[release-announce] tripleo-heat-templates 10.3.0 (stein)

We are satisfied to announce the release of: tripleo-heat-templates 10.3.0: Heat templates for deploying OpenStack with OpenStack. This release is part of the stein release series. The source is available from: https://git.openstack.org/cgit/openstack/tripleo-heat-templates Download the package from: https://tarballs.openstack.org/tripleo-heat-templates/ Please report issues through launchpad: https://bugs.launchpad.net/tripleo For more details, please see below. 10.3.0 ^^^^^^ New Features ************ * Added code in the barbican-api.yaml template to allow barbican to be configured to run with either an ATOS or Thales HSM back-end. Also added environment files with all the required variables. The added code installs and configures the client software on the barbican nodes, generates the required kets for the PKCS#11 plugin, and configures barbican correctly. For the Thales case, it also contacts the RFS server to add the new clients to the HSM. * Add new CinderNfsSnapshotSupport parameter, which controls whether cinder's NFS driver supports snapshots. The default value is True. * Composable Networks now support creating L3 routed networks. L3 networks use multiple L2 network segments and multiple ip subnets. In addition to the base subnet automatically created for any composable network, additional subnets can be defined under the "subnets" key for each network in the data file ("network_data.yaml") used by composable networks. Please refer to the "network_data_subnets_routed.yaml" file for an example demonstrating how to define composable L3 routed networks. * For composable roles it is now possible to control which subnet in a L3 routed network will host network ports for the role. This is done by setting the subnet for each network in the role defenition ("roles_data.yaml"). For example: - name: <role_name> networks: InternalApi: subnet: internal_api_leaf2 Tenant: subnet: tenant_leaf2 Storage: subnet: storage_leaf2 * To enable control of which subnet is used for virtual IPs on L3 routed composable networks the new parameter "VipSubnetMap" where added. This allow the user to override the subnet where the VIP port should be hosted. For example: parameter_defaults: VipSubnetMap: ctlplane: ctlplane-leaf1 InternalApi: internal_api_leaf1 Storage: storage_leaf1 redis: internal_api_leaf1 * New roles for DistributedCompute and DistributedComputeHCI are added. These roles match the existing Compute roles, but also include the CinderVolume service. The CinderVolume service is included using the BlockStorageCinderVolume service name so that it can be mapped independently from CinderVolume. * Add new parameter 'GlanceImageImportPlugins', to enable plugins used by image import process. Add parameter 'GlanceImageConversionOutputFormat', to provide desired output format for image conversion plugin. * Allow to output HAProxy in a dedicated file * Adds new HAProxySyslogFacility param * Add parameter *NovaHWMachineType* which allows to explicitly set machine_type across all compute nodes during deployment, to allow migration compatibility from compute nodes with higher host OS version to compute nodes with lower host OS version. * Adds support to configure disjoint address pools for Ironic Inspector. When Inspector is deployed as a HA service disjoint address pools should be served by the DHCP instances to avoid address conflict issues. The disjoint address pools are configured by using hostname (short form) as the key, then pass the list of ranges for each host. For example: parameter_defaults: IronicInspectorSubnets: overcloud-ironic-0: - ip_range: 192.168.24.100,192.168.24.119 - ip_range: 192.168.25.100,192.168.25.119 netmask: 255.255.255.0 gateway: 192.168.25.254 tag: subnet1 overcloud-ironic-1: - ip_range: 192.168.24.120,192.168.24.139 - ip_range: 192.168.25.120,192.168.25.139 netmask: 255.255.255.0 gateway: 192.168.25.254 tag: subnet1 * The network data for composible networks have been extended to enable configuration of the maximum transmission unit (MTU) that is guaranteed to pass through the data path of the segments in the network. The MTU property is set on the neutron networks in the undercloud. The MTU information is used in the nic-config templates so that overcloud node networking is configured with the correct MTU settings. * Nova now allows use of templated urls in the database and mq connections which will allow static configuration elements to be applied to the urls read from the database per-node. This should be a simpler and less obscure method of configuring things like the per-node bind_address necessary for director's HA arrangement. This patch addresses the templated DB urls as part 1. Nova support added here - https://review.openstack.org/578163 * Nova now allows use of templated urls in the database and mq connections which will allow static configuration elements to be applied to the urls read from the database per-node. This should be a simpler and less obscure method of configuring things like the per-node bind_address necessary for director's HA arrangement. This patch addresses the templated transport urls as part 2. Nova support added here - https://review.openstack.org/578163 * The MTU defined for the "Tenant" network in network_data is now used to set neutron's "global_physnet_mtu" unless the "NeutronGlobalPhysnetMtu" parameter is used to override the default. (Neutron uses the "global_physnet_mtu" value to calculate MTU for all virtual network components. For flat and VLAN networks, neutron uses this value without modification. For overlay networks such as VXLAN, neutron automatically subtracts the overlay protocol overhead from this value.) * Add new TunedCustomProfile parameter which may contain a string in INI format describing a custom tuned profile. Also provide a new environment file for users of hypercoverged Ceph deployments using the Ceph filestore storage backened. The tuned profile is based on heavy I/O load testing. The provided environment file creates /etc/tuned/ceph-filestore-osd-hci/tuned.conf and sets this tuned profile to be active. Not intended for use with Ceph bluestore. Known Issues ************ * Fix misnaming of service in firewall rule for Octavia Health Manager service. Upgrade Notes ************* * Cinder's NFS driver does not support snapshots unless the feature is explicitly enabled (this policy was chosen to ensure compatibility with very old versions of libvirt). The CinderNfsSnapshotSupport default value is True, and so the new default behavior enables NFS snapshots. This change is safe because it just enables a capability (i.e. snapshots) that other cinder drivers generally provide. * Deployers that used "resource_registry" override in their environment to add networks to roles without also using a custom roles data file must create a custom roles data file and add the additional network(s) and use this when upgrading. Previously it was possible to add additional networks to a role without using a custom role by overriding the resource registry, for example: OS::TripleO::Compute::Ports::ExternalPort: ../network/ports/external.yaml Warning: Since resources are no longer added to the plan unless the network is specified in the role, the "resource_registry" override alone is no longer sufficient. * Deployments using custom names for subnets must also set the subnet to use for the roles used in the deployment. I.e if "NetworkNameSubnetName" parameter was used to define a non-default subnet name for any network, the role defenition ("roles_data.yaml") and "VipSubnetMap" parameter must use the same value. Warning: The update will fail if "<NetworkName>SubnetName" was used to set a custom subnet name, and the role defenition and/or the "VipSubnetMap" is not set to match the custom subnet name. * Installing Aodh services on baremetal is no longer supported. * Installing glance on Baremetal is no longer supported * Installing Ironic on baremetal is no longer supported * Installing Keepalived service on baremetal is no longer supported. * Deploying keystone on baremetal is no longer supported. * Installing memcached services on baremetal is no longer supported. * Installing zaqar on baremetal is no longer supported * Tags are now used on the "ctlplane" network to store the list of cidrs associated with the subnets on the "ctlplane" network. Users of Deployed Server (pre-provisioned servers) need to update the port map ("DeployedServerPortMap") to include the required data. For example: parameter_defaults: DeployedServerPortMap: controller0-ctlplane: fixed_ips: - ip_address: 192.168.24.9 subnets: - cidr: 192.168.24.0/24 network: tags: - 192.168.24.0/24 - 192.168.25.0/24 compute0-ctlplane: fixed_ips: - ip_address: 192.168.25.8 subnets: - cidr: 192.168.25.0/24 network: tags: - 192.168.24.0/24 - 192.168.25.0/24 * Prior to upgrading any custom nic-config templates must have the MTU associated parameters introduced in this release added. As an example the following must be added to all nic-config templates when network isolation is used: ControlPlaneMtu: default: 1500 description: The maximum transmission unit (MTU) size(in bytes) that is guaranteed to pass through the data path of the segments in the network. (The parameter is automatically resolved from the ctlplane network's mtu attribute.) type: number StorageMtu: default: 1500 description: The maximum transmission unit (MTU) size(in bytes) that is guaranteed to pass through the data path of the segments in the Storage network. type: number StorageMgmtMtu: default: 1500 description: The maximum transmission unit (MTU) size(in bytes) that is guaranteed to pass through the data path of the segments in the StorageMgmt network. type: number InternalApiMtu: default: 1500 description: The maximum transmission unit (MTU) size(in bytes) that is guaranteed to pass through the data path of the segments in the InternalApi network. type: number TenantMtu: default: 1500 description: The maximum transmission unit (MTU) size(in bytes) that is guaranteed to pass through the data path of the segments in the Tenant network. type: number ExternalMtu: default: 1500 description: The maximum transmission unit (MTU) size(in bytes) that is guaranteed to pass through the data path of the segments in the External network. type: numbe ManagementMtu: default: 1500 description: The maximum transmission unit (MTU) size(in bytes) that is guaranteed to pass through the data path of the segments in the Management network. type: number * The hiera bootstrap_nodeid_ip key has been replaced with per- service SERVICE_bootstrap_node_ip where SERVICE is the service_name from the composable service templates. If any out-of-tree services use this key they will need to adjust to the new interface on upgrade. * We don't run the upgrade_tasks Ansible tasks that stop systemd services and since all services are now containerized. However, we decided to keep the tasks that remove the rpms in case some of deployments didn't cleanup them in previous releases, they can still do it now. These tasks were useful in Rocky when we converted the Undercloud from baremetal to containers but in Stein this is not useful anymore. It's actually breaking upgrades for Podman, as containers are now seen by systemd, and these tasks conflicts with the way containers are managed in Paunch. Deprecation Notes ***************** * For deploying with hw offloading, we should use the "environments /ovs-hw-offload.yaml" file beside neutron, opendaylight or ovn environments files, no needs to have seperated files as before Critical Issues *************** * Networks not specified for roles in roles data ("roles_data.yaml") no longer have Heat resources created. It is now mandatory that custom roles are used when non-default networks is used for a role. Previously it was possible to add additional networks to a role without using a custom role by overriding the resource registry, for example: OS::TripleO::Compute::Ports::ExternalPort: ../network/ports/external.yaml Note: The "resource_registry" override was the only requirement prior to the introduction of *Composable Networks* in the Pike release.Since Pike a custom role would ideally be used when adding networks to roles, but documentation and other guides may not have been properly updated and only mention the "resource_registry" override. Bug Fixes ********* * The recommended API for checking when OpenDaylight is up and ready has changed. Use the new ODL Infrautils diagstatus REST API endpoint, vs the old netvirt:1 endpoint. * The NtpServer default set now includes multiple pool.ntp.org hosts to ensure that the time can be properly synced during the deployment. Having only a single timesource can lead to deployment failures if the time source is unavailable during the deployment. It is recommended that you either set multiple NtpServers or use the NtpPool configuration to ensure that enough time sources are available for the hosts. Note that the NtpPool configuration is only available when using chrony. See LP#1806521 * Novajoin now log's to "/var/log/container" in the same way other TripleO container services do. See Bug: 1796658 (https://bugs.launchpad.net/tripleo/+bug/1796658). * In other sections we already use the internal endpoints for authentication urls. With this change the auth_uri in the neutron section gets moved from KeystoneV3Admin to KeystoneV3Internal. * With tls-everywhere enabled connecting to keystone endpoint fails to retrieve the URL for the placement endpoint as the certificate can not be verified. While verification is disabled to check the placement endpoint later, it is not to communicate with keystone. This disables certificate verification for communication with keystone. * /opt/opendaylight/data folder is mounted on host. This folder contains information about installed features in ODL. Mounting this folder on container makes ODL believe that features are installed and it doesnot generate required for proper boot. Thus this folder is no longer mounted to host so that ODL can boot properly on restart. * CephOSD/Compute nodes crash under memory pressure unless custom tuned profile is used (bug 1800232). Other Notes *********** * HostPrepConfig has been removed. The resource isn't used anymore. It was using the old fashion to run Ansible via Heat, which we don't need anymore with config-download by default in Rocky. * MongoDB hasn't been supported since Pike, it's time to remove the deployment files. Starting in Stein, it's not possible to deploy MongoDB anymore. Changes in tripleo-heat-templates 10.2.0..10.3.0 ------------------------------------------------ bb1a120 Rework the generated openshift-ansible playbook 832a895 Fix scenario003-standalone remove extra cinder/horizon/swift 78ee893 Add horizon WebSSO support for OpenID Connect a017eca Fall back public_virtual_ip to ctlplane if External net not present 868c768 Only add internal_api_virtual_ip if InternalApi in network_data a15509f Ensure /var/lib/iscsi actually exists before mounting it d8ee4b9 docker-puppet.py: only create docker-puppet.sh when it doesn't exist 1bd0bf0 Add standalone scenario jobs into the gate as well as check 884ceb1 Fix scenario002-standalone missing aodh/ceilo/heat/gnocchi services 40ba776 Flatten Keystone service configuration f9b5401 Do not dereference .stdout if dmidecode is missing 991e0fc Reno only - Check for available networks for a role f3b7f15 Fix example in releasenotes/notes/composable-network-subnets 3f69b76 Configure undercloud timezone b1d34c9 docker-puppet.py: move entrypoint mount to latest in order cf333d3 Add default to network.mtu in j2 in nic configs f555e4b Add Distributed Compute roles 97cf1c2 Let the operator manage openshift updates and upgrades 20b677d Use templating for nova cell transport-url 8665a0d Make NetCidrMapValue contain list of cidrs in each net 00cecfe Add a tag's containing subnet cidr to ctlplane network 8865d01 ironic: enable the ipxe boot interface by default be07f99 Remove MongoDB cf70e57 Fix scenario004-standalone - remove cinder/fluentd/horizon/redis 4c5b528 Fix scenario001-standalone missing aodh/ceilo/heat/gnocchi services 21145a9 Bind mount docker-puppet.py in RO without SElinux labelling 340afe2 Replace tripleo-scenario002-multinode with scenario002-standalone 2f2d818 L3 routed networks - subnet fixed_ips (3/3) 26a8601 Fix bind mount for glance-api's service directory 243cb34 Bind mount /var/lib/iscsi in containers using iSCSI 38f7522 update datatype for "OctaviaFlavorId" 54fb81e Prevent service bootstrap node facts from colliding with each other 44b155e Ensure we get the correct setype for haproxy log dir ee7fbe5 Ensure we get the right SELinux context for config-data sub-dir 5f27abb Remove deprecated workflow resource registry entries 4d9ad79 Replace tripleo scenario004-multinode with scenario004-standalone 13d0057 Update hacking version 2c44fe0 L3 routed networks - network.j2 (2/3) 91985cf L3 routed networks - data + env (1/3) 105ae9d Add keystone::wsgi::apache::api_port cd86676 Update auth parameters bbfce24 Use mtu of Tenant network to control neutron global_physnet_mtu 88ab644 Use calculated undercloud ctlplane DHCP allocation pools e644e3d Add MTU to neutron networks and nic-config templates 62b4ded The monitoring_subscription was lost in translation d8b2e9b Replace scenario004 multinode with standalone 17e0087 Add template code to configure hsm backends for barbican 7288062 Use templating for nova cell database_connection c3bd127 Temporary remove selinux label mount option for neutron 669a7b8 Remove unused nova packages from host during upgrade and update f770724 Explicitly set KVM machine_type for migration compatibility 67e74a6 flatten sshd service configuration 2913e57 Add python interpreter to ansible postconfig cd331e4 flatten time service configuration 8b72e4d Fix issue with when statement in docker-registry.yaml. 90717bd Add missing role_specific tag for NUMA aware vswitches params 211a51d Remove redis from standalone env e7691b7 Rename tripleo-ci-centos-7-scenario00{6,9}-multinode-oooq 3b27572 Replace scenario001-multinode with scenario001-standalone 7fe1730 Move podman into deployment directory 971d97b Correct file modes for rpmlint failures bcc3335 flatten tripleo-firewall service configuration 7106a29 flatten tuned service configuration 3d9863b flatten snmp service configuration 7a9d6cb flatten memcached service configuration 3114300 Fix horizon's iptables rules for haproxy when split off a separate role 228710f Move [neutron] auth_url to KeystoneV3Internal 974c68e Add tripleo-ci-centos-7-scenario003-standalone job 2f84e6e Remove unused params in jinja rendered network config templates 7fbc4b0 Flatten Glance service configuration 0de7bc0 Flatten Zaqar service configuration ced9f88 Flatten Ironic services configuration ce72766 Update tuned profile variable configuration file if it exists 571a764 Allow for service_bootstrap_ips empty list in IpListMap b390ddd Drop baremetal job template 81e8f08 Fix and consolidate cinder-backup host prep tasks 7345963 Flatten Keepalived service configuration bcf80d4 Add deployments/README.rst bf1c16d Fix service naming conventions 29da33f Fix misnaming of service in firewall rule a0a7c4f Enable support for openidc federation in keystone 12468ac Spliting compact services in multiples lines 32f4db8 Fix access to /var/lib/haproxy when SELinux is enabled c579480 Add a dual-bond example NIC config template 9333740 Enable image import plugins & image output format 0576e26 Ensure we get dedicated logging file for HAProxy eb3efe7 Remove deploy steps on empty roles 2024bb0 Ironic Inspector - disjoint ip range(s) for HA c2aeb45 Replace confusing usage of update_identifier 62b5426 Run local registry and prep cont at standalone 25a4fb7 Force rhsm re-registration during upgrades. 34aa238 puppet_config for rabbitmq_bundle needs file_line 5bc5ae9 Perform docker reconfiguration on upgrade_tasks. e3c1b7e docker: wire SELinuxMode with Ansible vars bc0246f Add TunedCustomProfile parameter and HCI Ceph filestore environment 9efb5f9 Fix - ApacheServiceBase needs ServiceData 63a6d4b Add ansible python interpreter configuration support ec8cc54 Switch debug to use logging classes 32ae3ff Remove invalid comment in ips-from-pool-ctlplane e4ee042 upgrade: remove tasks that stop and disable services dcdf75b Allow to run docker-puppet.py with SELinux enabled 36cfba3 Run collectd socket cleanup on container start ad0ac42 Removing the deprecated environment files for hw offloading 55a22c5 Lower mistral-executor nofile to 1024 862f52c Put user data in the main stack efa69b7 Remove HostPrepConfig bcb079a mistral-executor: bind-mount undercloud.conf when validations are enabled aaad502 Introduce container_cli hiera key be61d8a Re-implement keepalived restart without pre_deploy 07c0228 Add support for cinder NFS snapshots 57c4f03 Remove CephAnsibleSkipTags from scenario1/4 standalone ci envs 0a99380 Disable pacemaker on multinode-containers (fs010) 2dfd0ea Flatten Aodh service configuration 6239249 Update yaml-validate for deployment/ folders 670e720 Remove nic for storage_mgt network e9525d3 Don't mount data folder 21c6edc Add relnotes for ODL migration to diagstatus API 446dcc1 Fix fs035 by defining a default gateway_ipv6 7c4b027 Allow customization of more openshift-ansible vars 90d3723 Specify multiple NtpServers by default 3960b8e Include cpu plugin in default collect plugins 3f52eb5 [Core] Change openstack-dev to openstack-discuss. d95e990 Change openstack-dev to openstack-discuss 08071d0 Add comments clarifying use of deprecated_params for roles a9c0fa5 neutron-cleanup skips ports marked skip_cleanup=true 5b94d50 Add env file for standalone scenario002 a99820a nova_compute fails to start in tls-everywhere configuration 0101b46 Allow to skip docker reconfiguration during stack update 7450a79 Use https instead of http for docs links 435e846 Process the templates even if j2_excludes file is not present 4de1794 Set facter variable 'uuid' explicitly in docker-puppet.py 50de026 Set balance to source for openshift_router endpoints bd51cf5 Use InternalApi network for openshift_master_cluster_hostname 0cbbdac Add DockerPuppetMountHostPuppet parameter da87906 Use new ODL diagstatus heath check REST URL 1269915 Default NtpPool to an empty list 030442d Invoke redhat-subscription role during upgrade. 3f57d73 Fix pacemaker tagging race condition 0012c42 Mount config-data/puppet-generated/nova for nova_api_ensure_default_cell 948ab3f Use correct permission on Gnocchi tmp dir 3b6f022 Enable ironic-inspector support in ironic when enabling ironic-inspector 8980b57 Fix Swift S3 API configuration 642760e Mount puppet-generated directory for tripleo-validations 8a6be5f Remove ties between ceilometer and panko 5787e17 Exclude redundant letters 7a1cd82 ctlplane pre-alloc IPs - deprecated/non-deprecated role name 21905f7 Remove common bootstrap_nodeid from deploy_steps/tripleo-packages.yaml 3c8e736 Fix Octavia hieradata keys eaa8f8c Add Storage network to IronicConductor role 47b7539 upgrade: remove Docker containers now managed by Podman a77d045 Add SERVICE_bootstrap_node_ip values to allNodesConfig 1e5ccb4 Handle python binary look for scripts cc61ff9 Change step to start nova placement and make compute wait for it 6614290 Fix ServiceData in docker/services/aodh-api.yaml 386adca Adds ci/environments/scenario004-standalone.yaml for new job 244f621 Add a new standalone scenario003 env file afa16ae Create clouds.yaml for the undercloud b7ebf58 Disable deprecated parameter ControllerEnableSwiftStorage d69e3af Fix logging for metrics_qdr b63f6a3 Initial conversion of scenario001 to standalone b3eca20 Configure registry to use gluster ecb0296 Add config files/templates to integrate nsx plugin with container 5d275fb Check for available networks for a role 5bff1c5 Update kolla_config to deal with keystone fernet key rotation 4702ad3 Call etcd scaleup playbook when adding master nodes cca4eb3 Add hosts to expected ansible groups a425a6f CiscoNexus: Update and Remove deprecated vars 634365b Remove developer tools from tripleo .gitignore 6b9b765 Fix a typo of "rabbitmq" 29a53d9 Align novajoin container logging to other services 6d1a5b6 Upload amphora image in RAW format if RBD backend 0b58798 YAML NIC Config 2 script - fix comment indentation a71049e Add deprecated_server_resource_name for ObjectStorage role 2fb91cd Add a gateway IP to the Management net in network_data.yaml 97c363b Fix the scenario007 CI job failure 1e8577e Don't require files key in env-generator 9ff7006 modify assignment spelling Diffstat (except docs and test files) ------------------------------------- .gitignore | 19 +- README.rst | 4 +- bindep.txt | 2 +- capabilities-map.yaml | 11 - ci/common/net-config-multinode-os-net-config.yaml | 42 + ci/common/net-config-multinode.yaml | 42 + ci/common/net-config-simple-bridge.yaml | 42 + ci/environments/multinode-containers.yaml | 10 - .../network-isolation-absolute.yaml | 1 - .../multiple-nics-ipv6/network-isolation.yaml | 1 - .../nic-configs/ceph-storage.yaml | 42 + .../nic-configs/cinder-storage.yaml | 42 + .../multiple-nics-ipv6/nic-configs/compute.yaml | 42 + .../multiple-nics-ipv6/nic-configs/controller.yaml | 42 + .../nic-configs/swift-storage.yaml | 42 + .../multiple-nics/nic-configs/ceph-storage.yaml | 42 + .../multiple-nics/nic-configs/cinder-storage.yaml | 42 + .../network/multiple-nics/nic-configs/compute.yaml | 48 +- .../multiple-nics/nic-configs/controller.yaml | 42 + .../multiple-nics/nic-configs/swift-storage.yaml | 42 + .../public-bond/nic-configs/ceph-storage.yaml | 42 + .../public-bond/nic-configs/cinder-storage.yaml | 42 + .../network/public-bond/nic-configs/compute.yaml | 42 + .../public-bond/nic-configs/controller.yaml | 42 + .../public-bond/nic-configs/swift-storage.yaml | 42 + ci/environments/scenario001-standalone.yaml | 121 +++ .../scenario002-multinode-containers.yaml | 2 +- ci/environments/scenario002-standalone.yaml | 58 ++ ci/environments/scenario003-standalone.yaml | 84 ++ ci/environments/scenario004-standalone.yaml | 93 +++ .../scenario006-multinode-containers.yaml | 7 +- .../scenario007-multinode-containers.yaml | 7 + .../scenario012-multinode-containers.yaml | 6 +- ci/scripts/freeipa_setup.sh | 0 common/deploy-steps-tasks.yaml | 19 + common/deploy-steps.j2 | 120 ++- deployed-server/deployed-neutron-port.yaml | 8 +- .../deployed-server-bootstrap-centos.sh | 0 deployed-server/deployed-server-bootstrap-rhel.sh | 0 deployed-server/deployed-server-roles-data.yaml | 1 - deployed-server/scripts/enable-ssh-admin.sh | 9 +- deployment/README.rst | 32 + deployment/aodh/aodh-api-container-puppet.yaml | 294 +++++++ deployment/aodh/aodh-base.yaml | 135 ++++ .../aodh/aodh-evaluator-container-puppet.yaml | 162 ++++ .../aodh/aodh-listener-container-puppet.yaml | 169 ++++ .../aodh/aodh-notifier-container-puppet.yaml | 169 ++++ deployment/glance/glance-api-container-puppet.yaml | 591 ++++++++++++++ .../glance/glance-api-logging-file-container.yaml | 46 ++ .../glance/glance-api-logging-stdout-puppet.yaml | 21 + .../glance/glance-registry-disabled-puppet.yaml | 57 ++ deployment/ironic/ironic-api-container-puppet.yaml | 343 ++++++++ deployment/ironic/ironic-base-puppet.yaml | 108 +++ .../ironic/ironic-conductor-container-puppet.yaml | 629 +++++++++++++++ .../ironic/ironic-inspector-container-puppet.yaml | 477 ++++++++++++ .../ironic-neutron-agent-container-puppet.yaml | 129 +++ deployment/ironic/ironic-pxe-container-puppet.yaml | 182 +++++ .../keepalived/keepalived-container-puppet.yaml | 178 +++++ deployment/keystone/keystone-container-puppet.yaml | 867 +++++++++++++++++++++ .../memcached/memcached-container-puppet.yaml | 196 +++++ deployment/podman/podman-baremetal-ansible.yaml | 74 ++ deployment/snmp/snmp-baremetal-puppet.yaml | 89 +++ deployment/sshd/sshd-baremetal-puppet.yaml | 80 ++ deployment/time/ntp-baremetal-puppet.yaml | 115 +++ deployment/time/ptp-baremetal-puppet.yaml | 112 +++ deployment/time/timezone-baremetal-puppet.yaml | 46 ++ deployment/timesync/chrony-ansible.yaml | 163 ---- deployment/timesync/chrony-baremetal-ansible.yaml | 159 ++++ .../tripleo-firewall-baremetal-puppet.yaml | 57 ++ deployment/tuned/tuned-baremetal-puppet.yaml | 65 ++ deployment/zaqar/zaqar-container-puppet.yaml | 382 +++++++++ .../octavia/octavia-deployment-config.yaml | 5 + .../nova_wait_for_placement_service.py | 110 +++ environments/barbican-backend-pkcs11-atos.yaml | 29 + environments/barbican-backend-pkcs11-thales.yaml | 38 + environments/barbican-backend-pkcs11.yaml | 1 + environments/baremetal-services.yaml | 16 +- environments/composable-roles/monolithic-ha.yaml | 4 +- .../composable-roles/monolithic-nonha.yaml | 4 +- environments/composable-roles/standalone.yaml | 4 +- environments/disable-panko.yaml | 1 + environments/docker-uc-light.yaml | 4 +- environments/enable-federation-openidc.yaml | 79 ++ environments/ips-from-pool-ctlplane.yaml | 4 +- environments/lifecycle/ffwd-upgrade-prepare.yaml | 1 + environments/lifecycle/upgrade-prepare.yaml | 2 + environments/mongodb-nojournal.yaml | 5 - environments/net-2-linux-bonds-with-vlans.j2.yaml | 17 + environments/network-environment-v6.j2.yaml | 28 + environments/network-environment.j2.yaml | 30 +- .../network-isolation-no-tunneling.j2.yaml | 23 +- environments/network-isolation-v6.j2.yaml | 27 +- environments/network-isolation.j2.yaml | 21 +- environments/neutron-ml2-cisco-nexus-ucsm.yaml | 8 - environments/neutron-ml2-ovn-hw-offload.yaml | 39 - environments/neutron-nsx.yaml | 2 + environments/neutron-plumgrid.yaml | 0 environments/neutron-sriov.yaml | 0 environments/nsx-config.yaml | 22 + environments/openshift.yaml | 2 +- environments/podman.yaml | 2 +- .../services-baremetal/ironic-inspector.yaml | 2 - environments/services-baremetal/ironic.yaml | 7 - .../neutron-opendaylight-hw-offload.yaml | 33 - .../services-baremetal/neutron-ovn-hw-offload.yaml | 43 - .../services-baremetal/neutron-ovs-hw-offload.yaml | 24 - .../services-baremetal/undercloud-aodh.yaml | 5 - .../services-baremetal/undercloud-keepalived.yaml | 2 - environments/services-baremetal/zaqar.yaml | 3 - environments/services/ironic-inspector.yaml | 6 +- environments/services/ironic.yaml | 8 +- environments/services/neutron-nsx-lbaasv2.yaml | 6 + .../services/neutron-opendaylight-hw-offload.yaml | 34 - environments/services/neutron-ovn-hw-offload.yaml | 45 -- environments/services/neutron-ovs-hw-offload.yaml | 24 - environments/services/ptp.yaml | 2 +- environments/services/undercloud-aodh.yaml | 7 - environments/services/undercloud-keepalived.yaml | 2 +- environments/services/zaqar-swift-backend.yaml | 2 +- environments/services/zaqar.yaml | 2 +- environments/standalone.yaml | 1 + environments/standalone/standalone-overcloud.yaml | 4 +- environments/standalone/standalone-tripleo.yaml | 8 +- environments/stdout-logging.yaml | 2 +- environments/tuned-ceph-filestore-hci.yaml | 13 + environments/undercloud.yaml | 6 +- .../nova_metadata/krb-service-principals.j2.yaml | 4 +- extraconfig/post_deploy/clouds_yaml.py | 88 +++ extraconfig/post_deploy/standalone_post.sh | 26 - extraconfig/post_deploy/standalone_post.yaml | 55 +- .../post_deploy/undercloud_ctlplane_network.py | 65 +- extraconfig/post_deploy/undercloud_post.py | 17 +- extraconfig/post_deploy/undercloud_post.yaml | 77 +- .../rhel-registration/scripts/rhel-registration | 0 .../rhel-registration/scripts/rhel-unregistration | 0 extraconfig/pre_deploy/undercloud_pre.sh | 8 - extraconfig/pre_deploy/undercloud_pre.yaml | 23 - extraconfig/pre_network/boot_param_tasks.yaml | 6 +- extraconfig/services/openshift-cns.yaml | 1 + extraconfig/services/openshift-infra.yaml | 4 +- extraconfig/services/openshift-master.yaml | 188 +++-- extraconfig/services/openshift-node.yaml | 37 +- extraconfig/services/rhsm.yaml | 12 +- firstboot/os-net-config-mappings.yaml | 7 +- net-config-bond.j2.yaml | 12 + net-config-bridge.j2.yaml | 12 + net-config-linux-bridge.j2.yaml | 12 + net-config-noop.j2.yaml | 12 + net-config-standalone.j2.yaml | 12 + ...config-static-bridge-with-external-dhcp.j2.yaml | 12 + net-config-static-bridge.j2.yaml | 12 + net-config-static.j2.yaml | 12 + net-config-undercloud.j2.yaml | 12 + network/config/2-linux-bonds-vlans/README.md | 38 + .../config/2-linux-bonds-vlans/role.role.j2.yaml | 300 +++++++ .../bond-with-vlans/controller-no-external.j2.yaml | 12 + .../config/bond-with-vlans/controller-v6.j2.yaml | 52 ++ network/config/bond-with-vlans/role.role.j2.yaml | 89 ++- network/config/multiple-nics/compute-dvr.j2.yaml | 28 + network/config/multiple-nics/controller-v6.j2.yaml | 30 + network/config/multiple-nics/role.role.j2.yaml | 69 +- .../controller-v6.j2.yaml | 46 ++ .../role.role.j2.yaml | 67 +- .../controller-no-external.j2.yaml | 12 + .../config/single-nic-vlans/controller-v6.j2.yaml | 46 ++ network/config/single-nic-vlans/role.role.j2.yaml | 61 +- network/network.j2 | 98 ++- network/networks.j2.yaml | 15 +- network/ports/ctlplane_vip.yaml | 4 +- network/ports/net_ip_list_map.j2.yaml | 23 + network/ports/noop.yaml | 10 + network/ports/port.j2 | 8 +- network/ports/port_from_pool.j2 | 3 + network/ports/vip.yaml | 4 +- network/ports/vip_v6.yaml | 4 +- network/service_net_map.j2.yaml | 38 +- network_data.yaml | 26 + network_data_ganesha.yaml | 12 + network_data_routed.yaml | 28 + network_data_subnets_routed.yaml | 187 +++++ overcloud-resource-registry-puppet.j2.yaml | 42 +- overcloud.j2.yaml | 113 ++- puppet/all-nodes-config.j2.yaml | 29 +- puppet/deploy-artifacts.sh | 0 .../all_nodes/neutron-ml2-cisco-nexus-ucsm.j2.yaml | 68 -- puppet/extraconfig/pre_deploy/per_node.yaml | 10 +- puppet/role.role.j2.yaml | 92 ++- puppet/services/aodh-api.yaml | 129 --- puppet/services/aodh-base.yaml | 135 ---- puppet/services/aodh-evaluator.yaml | 74 -- puppet/services/aodh-listener.yaml | 74 -- puppet/services/aodh-notifier.yaml | 74 -- puppet/services/apache.j2.yaml | 23 +- puppet/services/auditd.yaml | 20 +- puppet/services/barbican-api.yaml | 21 +- .../services/barbican-backend-pkcs11-crypto.yaml | 34 +- puppet/services/ceilometer-agent-central.yaml | 18 +- puppet/services/ceilometer-agent-compute.yaml | 18 +- puppet/services/ceilometer-agent-ipmi.yaml | 25 +- puppet/services/ceilometer-agent-notification.yaml | 18 +- puppet/services/ceilometer-base.yaml | 2 +- puppet/services/cinder-api.yaml | 31 +- puppet/services/cinder-base.yaml | 2 +- puppet/services/cinder-scheduler.yaml | 18 +- puppet/services/cinder-volume.yaml | 25 +- puppet/services/congress.yaml | 25 +- puppet/services/database/mongodb-base.yaml | 58 -- puppet/services/database/mongodb.yaml | 150 ---- puppet/services/database/redis-base.yaml | 2 +- puppet/services/database/redis.yaml | 28 +- puppet/services/designate-base.yaml | 2 +- puppet/services/designate-worker.yaml | 1 + .../disabled/glance-registry-disabled.yaml | 76 -- .../disabled/heat-api-cloudwatch-disabled.yaml | 12 +- puppet/services/disabled/mongodb-disabled.yaml | 48 -- puppet/services/docker-registry.yaml | 12 +- puppet/services/docker.yaml | 44 +- puppet/services/ec2-api.yaml | 25 +- puppet/services/etcd.yaml | 19 +- puppet/services/glance-api.yaml | 417 ---------- puppet/services/gnocchi-api.yaml | 6 +- puppet/services/gnocchi-base.yaml | 2 +- puppet/services/gnocchi-metricd.yaml | 18 +- puppet/services/gnocchi-statsd.yaml | 18 +- puppet/services/haproxy-public-tls-inject.yaml | 6 +- puppet/services/haproxy.yaml | 28 +- puppet/services/heat-api-cfn.yaml | 28 +- puppet/services/heat-api.yaml | 28 +- puppet/services/heat-base.yaml | 2 +- puppet/services/heat-engine.yaml | 18 +- puppet/services/horizon.yaml | 59 +- puppet/services/ironic-api.yaml | 172 ---- puppet/services/ironic-base.yaml | 108 --- puppet/services/ironic-conductor.yaml | 402 ---------- puppet/services/ironic-inspector.yaml | 280 ------- puppet/services/ironic-neutron-agent.yaml | 87 --- puppet/services/keepalived.yaml | 86 -- puppet/services/keystone.yaml | 597 -------------- puppet/services/logging/fluentd.yaml | 25 +- puppet/services/manila-base.yaml | 2 +- puppet/services/manila-scheduler.yaml | 11 +- puppet/services/memcached.yaml | 127 --- puppet/services/metrics/collectd.yaml | 27 +- puppet/services/mistral-api.yaml | 30 +- puppet/services/mistral-base.yaml | 2 +- puppet/services/mistral-engine.yaml | 23 +- puppet/services/mistral-event-engine.yaml | 23 +- puppet/services/mistral-executor.yaml | 23 +- puppet/services/monitoring/sensu-client.yaml | 25 +- puppet/services/neutron-api.yaml | 18 +- puppet/services/neutron-base.yaml | 21 +- puppet/services/neutron-dhcp.yaml | 18 +- puppet/services/neutron-l2gw-agent.yaml | 18 +- puppet/services/neutron-l3.yaml | 18 +- puppet/services/neutron-metadata.yaml | 18 +- puppet/services/neutron-ovs-agent.yaml | 18 +- puppet/services/neutron-sriov-agent.yaml | 18 +- puppet/services/nova-api.yaml | 27 +- puppet/services/nova-base.yaml | 4 +- puppet/services/nova-compute.yaml | 13 + puppet/services/nova-metadata.yaml | 1 + puppet/services/octavia-api.yaml | 11 + puppet/services/octavia-base.yaml | 2 +- puppet/services/octavia-controller.yaml | 108 +++ puppet/services/octavia-health-manager.yaml | 13 +- puppet/services/octavia-housekeeping.yaml | 13 +- puppet/services/octavia-worker.yaml | 67 +- puppet/services/opendaylight-api.yaml | 27 +- puppet/services/opendaylight-ovs.yaml | 2 +- puppet/services/ovn-controller.yaml | 18 +- puppet/services/ovn-dbs.yaml | 18 +- puppet/services/ovn-metadata.yaml | 20 +- puppet/services/pacemaker/haproxy.yaml | 10 + puppet/services/panko-api.yaml | 26 +- puppet/services/panko-base.yaml | 2 +- puppet/services/podman.yaml | 74 -- puppet/services/sahara-base.yaml | 2 +- puppet/services/snmp.yaml | 88 --- puppet/services/sshd.yaml | 80 -- puppet/services/swift-proxy.yaml | 2 +- puppet/services/swift-storage.yaml | 1 - puppet/services/tacker.yaml | 25 +- puppet/services/time/ntp.yaml | 115 --- puppet/services/time/ptp.yaml | 112 --- puppet/services/time/timezone.yaml | 46 -- puppet/services/tripleo-firewall.yaml | 57 -- puppet/services/tripleo-packages.yaml | 10 +- puppet/services/tuned.yaml | 52 -- puppet/services/zaqar-api.yaml | 261 ------- .../ODL-healthcheck-new-API-dae1a7ffce51e359.yaml | 6 + .../add-barbican-hsm-code-2ceffb2e1c3f6b67.yaml | 10 + ...nder-nfs-snapshot-support-16664aa46a67a5ad.yaml | 13 + ...hange-ntp-default-servers-5c4cb51c10ffe60e.yaml | 10 + ...-availble-network-in-role-7860d8d5cd1df4b0.yaml | 34 + ...omposable-network-subnets-fbfcb6283a54ace7.yaml | 48 ++ ...ontainer-logging-novajoin-90398bce0bc1a7b9.yaml | 7 + .../notes/deprecation-573102-e63aeba5930adf28.yaml | 7 + .../notes/distributed-roles-a3a5a5d9eb25e6b0.yaml | 8 + .../drop-baremetal-aodh-22cb1dfc59204427.yaml | 4 + .../drop-baremetal-glance-5836be7624e63133.yaml | 3 + .../drop-baremetal-ironic-ab7af5d2b75c9cbf.yaml | 3 + ...drop-baremetal-keepalived-c48cde2007b372a4.yaml | 4 + .../drop-baremetal-keystone-000a4babb7f8ef60.yaml | 4 + .../drop-baremetal-memcached-6cbdfd80bef14a41.yaml | 4 + .../drop-baremetal-zaqar-abe0f9cae9c87879.yaml | 3 + ...age_conversion_parameters-740e5282385444c7.yaml | 7 + ...lth-manager-firewall-rule-cdffe31d580ecf4b.yaml | 4 + .../notes/haproxy-log-2805e3697cbadf49.yaml | 4 + .../host_prep_config_removal-f579718021db5385.yaml | 6 + .../notes/hw-machine-type-6a0bd7bc3973c15a.yaml | 7 + ...joint-inspection-ip-range-f399a938d50daadd.yaml | 25 + ...ue-contain-lists-of-cidrs-19bc98dc9bc6b819.yaml | 29 + .../notes/mongodb_drop-02daffbfe4975cb9.yaml | 6 + ...ork-templates-mtu-setting-a76fe47cfc97b36f.yaml | 58 ++ ..._url_to_internal_endpoint-aaf0e550750335eb.yaml | 7 + ...a_templated_cells_db_urls-2eb151090c49c51d.yaml | 10 + ...lated_cells_transport_url-275f0b707d9227ab.yaml | 10 + ...rvice_disable_cert_verify-45f532d7a924df86.yaml | 9 + ...dl-dont-mount-data-folder-c993df185af375a8.yaml | 9 + ...emove_bootstrap_nodeid_ip-d97ec1da4f73599c.yaml | 7 + ...eutron-global-physnet-mtu-5e3515a97e8e0367.yaml | 10 + .../tuned_custom_profile-25d1f4a2bc217216.yaml | 15 + .../upgrade_tasks_cleanup-c913f3f30f4a1db6.yaml | 13 + roles/BlockStorage.yaml | 9 +- roles/CephAll.yaml | 6 +- roles/CephFile.yaml | 6 +- roles/CephObject.yaml | 6 +- roles/CephStorage.yaml | 6 +- roles/Compute.yaml | 11 +- roles/ComputeAlt.yaml | 9 +- roles/ComputeDVR.yaml | 9 +- roles/ComputeHCI.yaml | 12 +- roles/ComputeInstanceHA.yaml | 9 +- roles/ComputeLiquidio.yaml | 9 +- roles/ComputeOvsDpdk.yaml | 9 +- roles/ComputeOvsDpdkRT.yaml | 9 +- roles/ComputePPC64LE.yaml | 9 +- roles/ComputeRealTime.yaml | 9 +- roles/ComputeSriov.yaml | 9 +- roles/ComputeSriovRT.yaml | 9 +- roles/Controller.yaml | 16 +- roles/ControllerAllNovaStandalone.yaml | 16 +- roles/ControllerNoCeph.yaml | 16 +- roles/ControllerNovaStandalone.yaml | 16 +- roles/ControllerOpenstack.yaml | 16 +- roles/ControllerStorageNfs.yaml | 19 +- roles/Database.yaml | 3 +- roles/DistributedCompute.yaml | 64 ++ roles/DistributedComputeHCI.yaml | 69 ++ roles/HciCephAll.yaml | 12 +- roles/HciCephFile.yaml | 12 +- roles/HciCephMon.yaml | 12 +- roles/HciCephObject.yaml | 12 +- roles/IronicConductor.yaml | 5 +- roles/Messaging.yaml | 3 +- roles/Networker.yaml | 6 +- roles/Novacontrol.yaml | 6 +- roles/ObjectStorage.yaml | 10 +- roles/OpenShiftAllInOne.yaml | 10 +- roles/OpenShiftInfra.yaml | 7 +- roles/OpenShiftMaster.yaml | 10 +- roles/OpenShiftWorker.yaml | 7 +- roles/README.rst | 2 +- roles/Standalone.yaml | 14 +- roles/Telemetry.yaml | 6 +- roles/Undercloud.yaml | 13 + roles_data.yaml | 52 +- roles_data_undercloud.yaml | 13 + sample-env-generator/composable-roles.yaml | 6 +- sample-env-generator/openidc.yaml | 42 + sample-env-generator/standalone.yaml | 11 +- sample-env-generator/storage.yaml | 2 +- setup.cfg | 2 +- test-requirements.txt | 2 +- tools/process-templates.py | 8 +- tools/yaml-nic-config-2-script.py | 1 + tools/yaml-validate.py | 23 +- tripleo_heat_templates/environment_generator.py | 2 +- validation-scripts/all-nodes.sh | 7 +- zuul.d/layout.yaml | 58 +- 500 files changed, 12850 insertions(+), 11734 deletions(-) Requirements updates -------------------- diff --git a/test-requirements.txt b/test-requirements.txt index 7235018..68a8676 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -4 +4 @@ -hacking>=0.11.0,<0.12 # Apache-2.0 +hacking>=1.1.0,<1.2.0 # Apache-2.0