-base-puppet.yaml | 6 - deployment/heat/heat-engine-container-puppet.yaml | 25 +- deployment/horizon/horizon-container-puppet.yaml | 77 ++- .../image-serve/image-serve-baremetal-ansible.yaml | 2 +- deployment/ironic/ironic-api-container-puppet.yaml | 61 ++- .../ironic/ironic-conductor-container-puppet.yaml | 12 +- .../ironic/ironic-inspector-container-puppet.yaml | 34 +- .../ironic-neutron-agent-container-puppet.yaml | 2 +- deployment/ironic/ironic-pxe-container-puppet.yaml | 23 +- deployment/iscsid/iscsid-container-puppet.yaml | 4 +- .../keepalived/keepalived-container-puppet.yaml | 8 +- deployment/kernel/kernel-baremetal-ansible.yaml | 2 +- .../kernel-boot-params-baremetal-ansible.yaml | 6 +- deployment/keystone/keystone-container-puppet.yaml | 166 ++++-- deployment/logging/files/barbican-api.yaml | 4 +- deployment/logging/files/heat-api-cfn.yaml | 4 +- deployment/logging/files/heat-api.yaml | 4 +- deployment/logging/files/heat-engine.yaml | 2 +- deployment/logging/files/keystone.yaml | 4 +- deployment/logging/files/neutron-api.yaml | 4 +- deployment/logging/files/neutron-common.yaml | 2 +- deployment/logging/files/nova-api.yaml | 4 +- deployment/logging/files/nova-common.yaml | 2 +- deployment/logging/files/nova-libvirt.yaml | 2 +- deployment/logging/files/nova-metadata.yaml | 4 +- deployment/logging/files/placement-api.yaml | 4 +- deployment/logging/rsyslog-container-puppet.yaml | 11 +- .../logging/rsyslog-sidecar-container-puppet.yaml | 2 +- deployment/logging/stdout/haproxy.yaml | 2 +- deployment/login-defs/login-defs-baremetal.yaml | 2 +- .../logrotate-crond-container-puppet.yaml | 6 +- deployment/logrotate/tmpwatch-install.yaml | 4 +- deployment/manila/manila-api-container-puppet.yaml | 64 ++- .../manila/manila-scheduler-container-puppet.yaml | 10 +- deployment/manila/manila-share-common.yaml | 2 +- .../manila/manila-share-container-puppet.yaml | 10 +- .../manila/manila-share-pacemaker-puppet.yaml | 148 +++-- .../memcached/memcached-container-puppet.yaml | 6 +- .../messaging/rpc-qdrouterd-container-puppet.yaml | 6 +- deployment/metrics/collectd-container-puppet.yaml | 48 +- deployment/metrics/qdr-container-puppet.yaml | 29 +- deployment/mistral/mapping.json | 373 +++++++++++++ .../mistral/mistral-api-container-puppet.yaml | 44 +- deployment/mistral/mistral-base.yaml | 17 +- .../mistral/mistral-engine-container-puppet.yaml | 5 +- .../mistral-event-engine-container-puppet.yaml | 5 +- .../mistral/mistral-executor-container-puppet.yaml | 15 +- deployment/multipathd/multipathd-container.yaml | 8 +- .../neutron-agents-ib-config-container-puppet.yaml | 7 + .../neutron/neutron-api-container-puppet.yaml | 56 +- .../neutron/neutron-controller-plugin-nuage.yaml | 16 +- .../neutron/neutron-dhcp-container-puppet.yaml | 14 +- .../neutron-l2gw-agent-baremetal-puppet.yaml | 2 +- .../neutron/neutron-l3-container-puppet.yaml | 14 +- .../neutron/neutron-metadata-container-puppet.yaml | 8 +- .../neutron-mlnx-agent-container-puppet.yaml | 13 +- .../neutron-ovs-agent-container-puppet.yaml | 26 +- deployment/neutron/neutron-plugin-ml2.yaml | 2 +- .../neutron-sriov-agent-container-puppet.yaml | 2 +- deployment/nova/nova-api-container-puppet.yaml | 67 ++- deployment/nova/nova-base-puppet.yaml | 20 +- deployment/nova/nova-compute-container-puppet.yaml | 192 +++++-- .../nova/nova-conductor-container-puppet.yaml | 35 +- deployment/nova/nova-ironic-container-puppet.yaml | 12 +- deployment/nova/nova-libvirt-container-puppet.yaml | 25 +- .../nova/nova-libvirt-guests-container-puppet.yaml | 11 +- .../nova/nova-metadata-container-puppet.yaml | 33 +- .../nova-migration-target-container-puppet.yaml | 2 +- .../nova/nova-scheduler-container-puppet.yaml | 8 +- .../nova/nova-vnc-proxy-container-puppet.yaml | 27 +- deployment/nova/novajoin-container-puppet.yaml | 29 +- .../octavia/octavia-api-container-puppet.yaml | 58 +- deployment/octavia/octavia-base.yaml | 5 + .../octavia-health-manager-container-puppet.yaml | 17 +- .../octavia-housekeeping-container-puppet.yaml | 17 +- .../octavia/octavia-worker-container-puppet.yaml | 17 +- .../openvswitch-dpdk-baremetal-ansible.yaml | 2 +- ...vswitch-dpdk-netcontrold-container-ansible.yaml | 81 +++ .../ovn/ovn-controller-container-puppet.yaml | 14 +- deployment/ovn/ovn-dbs-container-puppet.yaml | 4 +- deployment/ovn/ovn-dbs-pacemaker-puppet.yaml | 137 +++-- deployment/ovn/ovn-metadata-container-puppet.yaml | 22 +- .../pacemaker/clustercheck-container-puppet.yaml | 16 +- .../pacemaker/pacemaker-baremetal-puppet.yaml | 74 ++- .../pacemaker-remote-baremetal-puppet.yaml | 6 + .../placement/placement-api-container-puppet.yaml | 46 +- deployment/podman/podman-baremetal-ansible.yaml | 16 +- deployment/qdr/qdrouterd-container-puppet.yaml | 6 +- deployment/rabbitmq/rabbitmq-container-puppet.yaml | 18 +- ...rabbitmq-messaging-notify-container-puppet.yaml | 15 +- ...rabbitmq-messaging-notify-pacemaker-puppet.yaml | 110 ++-- .../rabbitmq-messaging-pacemaker-puppet.yaml | 108 ++-- .../rabbitmq-messaging-rpc-container-puppet.yaml | 15 +- .../rabbitmq-messaging-rpc-pacemaker-puppet.yaml | 110 ++-- deployment/sahara/sahara-api-container-puppet.yaml | 36 +- deployment/sahara/sahara-base.yaml | 8 +- .../sahara/sahara-engine-container-puppet.yaml | 10 +- .../securetty/securetty-baremetal-ansible.yaml | 2 +- deployment/sshd/sshd-baremetal-puppet.yaml | 21 +- .../external-swift-proxy-baremetal-puppet.yaml | 72 ++- deployment/swift/swift-proxy-container-puppet.yaml | 50 +- .../swift/swift-storage-container-puppet.yaml | 50 +- deployment/time/ptp-baremetal-ansible.yaml | 4 +- deployment/time/timezone-baremetal-ansible.yaml | 2 +- .../tripleo-packages-baremetal-puppet.yaml | 47 +- .../undercloud/tempest-container-puppet.yaml | 6 +- deployment/undercloud/undercloud-upgrade.yaml | 20 +- .../tripleo-validations-baremetal-ansible.yaml | 2 +- ...tas-hyperscale-controller-baremetal-puppet.yaml | 28 +- deployment/zaqar/zaqar-container-puppet.yaml | 69 ++- environments/compute-real-time-example.yaml | 20 +- environments/dcn-hci.yaml | 10 + environments/dcn.yaml | 10 + ...ployed-server-bootstrap-environment-centos.yaml | 11 - ...deployed-server-bootstrap-environment-rhel.yaml | 11 - environments/deployed-server-environment.j2.yaml | 4 +- environments/docker-ha.yaml | 1 + .../enable-legacy-telemetry.yaml | 5 +- environments/host-config-and-reboot.j2.yaml | 23 - environments/metrics/collectd-write-qdr.yaml | 6 +- environments/metrics/qdr-edge-only.yaml | 8 +- environments/metrics/qdr-form-controller-mesh.yaml | 6 +- environments/nonha-arch.yaml | 2 +- .../services-baremetal/neutron-ml2-cisco-vts.yaml | 1 + environments/services-baremetal/neutron-sriov.yaml | 1 + environments/services/netcontrold.yaml | 2 + environments/services/neutron-ml2-cisco-vts.yaml | 1 + environments/services/neutron-mlnx-agent.yaml | 1 + environments/services/neutron-ovs-dpdk.yaml | 1 + environments/services/neutron-ovs-dvr.yaml | 1 + environments/services/neutron-ovs.yaml | 1 + environments/services/neutron-server.yaml | 5 - environments/services/neutron-sriov.yaml | 1 + environments/ssl/no-tls-endpoints-public-ip.yaml | 5 +- environments/ssl/tls-endpoints-public-dns.yaml | 5 +- environments/ssl/tls-endpoints-public-ip.yaml | 5 +- environments/ssl/tls-everywhere-endpoints-dns.yaml | 5 +- environments/standalone.yaml | 3 +- environments/standalone/standalone-overcloud.yaml | 2 +- environments/standalone/standalone-tripleo.yaml | 3 +- environments/stdout-logging.yaml | 2 +- environments/storage-environment.yaml | 2 +- environments/storage/glance-nfs.yaml | 4 +- environments/swift-external.yaml | 6 +- environments/undercloud.yaml | 2 +- .../krb-service-principals/role.role.j2.yaml | 2 +- extraconfig/post_deploy/clouds_yaml.py | 54 -- extraconfig/post_deploy/standalone_post.yaml | 73 --- extraconfig/post_deploy/undercloud_post.py | 9 +- extraconfig/post_deploy/undercloud_post.yaml | 43 +- .../config/multiple-nics-vlans/role.role.j2.yaml | 4 +- network/endpoints/build_endpoint_map.py | 45 +- network/endpoints/endpoint_data.yaml | 21 + network/endpoints/endpoint_map.yaml | 527 ++++++++++++++++++ network/scripts/run-os-net-config.sh | 5 +- network/service_net_map.j2.yaml | 18 +- overcloud-resource-registry-puppet.j2.yaml | 6 +- overcloud.j2.yaml | 17 +- puppet/role.role.j2.yaml | 10 +- .../NovaReservedHugePages-35a13e828bfc92e9.yaml | 10 + ...t-retry-limit-heat-config-14239eada092811e.yaml | 4 + ...-anti-affinity-parameters-fe9222f17b16ee1f.yaml | 4 + ...eph_external_multi_config-80d707e5bf75e886.yaml | 5 + ...t_NeutronPluginExtensions-b31ed1c44fec4568.yaml | 5 + ...-net-config-static-bridge-c15bf767d3a28759.yaml | 7 + ...nable-numa-live-migration-5e0601c7d26a8f3c.yaml | 5 + ...ot-filter-on-vip-in-jinja-c8f996ffed94d3cd.yaml | 7 + ...heat-api-wsgi-timeout-600-640058f1ae18232c.yaml | 5 + ...archive_delete_parameters-19288fa689965c58.yaml | 22 + .../ovsdpdk_netcontrold-0a1d4f3e26cea0c6.yaml | 5 + ...emaker-cluster-common-tag-45c4e8a6e7b08735.yaml | 12 + ...cluster-common-tag-podman-f9a71344af5c73d6.yaml | 7 + ...enable-cluster-common-tag-fe03c47bbcbba13c.yaml | 6 + ...-enable-management-plugin-94b27747e4f5e685.yaml | 2 +- ...deployed-server-bootstrap-07590a3cf4688cc9.yaml | 11 + ...ve-neutron-server-mapping-211ca9751dec268d.yaml | 5 + .../notes/remove_pre_network-fb38d9c2095e0597.yaml | 5 + ...pport-glance-at-dcn-sites-6163b8f5333e31a7.yaml | 8 + ...ile_t-to-container_file_t-f4914561f6e9e4c7.yaml | 5 + ...t-additional-healthchecks-c286f7b7116e6543.yaml | 5 + ...swift-barbican-key-id-fix-108f8b58a5092d0a.yaml | 5 + .../notes/swift_external-d9870450f191b89a.yaml | 6 + ...ansible-for-hosts-entries-b4905552515e17ff.yaml | 6 + roles/ComputeHCIOvsDpdk.yaml | 1 + roles/ComputeHCISriov.yaml | 65 +++ roles/ComputeOvsDpdk.yaml | 1 + roles/ComputeOvsDpdkRT.yaml | 1 + roles/ComputeOvsDpdkSriov.yaml | 1 + roles/ComputeOvsDpdkSriovRT.yaml | 1 + roles/ComputeRealTime.yaml | 18 +- roles/ControllerStorageDashboard.yaml | 6 +- roles/ControllerStorageNfs.yaml | 5 +- roles/DistributedCompute.yaml | 6 + roles/DistributedComputeHCI.yaml | 6 + sample-env-generator/dcn.yaml | 6 + sample-env-generator/ssl.yaml | 17 +- sample-env-generator/standalone.yaml | 5 +- tools/make_ceph_disk_list.py | 141 +++++ tools/yaml-nic-config-2-script.py | 2 +- tools/yaml-validate.py | 56 +- tox.ini | 7 + zuul.d/layout.yaml | 5 +- 292 files changed, 5985 insertions(+), 2908 deletions(-)