[release-announce] puppet-tripleo 11.5.0 (train)

We are pumped to announce the release of: puppet-tripleo 11.5.0: Puppet module for OpenStack TripleO This release is part of the train stable release series. The source is available from: https://opendev.org/openstack/puppet-tripleo Download the package from: https://tarballs.openstack.org/puppet-tripleo/ Please report issues through: https://bugs.launchpad.net/puppet-tripleo/+bugs For more details, please see below. 11.5.0 ^^^^^^ New Features ************ * Added tripleo::profile::base::octavia::provider::ovn for configuring OVN driver properties, including protocol. * Adds ceph_dashboard endpoint and ceph_dashboard_port to properly expose the ceph-dashboard frontend service * Add support for configuring the glance-api service with multiple store backends. The primary backend becomes the service's default backend, and additional backends may be specified using an optional 'multistore_config' hash. * Add new PowerMax backend Cinder driver options. Supports both iSCSI and FC volume drivers and multiple backends as well. * Add Dell EMC SC backend Cinder driver options. Supports both iSCSI and FC volume drivers and multiple backends as well. * This change introduces two hiera keys that allow an operator to specify which NIC (or NICs) the VIPs will be bound to. One hiera key has global effect (tripleo::pacemaker::force_nic) and forces all VIPs to listen to that NIC. There is also the possibility to override that for specific VIPs with the force_vip_nic_overrides hiera hash. This change is only useful for deployments where BGP is used to advertise IP addresses from the host across multiple L3 networks. * Added support for VxFlexOS backend driver * Add Dell EMC XtremIO backend Cinder driver options. Supports both iSCSI and FC volume drivers and multiple backends as well Deprecation Notes ***************** * ovn_db_host and ovn_nb_port from tripleo::profile::base::octavia::api are now deprecated and will be removed in the future release. Please use ovn_db_host and ovn_nb_port from tripleo::profile::base::octavia::provider::ovn instead. Bug Fixes ********* * It is now possible to override the "enabled_share_protocols" configuration for the Shared File Systems service (manila) with the hiera parameter "manila_enabled_share_protocols". Changes in puppet-tripleo 11.4.0..11.5.0 ---------------------------------------- 5b0ca71c Adding key_size option on the certmonger_certificate function 6c3bd01a Wire up new tripleo upgrades jobs template 3be8a551 Remove haproxy ironic-inspector http-check workaround 69eed9e3 Revert "[Train and before] Apply default_listen_options to ironic-inspector" dd1d17da Allow to specify a nic for the VIPs + Fix nic selection when no nic is specified 2b246e34 Defauts mariadb's innodb_strict_mode to OFF e73ba50f Revert "Cleanup old workaround for ipv6 VIPs" 0d5da092 Filter haproxy_certificate_specs if hostname is empty d371cf5e Make sure qemu CA has correct permissions f34afbea Force MySQL / MariaDB log_warnings to 1 5de371ee Fixing incorrect parameter names in Dell EMC Storage Templates 3e9b801d galera: expose 2-node mode for the galera resource 6cbd8137 Generic cluster properties support b28243fa Include ovs_driver and sriov_driver classes in base neutron profile ecf7416a Cleanup old workaround for ipv6 VIPs a57c0e9c [c7-train] Switch c7 jobs to content provider 896009f6 Puppet config options for AMQP1 sensubility transport 4309addb Add changes for collectd libpod stats plugin e6632c94 [train] Switch to content provider jobs/templates 4d5a9c05 Allow overriding share protocols with manila c49d8de7 Make ceph_dashboard haproxy config parametric f716ef5a Replace union to create tcp-check list for redis 819c2592 Change branch name for selinux_core puppet module 72ad205f Fix tls - zaqar wss default port 2d862f1a [Train and before] Apply default_listen_options to ironic-inspector 48f35b52 HA: ensure scaling up galera does not cause promotion errors 8c8fa833 Fix typos, extreamio and xtreamio to xtremio f28b6907 Make sure python3-novaclient is installed before creating fence_compute 7d21ae36 Use pcs 0.9 style authkey/remotes when doing an upgrade d833f860 Add certmonger-etcd-refresh.sh script abbc4e4c Fix up cluster_setup_extras usage 5ec551b0 Switch includes to absolute 2a16409d Make promote timeout configurable ddf21633 Ensure post-save certmonger scripts target the right HA container 207e6d62 HA: fix rabbitmq readiness check for rabbitmq-server 3.8 c2899322 Enable to modify params of logrotate-crond.conf 8cc3c772 Add FFU support for ceph_nfs 77da001c Switch RGW HAProxy healthcheck to use special RGW healthcheck url 90a28fd1 Fix haproxy ceph dashboard condition f930e3a5 Fix RABBITMQ_SERVER_ADDITIONAL_ERL_ARGS usage with a proper override mechanism + Make the additional_erl_args change more independent b9a5dae6 Fix the default values for ca_file and cert_file 4f6da07e Powermax Config Fixes 56e56b15 Make haproxy.pp honor EnableInternalTLS for rgw b81fc164 Support for Dell EMC VXFlexOS Backend 0ddf5da2 Finish HAProxy config for metrics_qdr e791ca04 Allow override of mysql/galera open files limit ca6367f1 ovn-dbs-bundle: Prepare for supporting new OVN version with separarte run dirs 68291df8 Remove obsolete 'http' backend from glance configuration 9aedd84c Remove selinux relabel mount option for neutron 037996d1 Support for Dell EMC SC Volume Config 73ac7699 Prepare 11.5.0 release 91acf870 Support for Dell EMC XtremIO Volume Config 9bd83310 Allow the Mistral tunnel timeout to be configurable. 658956db Include vendordata in nova-api and nova-metadata-api 7e033245 [stable only] Fix duplicated test case for nova::api 8cf37936 Only run the VIP creation code when enable_load_balancer is set to true a1da18ae Fix etcd's support for internal TLS 4cefed3c Remove duplicate entry of collectd-python package a3ccad2d CephRgw healthcheck aligned with ceph-ansible 3b5b9440 Ensure that the HAProxy certificate is updated 478a5e10 Do not manage pv/vg for cinder iscsi backend 97f1d208 Hardcode openidc_cache_type parameter for keystone federation with OpenIdc 7e4aca45 Log stdout of HA containers 1d09aa68 Make the bundle user configurable via hiera 67e9708b Enable deployment with external loadbalancers b2348525 Add Octavia OVN Provider configuration (2 of 2) 5d41a097 Support for PowerMax Volume Config 6fe363c0 Support for mariadb's ed25519 authentication ebc19599 Add Octavia OVN Provider configuration (1 of 2) 21fc0306 Add heat::cache to heat profile e0e24c20 Use ctlplane for internal QDR communication cd4bd436 Make all mysql root users managed during stack creation/update c31de022 Use memcached for token caching in designate authtoken 7ce90cb7 Handle ipv6 addresses in etcd and cinder's backend_url 02b30834 Fix grafana haproxy frontend ip variable 91627ee5 pacemaker-remote is broken on CentOS/RHEL < 8 74dcdac6 Add Certmonger ceph_rgw class to config tls dd44d155 Make sure we create stonith resources before stonith levels 06a5359a Revert "Remove neutron wrappers" 012039bd Add ceph dashboard frontend endpoint and tls-e integration 4db9d153 Enforce firewall rules before pacemaker-auth c49ebf01 Add support for glance multistore 39b7cfd1 Enable sudo rule creation d8cf2fad keystone: add a new parameter 'keystone_resources_managed' 19f0181d Remove neutron wrappers 8c1e9628 Add keystone_resources_managed option to the cinder api class 7e0a976f Don't use defined 78a97af3 Make pipeline config more flexible 378580d3 Remove side-car containers in Create status 801f789f Fix typo in remote pcsd_bind_addr 09fa984a Change the name of the HAProxy service to reflict the new name 7aec7fc5 HA: Honour all hiera override variables in mysql_bundle becddfad Make rsyslog file_input bulletproof 3db5bae6 Add short node name override support to manila 545b4809 Remove unused manila_share_nodes_count variable 6247b7a4 Enable metrics qdr to use public VIP 64951b5c Allow mysql haproxy stanza do be customized d187413e Change parameter to 'coordination_uri' 2df86b98 Make sure neutron [placement] config section is set 36a748b4 Avoid failing on rsyslog ab44e2b9 Fix typo in sslProfile conditional 95111e6c Add support to configure pcsd bind address 14e31e64 Add octavia::nova to Octavia services Diffstat (except docs and test files) ------------------------------------- Gemfile | 1 + Puppetfile_extras | 4 +- files/certmonger-dashboard-refresh.sh | 10 + files/certmonger-etcd-refresh.sh | 25 ++ files/certmonger-haproxy-refresh.sh | 5 +- files/certmonger-rabbitmq-refresh.sh | 2 +- files/certmonger-rgw-refresh.sh | 9 + files/mysql_ed25519_password.py | 43 ++++ lib/puppet/functions/mysql_ed25519_password.rb | 21 ++ lib/puppet/functions/pacemaker_bundle_replicas.rb | 23 ++ manifests/certmonger/ceph_dashboard.pp | 87 +++++++ manifests/certmonger/ceph_grafana.pp | 6 + manifests/certmonger/ceph_rgw.pp | 123 ++++++++++ manifests/certmonger/etcd.pp | 31 ++- manifests/certmonger/haproxy.pp | 6 + manifests/certmonger/httpd.pp | 6 + manifests/certmonger/libvirt.pp | 6 + manifests/certmonger/libvirt_vnc.pp | 6 + manifests/certmonger/metrics_qdr.pp | 6 + manifests/certmonger/mysql.pp | 6 + manifests/certmonger/neutron.pp | 6 + manifests/certmonger/neutron_ovn.pp | 6 + manifests/certmonger/novnc_proxy.pp | 5 + manifests/certmonger/openvswitch.pp | 6 + manifests/certmonger/ovn_controller.pp | 6 + manifests/certmonger/ovn_dbs.pp | 6 + manifests/certmonger/ovn_metadata.pp | 6 + manifests/certmonger/ovn_octavia.pp | 76 ++++++ manifests/certmonger/qemu.pp | 26 +++ manifests/certmonger/rabbitmq.pp | 6 + manifests/certmonger/redis.pp | 6 + manifests/fencing.pp | 1 + manifests/haproxy.pp | 119 ++++++++-- manifests/network/contrail/neutron_plugin.pp | 8 +- manifests/pacemaker/haproxy_with_vip.pp | 18 +- manifests/profile/base/ceilometer.pp | 42 ---- .../profile/base/ceilometer/agent/notification.pp | 80 ++++++- manifests/profile/base/certmonger_user.pp | 39 +++- manifests/profile/base/cinder/api.pp | 9 +- manifests/profile/base/cinder/volume.pp | 69 +++++- .../profile/base/cinder/volume/dellemc_powermax.pp | 70 ++++++ manifests/profile/base/cinder/volume/dellemc_sc.pp | 87 +++++++ .../profile/base/cinder/volume/dellemc_vxflexos.pp | 55 +++++ .../profile/base/cinder/volume/dellemc_xtremio.pp | 71 ++++++ manifests/profile/base/cinder/volume/iscsi.pp | 5 - manifests/profile/base/database/mysql.pp | 120 ++++++---- .../base/database/mysql/include_and_check_auth.pp | 49 ++++ manifests/profile/base/designate/authtoken.pp | 44 ++++ manifests/profile/base/etcd.pp | 10 +- manifests/profile/base/glance/api.pp | 77 +++--- manifests/profile/base/glance/backend/cinder.pp | 113 +++++++++ manifests/profile/base/glance/backend/file.pp | 65 ++++++ manifests/profile/base/glance/backend/rbd.pp | 110 +++++++++ manifests/profile/base/glance/backend/swift.pp | 148 ++++++++++++ manifests/profile/base/heat.pp | 1 + manifests/profile/base/keystone.pp | 15 +- manifests/profile/base/logging/logrotate.pp | 10 + manifests/profile/base/logging/rsyslog.pp | 6 +- .../profile/base/logging/rsyslog/file_input.pp | 31 +-- manifests/profile/base/manila/api.pp | 39 +++- manifests/profile/base/metrics/collectd.pp | 38 ++- .../profile/base/metrics/collectd/libpodstats.pp | 70 ++++++ .../profile/base/metrics/collectd/sensubility.pp | 60 ++++- manifests/profile/base/metrics/qdr.pp | 28 +-- manifests/profile/base/neutron/plugins/ml2.pp | 8 + .../base/neutron/plugins/ml2/networking_ansible.pp | 2 +- manifests/profile/base/neutron/server.pp | 1 + manifests/profile/base/nova/api.pp | 1 + manifests/profile/base/nova/metadata.pp | 1 + manifests/profile/base/octavia/api.pp | 18 +- manifests/profile/base/octavia/health_manager.pp | 1 + manifests/profile/base/octavia/housekeeping.pp | 1 + manifests/profile/base/octavia/provider/ovn.pp | 86 +++++++ manifests/profile/base/octavia/worker.pp | 1 + manifests/profile/base/pacemaker.pp | 61 ++++- manifests/profile/base/pacemaker_remote.pp | 19 +- manifests/profile/base/rabbitmq.pp | 27 ++- manifests/profile/pacemaker/ceph_nfs.pp | 7 +- .../profile/pacemaker/cinder/backup_bundle.pp | 20 +- .../profile/pacemaker/cinder/volume_bundle.pp | 20 +- manifests/profile/pacemaker/database/mysql.pp | 16 +- .../profile/pacemaker/database/mysql_bundle.pp | 92 +++++++- .../profile/pacemaker/database/redis_bundle.pp | 20 +- manifests/profile/pacemaker/haproxy_bundle.pp | 54 ++++- manifests/profile/pacemaker/manila/share_bundle.pp | 32 ++- manifests/profile/pacemaker/ovn_dbs_bundle.pp | 260 +++++++++++++-------- manifests/profile/pacemaker/rabbitmq.pp | 2 +- manifests/profile/pacemaker/rabbitmq_bundle.pp | 20 +- metadata.json | 2 +- .../add-octavia-provider-ovn-6734aa08af4772e4.yaml | 5 + ...-enabled-protocols-manila-86b6662a8b617866.yaml | 6 + .../ceph_dashboard_endpoint-10035021352fc190.yaml | 6 + ...cate-ovn-from-octavia-api-15e33154a31f20ec.yaml | 7 + .../notes/glance-multistore-766022d470827d1d.yaml | 8 + .../notes/powermax-driver-d428e372280c44e6.yaml | 5 + releasenotes/notes/sc-driver-a428e372280c44e6.yaml | 5 + .../notes/vip-bind-nic-11e80207fcb78a20.yaml | 10 + .../notes/vxflexos-driver-aec8e372280c44e6.yaml | 3 + .../notes/xtremio-driver-f428e372280c44e6.yaml | 5 + spec/classes/tripleo_certmonger_etcd_spec.rb | 52 +++-- ...file_base_ceilometer_agent_notification_spec.rb | 68 ++++++ .../tripleo_profile_base_cinder_powermax_spec.rb | 72 ++++++ .../classes/tripleo_profile_base_cinder_sc_spec.rb | 72 ++++++ ...ripleo_profile_base_cinder_volume_iscsi_spec.rb | 7 - .../tripleo_profile_base_cinder_volume_spec.rb | 173 ++++++++++++-- .../tripleo_profile_base_cinder_vxflexos_spec.rb | 58 +++++ ...ipleo_profile_base_cinder_xtremio_iscsi_spec.rb | 2 +- .../tripleo_profile_base_cinder_xtremio_spec.rb | 72 ++++++ ...ripleo_profile_base_designate_authtoken_spec.rb | 70 ++++++ spec/classes/tripleo_profile_base_etcd_spec.rb | 131 +++++++++++ .../tripleo_profile_base_glance_api_spec.rb | 94 +++++++- ...pleo_profile_base_glance_backend_cinder_spec.rb | 105 +++++++++ ...ripleo_profile_base_glance_backend_file_spec.rb | 89 +++++++ ...tripleo_profile_base_glance_backend_rbd_spec.rb | 124 ++++++++++ ...ipleo_profile_base_glance_backend_swift_spec.rb | 99 ++++++++ .../tripleo_profile_base_manila_api_spec.rb | 23 ++ ...ofile_base_metrics_collectd_sensubility_spec.rb | 43 ++++ .../tripleo_profile_base_metrics_collectd_spec.rb | 53 ++++- .../tripleo_profile_base_metrics_qdr_spec.rb | 66 ++---- .../tripleo_profile_base_neutron_server_spec.rb | 6 + spec/classes/tripleo_profile_base_nova_api_spec.rb | 20 +- .../tripleo_profile_base_nova_metadata_spec.rb | 6 + .../tripleo_profile_base_octavia_api_spec.rb | 16 -- ...ipleo_profile_base_octavia_provider_ovn_spec.rb | 138 +++++++++++ ..._profile_pacemaker_cinder_backup_bundle_spec.rb | 3 +- ..._profile_pacemaker_cinder_volume_bundle_spec.rb | 3 +- ...o_profile_pacemaker_manila_share_bundle_spec.rb | 9 +- ...profile_base_logging_rsyslog_file_input_spec.rb | 33 ++- spec/fixtures/hieradata/default.yaml | 11 +- spec/fixtures/hieradata/step5.yaml | 9 + templates/logrotate/containers_logrotate.conf.erb | 4 +- templates/metrics/collectd-sensubility.conf.epp | 27 ++- templates/metrics/libpodstats.conf.epp | 4 + templates/neutron/dibbler-client.epp | 5 +- templates/neutron/dnsmasq.epp | 2 +- templates/neutron/haproxy.epp | 5 +- templates/neutron/keepalived.epp | 5 +- templates/neutron/radvd.epp | 5 +- zuul.d/layout.yaml | 13 +- 139 files changed, 4392 insertions(+), 525 deletions(-)