We jubilantly announce the release of: tripleo-heat-templates 12.4.1: Heat templates for deploying OpenStack with OpenStack. This release is part of the ussuri stable release series. The source is available from: https://opendev.org/openstack/tripleo-heat-templates Download the package from: https://tarballs.openstack.org/tripleo-heat-templates/ Please report issues through: https://bugs.launchpad.net/tripleo/+bugs For more details, please see below. 12.4.1 ^^^^^^ New Features ************ * Adds a new ContainerNovaLibvirtPidsLimit parameter in order to set the PIDs limit for nova_libvirt container. Defaults to 65536, set to 0 for unlimited. * The following parameters were added to support configuration of gnocchi nfs backend. * GnocchiNfsEnabled * GnocchiNfsShare * GnocchiNfsOptions * Add the NovaImageCacheTTL to the nova compute service. This exposes the remove_unused_original_minimum_age_seconds from nova.conf which controls the time (in seconds) that nova compute should continue caching an image once it is no longer used by and instances on the host. Defaults to 86400 (24hrs) * When SwiftRawDisks is set, try to mount the disks using uuids instead of paths. This makes mounts more stable, eg. if a kernel gets updates and device orders are changed. * A new Heat parameter 'ZaqarWsTimeout' exposes the Puppet variable 'tripleo::haproxy::zaqar_ws_timeout_tunnel'. This allows operators to configure the Mistral API timeout. It currently defaults to four hours. Upgrade Notes ************* * The CIDR for the StorageNFS network in the sample network_data_ganesha.yaml file has been modified to provide more usable IPs for the corresponding Neutron overcloud StorageNFS provider network. Since the CIDR of an existing network cannot be modified, deployments with existing StorageNFS networks should be sure to customize the StorageNFS network definition to use the same CIDR as that in their existing deployment in order to avoid a heat resource failure when updating or upgrading the overcloud. Deprecation Notes ***************** * As the fast forward upgrade workflow to skip multiple releases now relies on the very same upgrade_tasks, there is no need to mantain the fast_forward_upgrade_tasks, as well as any of its references. Bug Fixes ********* * Ansible GroupVars incorrectly keept a single subnet prefix per- network. This caused a problem when multiple subnets using different subnet prefixes where defined. Resulting in the wrong subnet prefix being referenced in the NetworkConfig for roles. AnsibleHostVars stores networks subnet prefixes instead. See bug: 1895899 (https://bugs.launchpad.net/tripleo/+bug/1895899). * Fixed issue in the sample network_data_ganesha.yaml file where the IPv4 allocation range for the StorageNFS network occupies almost the whole of its CIDR. If network_data_ganesha.yaml is used without modification in a customer deployment then there are too few IPs left over in its CIDR for use by the corresponding overcloud Neutron StorageNFS provider network for its overcloud DHCP service. (See bug: #1889682 (https://bugs.launchpad.net/tripleo/+bug/1889682)) * Fix Swift ring synchronization to ensure every node on the overcloud has the same copy to start with. This is especially required when replacing nodes or using manually modifed rings. Changes in tripleo-heat-templates 12.4.0..12.4.1 ------------------------------------------------ b2b553f4f Implement a Minimal role 1f5218100 Default cinder_volume_node_names to [] cd0448f01 Force container fetch 164a28d5d Adapt container health check for built-in podman health checks 9b6b665bd Assume Grafana and Ceph Dashboard to be on the storage or ctlplane nets 95e8fbd49 Set NeutronEnableDVR to False for OVN-HA 94a301c01 Create container-puppet-tasks files per step in check mode 7bfe3701a Gather more extra stats with the collectd virt plugin af26d0ff3 Configure rsyncd without pid file for Swift 1e4ce7537 Allow optional volumes for nova_libvirt container fdb9a3954 enable-ssh-admin: allow to override plan name b09c769a7 Clear cached facts based on the tag as well 3752f15cd Get the CIDR of the neutron port for NetworkConfig 92b7d4950 Use UUID for mounted SwiftRawDisks 011a2d867 Add dashboard_tls_external ceph-ansible parameter 47d18baf3 Revert "Disable Designate service for scenario 03" 0f0e7fa11 Remove race during mysql database creation ca8d98cf3 Complete missing description 76b5ae081 Memcached collectd plugin uses host URI instead of IP address. 0ad235806 pcs commands on host: rabbitmq 0eb998930 pcs commands on host: redis bundle ec70716ad pcs commands on host: ovn dbs 4f56371f9 pcs commands on host: cinder backup/volume 06209fa28 pcs commands on host: manila-share be1fee4af pcs commands on host: mysql 3f8c22b56 pcs commands on host: haproxy bundle 3a803c618 Mount libpod container volume into collectd container aeeacb507 Bind mount /var/lib/container-config-scripts inside the restart bundles 1cde17b81 Make sure IPA has the right ACI c4ce02707 Add parameter and CI config to enable Ceph OTW encryption b42881eae Add the NovaImageCacheTTL to the nova compute service 8d3a89dbf Fix Swift ring file synchronization issue 451c83f1b Fix nCipher (aka thales) ansible role name 9471eb030 DCN: use FQDN in glance endpoint with internal TLS ee90c5d60 Remove Etcd from DCN roles that don't need it 2406ffc4c Use container_file_t for Cinder*NfsMountOptions by default 6efb29dcc Use appropriate allocation pools for StorageNFS 472deb921 Remove remaining Skydive references 4907bf8fb Default to storage_dashboard, when set, for the CephDashboard service daff4688f Set a higher PIDs limit for nova_libvirt container 991395882 Re-enable driver agent for scenario 10 eddbc4b2c Avoid failing on deleted file cc17467c5 minor update: only migrate HA VIP away when needed 3e7c6b9a3 Use tripleo_network_config 05470b62e Create container config scripts with a new module b54a4be78 Create Container configs with a new module 10be0c53b Modify how libvirt related containers use SELinux bc8e2f9b9 [FFWD Ceph] Fix ceph post_upgrade_tasks for osd options 91c17d54e Fix endpoint map tls - zaqar wss port 3ce68de0f Fix up ovn-dbs update tasks 7dcd5eb87 Add new Luna HSM parameter for Barbican 9ee9b945f Fix pcs restart in composable HA 701841df5 Do not hard-code vars_from 2c1db9ed0 Update, avoid task skipping by directly importing step file. aaad2cd70 undercloud_upgrade: tear-down keepalived 838741633 pcmk_remote FFU support for Instance HA 3e2a8d91c Add PermitRootLogin option in sshd_config before leapp. 26e532449 Run external_deploy_tasks per step for each role 00850a30a Reset sriov_numvfs to 0 before leapp upgrade b245565d7 Fix delegation with FreeIPA cleanup 3631ee2ff Add support for Gnocchi NFS Backend 70a099159 Fix permissions for paunch 28ed5c0b8 Align kernel args for system upgrade using leapp 7f8770b6e Stop using a conditional for role tasks 7f3eb2371 Fix HA resource restart when no replicas are running 978c4e05d Revamp how etcd's cert and key are handled in containers e4192e033 Add CephAnsibleRepo warning to make this validation more flexible 94f62d874 Prevent skip package fact to run on all steps. 5f336195f Update octavia playbooks parameters c59f31ea4 Remove redundant file management for /run/redis fdd0547c4 Expose the zaqar_ws_timeout_tunnel variable. c2b828fbb Add openvswitch special treatment to update too. 8c6ada0d1 Do not manage healthcheck for nova-compute anymore ebea6f33e Add dashboard_protocol variable when internal_tls is enabled aeaeff3a3 Remove /var/lib/config-data context task b66f39550 Generated passthrough_whitelist shall use all the user_configs fields 729bb5259 Remove ffwd-upgrade leftovers from THT. 09f524e70 Unset keystone::public_endpoint bad56a5fd Add missing config_files kolla directives be1184b06 Use a single task for fact gathering a1443bb82 Relax facts gathering plays on the overcloud 7e3315110 Prevent ovn dbs related facts to run on each step. 2971c4fbb Attempt to remove octavia tls proxy service only present 4ac41b46d Improve documentations for NovaLibvirtFileBackedMemory Diffstat (except docs and test files) ------------------------------------- ci/environments/scenario001-standalone.yaml | 1 + ci/environments/scenario003-standalone.yaml | 17 +- ci/environments/scenario010-standalone.yaml | 1 - common/deploy-steps-playbooks-common.yaml | 52 ++-- common/deploy-steps-tasks-step-1.yaml | 29 +-- common/deploy-steps-tasks.yaml | 1 + common/deploy-steps.j2 | 242 +++--------------- common/generate-config-tasks.yaml | 2 +- common/host-container-puppet-tasks.yaml | 3 +- common/services/role.role.j2.yaml | 20 -- .../monitoring/collectd_check_health.py | 92 +++++++ .../nova_statedir_ownership.py | 68 +++-- .../pacemaker_restart_bundle.sh | 13 +- deployed-server/scripts/enable-ssh-admin.sh | 3 +- deployment/README.rst | 30 --- deployment/aodh/aodh-api-container-puppet.yaml | 46 ---- .../aodh/aodh-evaluator-container-puppet.yaml | 18 -- .../aodh/aodh-listener-container-puppet.yaml | 18 -- .../aodh/aodh-notifier-container-puppet.yaml | 18 -- .../barbican/barbican-api-container-puppet.yaml | 31 ++- .../ceilometer-agent-central-container-puppet.yaml | 18 -- .../ceilometer-agent-compute-container-puppet.yaml | 18 -- .../ceilometer-agent-ipmi-container-puppet.yaml | 18 -- ...ometer-agent-notification-container-puppet.yaml | 18 -- deployment/ceph-ansible/ceph-base.yaml | 50 +++- deployment/ceph-ansible/ceph-mds.yaml | 3 +- deployment/ceph-ansible/ceph-mgr.yaml | 1 + deployment/ceph-ansible/ceph-mon.yaml | 3 +- deployment/ceph-ansible/ceph-osd.yaml | 52 +++- deployment/ceph-ansible/ceph-rgw.yaml | 3 +- deployment/cinder/cinder-api-container-puppet.yaml | 55 +--- .../cinder/cinder-backend-netapp-puppet.yaml | 2 +- .../cinder/cinder-backup-container-puppet.yaml | 11 +- .../cinder/cinder-backup-pacemaker-puppet.yaml | 107 +++----- .../cinder/cinder-common-container-puppet.yaml | 4 +- .../cinder/cinder-scheduler-container-puppet.yaml | 27 +- .../cinder/cinder-volume-container-puppet.yaml | 46 +--- .../cinder/cinder-volume-pacemaker-puppet.yaml | 103 ++------ deployment/containers-common.yaml | 3 +- deployment/database/mysql-container-puppet.yaml | 24 +- deployment/database/mysql-pacemaker-puppet.yaml | 70 ++--- deployment/database/redis-container-puppet.yaml | 3 - deployment/database/redis-pacemaker-puppet.yaml | 120 ++------- .../sahara/sahara-api-container-puppet.yaml | 30 --- .../sahara/sahara-engine-container-puppet.yaml | 18 -- deployment/etcd/etcd-container-puppet.yaml | 55 ++-- deployment/glance/glance-api-container-puppet.yaml | 28 -- .../glance/glance-api-edge-container-puppet.yaml | 22 +- .../gnocchi/gnocchi-api-container-puppet.yaml | 128 +++++----- .../gnocchi/gnocchi-metricd-container-puppet.yaml | 34 ++- .../gnocchi/gnocchi-statsd-container-puppet.yaml | 36 ++- deployment/haproxy/haproxy-container-puppet.yaml | 5 + .../haproxy/haproxy-edge-container-puppet.yaml | 22 +- deployment/haproxy/haproxy-pacemaker-puppet.yaml | 71 ++---- deployment/heat/heat-api-cfn-container-puppet.yaml | 18 -- .../heat/heat-api-cloudwatch-disabled-puppet.yaml | 24 -- deployment/heat/heat-api-container-puppet.yaml | 30 --- deployment/heat/heat-engine-container-puppet.yaml | 18 -- deployment/ipa/ipaservices-baremetal-ansible.yaml | 2 +- deployment/ironic/ironic-api-container-puppet.yaml | 36 --- .../ironic/ironic-conductor-container-puppet.yaml | 25 -- .../kernel-boot-params-baremetal-ansible.yaml | 20 ++ deployment/keystone/keystone-container-puppet.yaml | 44 ---- deployment/manila/manila-api-container-puppet.yaml | 32 --- .../manila/manila-scheduler-container-puppet.yaml | 20 -- .../manila/manila-share-container-puppet.yaml | 20 -- .../manila/manila-share-pacemaker-puppet.yaml | 101 ++------ .../memcached/memcached-container-puppet.yaml | 21 +- deployment/metrics/collectd-container-puppet.yaml | 58 ++--- .../neutron/derive_pci_passthrough_whitelist.py | 11 +- .../neutron/neutron-api-container-puppet.yaml | 37 --- .../neutron/neutron-dhcp-container-puppet.yaml | 18 -- .../neutron/neutron-l3-container-puppet.yaml | 18 -- .../neutron/neutron-metadata-container-puppet.yaml | 18 -- .../neutron-ovs-agent-container-puppet.yaml | 18 -- .../neutron-ovs-dpdk-agent-container-puppet.yaml | 2 - .../neutron-sriov-agent-container-puppet.yaml | 31 ++- deployment/nova/nova-api-container-puppet.yaml | 149 ----------- deployment/nova/nova-compute-container-puppet.yaml | 50 ++-- .../nova/nova-conductor-container-puppet.yaml | 18 -- deployment/nova/nova-ironic-container-puppet.yaml | 24 -- deployment/nova/nova-libvirt-container-puppet.yaml | 43 ++-- .../nova-migration-target-container-puppet.yaml | 2 +- .../nova/nova-scheduler-container-puppet.yaml | 18 -- .../nova/nova-vnc-proxy-container-puppet.yaml | 20 +- deployment/nova/novajoin-container-puppet.yaml | 10 + .../octavia/octavia-api-container-puppet.yaml | 36 +-- .../octavia/octavia-deployment-config.j2.yaml | 10 +- deployment/ovn/ovn-dbs-pacemaker-puppet.yaml | 65 +++-- .../pacemaker/pacemaker-baremetal-puppet.yaml | 4 +- .../pacemaker-remote-baremetal-puppet.yaml | 60 +++++ deployment/podman/podman-baremetal-ansible.yaml | 3 +- ...rabbitmq-messaging-notify-pacemaker-puppet.yaml | 79 ++---- .../rabbitmq-messaging-pacemaker-puppet.yaml | 79 ++---- .../rabbitmq-messaging-rpc-pacemaker-puppet.yaml | 79 ++---- deployment/swift/swift-proxy-container-puppet.yaml | 22 -- .../swift/swift-ringbuilder-container-puppet.yaml | 2 +- .../swift/swift-storage-container-puppet.yaml | 56 +--- .../tripleo-packages-baremetal-puppet.yaml | 282 +++------------------ deployment/undercloud/undercloud-upgrade.yaml | 163 ++---------- environments/barbican-backend-pkcs11-lunasa.yaml | 29 ++- environments/ceph-ansible/ceph-ansible.yaml | 7 + environments/cinder-netapp-config.yaml | 2 +- environments/lifecycle/ffwd-upgrade-prepare.yaml | 1 - environments/services/neutron-ovn-ha.yaml | 1 + environments/ssl/no-tls-endpoints-public-ip.yaml | 1 + environments/ssl/tls-endpoints-public-dns.yaml | 3 +- environments/ssl/tls-endpoints-public-ip.yaml | 3 +- environments/ssl/tls-everywhere-endpoints-dns.yaml | 3 +- environments/storage-environment.yaml | 2 +- environments/storage/cinder-netapp-config.yaml | 2 +- environments/storage/cinder-nfs.yaml | 2 +- network/service_net_map.j2.yaml | 2 +- network_data_ganesha.yaml | 50 +++- overcloud.j2.yaml | 25 -- puppet/role.role.j2.yaml | 14 + ...ainerNovaLibvirtPidsLimit-cdad2166b6c0195f.yaml | 6 + .../notes/bug-1895899-8d675670a0d05c15.yaml | 12 + ...e-for-StorageNFS-net.yaml-bd77be924e8b7056.yaml | 20 ++ .../gnocchi-nfs-backend-90febc9f87e7df08.yaml | 9 + .../nova_image_cache_ttl-824f241363b9dd4e.yaml | 8 + .../notes/remove_ffwd_tasks-d1ab630d96a66a59.yaml | 6 + .../swift-fix-ring-sync-7bf3ddbb1ea1e342.yaml | 6 + .../swift-mount-by-uuid-7744fe7696db4b85.yaml | 6 + .../zaqar_ws_timeout_tunnel-d5d1e900dce79b34.yaml | 7 + roles/ControllerSriov.yaml | 2 - roles/DistributedCompute.yaml | 1 - roles/DistributedComputeHCI.yaml | 2 +- roles/DistributedComputeHCIScaleOut.yaml | 3 +- roles/DistributedComputeScaleOut.yaml | 3 +- roles/Minimal.yaml | 30 +++ roles/NetworkerSriov.yaml | 1 - roles/README.rst | 1 + sample-env-generator/ssl.yaml | 6 +- sample-env-generator/storage.yaml | 1 + tools/yaml-validate.py | 24 -- 138 files changed, 1383 insertions(+), 2814 deletions(-)