We are pumped to announce the release of: tripleo-heat-templates 11.1.0: Heat templates for deploying OpenStack with OpenStack. This release is part of the train release series. The source is available from: https://opendev.org/openstack/tripleo-heat-templates Download the package from: https://tarballs.openstack.org/tripleo-heat-templates/ Please report issues through: https://bugs.launchpad.net/tripleo/+bugs For more details, please see below. 11.1.0 ^^^^^^ New Features ************ * *ContainerImageRegistryLogin* has been added to indicate if login calls should be issued by the container engine on deployment. The default is set to *false*. * Values specified in *ContainerImageRegistryCredentials* will now be used to issue a login call when deploying the container engine on the hosts if *ContainerImageRegistryLogin* is set to *true* * The parameter {{role.name}}RemovalPoliciesMode can be set to 'update' to reset the existing blacklisted nodes in heat. This will help re-use the node indexes when required. * As ceph-dashboard is available on Ceph, the new ceph dashboard composable service enables a user scenario in which the dashboard is deployed along with the other ceph components using TripleO. This feature is disabled by default and can be enabled by operators adding to the deployment the ceph-dashboard.yaml environment file included in tripleo-heat-templates. * Add support for the Multipathd service on nodes that access Block Storage (cinder) volumes. Multipathd is an optional service that can be enabled by including environments/multipathd.yaml in the deployment. * Introduce new tag into roles that will create external_bridge (usable only for multiple-nics). * When running config-download manually, fact gathering at the play level can now be controlled with the gather_facts Ansible boolean variable. * Add parameter *NovaLiveMigrationWaitForVIFPlug* which allows to set *live_migration_wait_for_vif_plug* which in turn allows whether to wait for "network-vif-plugged" events before starting guest transfer. The default value for the parameter is set to true and it is set to false when *ovn* is in *NeutronMechanismDrivers* list. * Add *ContainerNovaLibvirtUlimit* to configure Ulimit for containerized Libvirt. Defaults to "nofile=131072,nproc=126960". * Enables new Neutron "kill script" feature in order to avoid dangling containers when it kills an agent. * Add parameter NovaLibvirtMemStatsPeriodSeconds, which allows to set *libvirt/mem_stats_period_seconds* parameter value to number of seconds to memory usage statistics period, zero or negative value mean to disable memory usage statistics. Default value for NovaLibvirtMemStatsPeriodSeconds is 10. * Add boolean parameter *NovaSchedulerLimitTenantsToPlacementAggregate* which allows to set *scheduler/limit_tenants_to_placement_aggregate* parameter value, to have tenant isolation with placement. It ensures hosts are in tenant-isolated host aggregate and availability zones will only be available to specific set of tenants. Default value for NovaSchedulerLimitTenantsToPlacementAggregate is false. * Parameter *scheduler/query_placement_for_image_type_support* is enabled by default for all deployments. Setting it causes the scheduler to ask Placement only for compute hosts that support the *disk_format* of the image used in the request which is beneficial for example, the libvirt driver, when using Ceph as an ephemeral backend, does not support *qcow2* images (without an expensive conversion step). Upgrade Notes ************* * During upgrade user will need to create custom roles_data.yaml and remove external_bridge from tags to be sure that bridge will be not added. * Removes the environment for deprecated non-config-download workflow. Now specifying --no-config-download/--stack-only in cli would create/update the heat stack but would not deploy configurations on the nodes. * The new role variable update_serial is introduced allowing parallel update execution. On Controller role this variable defaults to 1 as pacemaker has to be taken down and up in rolling fashion. The default value is 25 as that is default value for parallel ansible execution used by tripleo. Deprecation Notes ***************** * The template *aide-baremetal-puppet* has been deprecated. This template has been replaced by *aide-baremetal-ansible* which provides for the same functionality and interfaces. * Support for the Midonet plugin has been removed from TripleO Train. The reason is the lack of maintainers and testing around this plugin. * The environments at environments/deployed-server-bootstrap- environment-centos.yaml and environments/deployed-server-bootstrap- environment-rhel.yaml are deprecated as the functionality they enabled in the bootstrap scripts has been moved to the tripleo- boostrap ansible role provided by tripleo-common. * Deprecated environment files are removed. Removed "environments /neutron-sriov.yaml", use "environments/services/neutron-sriov.yaml" file. Removed "environments/neutron-ovs-dpdk.yaml", use "environments/services/neutron-ovs-dpdk.yaml" file. Removed "environments/ovs-dpdk-permissions.yaml", as the required parameter is added to the OvS-DPDK roles. * The rhel-registration scripts support has been removed. It was replaced in Rocky by the Ansible RHSM role. Upgrades have been tested and the new configuration is well documented. * Support for the Cisco UCSM plugin has been removed from TripleO Train. The reason is the lack of maintainers and testing around this plugin. Bug Fixes ********* * When changeing the "name_lower" of the "InternalApi" network and using the "service_net_map_replace" option in network data. The subnet referenced in "VipSubnetMapDefaults" did not take in account the custom lowercase name for the network, causing deployment error. See bug: 1832461 (https://bugs.launchpad.net/tripleo/+bug/1832461). * The passphrase for config option 'server_certs_key_passphrase', is used as a Fernet key in Octavia and thus must be 32 bytes long. In the case of an operator-provided passphrase, TripleO will validate that. * https://bugs.launchpad.net/neutron/+bug/1825943 * Adds the Neutron Routed Provider Networks (https://opendev.org/open stack/neutron/src/branch/master/releasenotes/notes/allow-update- subnet-segment-id-association-1fb02ace27e85bb8.yaml) ("segments") back to the list of default service plugins for the overcloud. Bug: 1831969 (https://bugs.launchpad.net/tripleo/+bug/1831969). * Certain nova containers require more locked memory that the default limit of 16KiB. Increase the default memlock to 64MiB via "DockerNovaComputeUlimit". As this is only a maximum limit and not a pre-allocatiosn this will not increase the memory requirements for all nova containers. To date the only container to require this is nova_cell_v2_discover_hosts which is short lived. * [1] switched to run nova-manage discovery as non root user. In case of updates there can be already a nove-manage log owned by root from previous runs. This change make sure we change the owner of nova- manage log to nova:nova on overcloud deploy runs on the computes [1] https://review.opendev.org/#/c/652039/13/deployment/nova/nova- compute-container-puppet.yaml * https://review.opendev.org/#/c/662109/ removed the bind mount from /run inside the nova_migration_target container. But the nova- migration-wrapper inside the container needs access to the libvirt socket - https://github.com/rdo-packages/nova-distgit/blob/rpm- master/nova-migration-wrapper#L31 . This adds the bind mount of /run/libvirt to the nova_migration_target container to fix live migration issues. * Recent changes for e.g edge scenarios caused intended move of discovery from controller to bootstrap compute node. The task is triggered by deploy-identifier to make sure it gets run on any deploy,scale, ... run. If deploy run is triggered with --skip- deploy-identifier flag, discovery will not be triggered at and as result causing failures in previously supported scenarios. This change moves the host discovery task to be an ansible deploy_steps_tasks that it gets triggered even if --skip-deploy- identifier is used, or the compute bootstrap node is blacklisted. * Deployment with enabled NFS share for nova ephemeral storage fails. Podman fails to relable with mounted nfs in /var/lib/nova/instances and container fail to start with "operation not supported". This change only sets the z flag for the /var/lib/nova in case nfs is not enabled for the compute. Other Notes *********** * Services that were in extraconfig/services are now in deployment directory among other services. * The use of parameter "EC2MetadataIp" and the configuration of routes to metadata has been removed. Nothing is consuming metadata over the network anymore since config-drive is used as the data source. * The environment files to enable/disable config-download at environments/disable-config-download-environment.yaml and environments/config-download-environment.yaml are removed as disabling config-download was deprecated in Stein, and it's enabled by default. Changes in tripleo-heat-templates 11.0.0..11.1.0 ------------------------------------------------ 58a9f97a9 Restart only installed services 829e65855 Allow for configuration of the Manila CephFS backend with a remote Ceph 08e34dbca Re-Add facter cache for container configurations 1565c50be Revert "Add facter cache for container configurations" 0b0553fdf Move instanceha into scripts 91d287539 Remove support for Midonet plugin e6fe9ff3d Remove mac_hostname & random_string 2f3554cdc Remove extraconfig/services directory c2977e3c0 Add missing update_serial key to compute roles 3e7c15da2 Only run cellv2 host discovery on default cell a407d4f5d Add dashboard component as new ceph composable service. 4ec57c60f Add facter cache for container configurations 7f2e8b875 Use pipefail instead of checking PIPESTATUS 2b399078a Add scenario007-standalone environment file a23aa80c4 Add swift_config puppet-tag for swift-ringbuilder a0b9f90a2 Add a suffix for tmpwatch f99be0d82 Add bind mount for config setup 930298c1c Set scenario009 job voting to false 7dbdec29a Remove unused extraconfig scripts 2ccd77639 Remove support for Cisco UCSM plugin 7e8a2baf1 Fix default parameters in logindefs 5c5302923 Set HieradataVars as group vars instead 4a457fa52 Remove tripleo_ssh_known_hosts_use_template var 2f6f51914 Use Ansible for ssh known hosts config a6ff00885 Specify a default for container_registry_logins 6413ef838 Set nova_additional_cell as global_vars 55ad22584 Remove service_names hieradata file 4f9b32a9f Lookup pre/post deployment vars with hostvars 41d9901ef Reuse clouds_yaml.py from tripleo-common in tht 2596142ad Better debug for container-puppet tool 29aed4d33 Revert "Also set nova::network::neutron::dhcp_domain" 6e07f2a76 Convert the heat json format to a py dict 0aa06134c Use template for NetworkConfig script c5ba2cec8 Use Ansible for {{role}} and host_extraconfig hieradata 27e7005ad Use Ansible for net_ip_map hieradata b1fda5e8b Fix container-puppet tool standalone for podman 47d1430da Upgrade fixes for RabbitMQ and Pacemaker b81bec56f Allow logrotate to access container_file_t files 81e936db4 Update octavia to new tripleo-ansible PATH b8a9fbc0e Remove pre_deploy/rhel-registration d48d1bdb3 Support TLS deployments with KernelDisableIPv6 enabled c36433e34 Run NetworkConfig only if configuration script exists dfa594a6a Mount /var/run rw 2074b356f Add new parameter NovaSchedulerLimitTenantsToPlacementAggregate e677aeacd Set nova::keystone auth details hiera on compute b56c521e0 Don't use the z flag in case NovaNfsEnabled is true 7a52a6986 Drop EC2MetadataIp parameter and its uses f9831d8bc Remove puppet/deploy-artifacts.yaml 41e675770 Disable Docker in default Standalone environments 39a5545c4 Change OS::Heat::*Deployments to OS::Heat:*DeploymentGroup 58bf8a207 swift: ensure we get rsyslog state "--check" mode d665a2bb0 Remove the tripleo.plan_management.v1.publish_ui_logs_to_swift cron trigger 6ce5989e4 Increase the default memlock to 64MiB via ``DockerNovaComputeUlimit``. 84b78e8dd Convert heat template to use aide role 67d5ca353 Fix scenario012-standalone ironic job 65d7e55f5 Make nova ephemeral storage backend configurable per-role 5ba1fd2bc Revert "Revert "Remove os-collect-config related poperties and attributes"" f8779e502 Move nova cell v2 discovery to deploy_steps_tasks 059792eae Remove environments to enable/disable config-download 578bcb2ff Per-Role krb-service-principal for CompactServices f5295ed3a Fix nova compute container depends_on to be list b5a2a61df Revert "Remove os-collect-config related poperties and attributes" 8775e2d5a Fix ovn dbs control port 8ef4f3cac Add ContainerNovaLibvirtUlimit to tweak Ulimits a6fef3aad Adds constraint: OctaviaServerCertsKeyPassphrase must be 32 chars long 47f3af726 Prepare for Ceph by including Ansible roles 02fe40cd8 Run NetworkConfig if never run previously a76610657 Use Ansible for vip_data hieradata 4c34147cc Use Ansible for all_nodes hieradata f44f33939 Use Ansible for bootstrap_node hieradata 8860eee23 Add missing tag 'role_specific' for NovaPciPassthrough parameter 2d4430bd7 Avoid checking rc if we're in dry-run mode b2cc5f2a8 Convert heat template to use tuned role e4c4fcb2a Enable kill script for Neutron agents 537822d47 Add /run/libvirt to nova_migration_target container 634be405d Prefer CephPoolDefaultPgNum over counterintuitive Manila specific params dae0a89a8 Use per-subnet DNS nameservers for ctlplane 8d85e61c3 Replace git.openstack.org URLs with opendev.org URLs ea37ee663 Add container engine authentication support a89d46e03 Allow ssh from all ctlplane network subnets 906d03ea1 Configure the Multipathd service b17266199 Make Multipathd an optional service 90d05216b Replace /var/log/containers/swift symlink with directories 93c8eedae Remove faulty placement::config leftovers 56a35beb5 Idempotency for system_upgrade_prepare 2ca7c5503 Allow skipping RHSM with Leapp 55e1eac89 Podman 1.4.1 drops json-file in favor of k8s-file eeb0d5495 Add UndercloudMinion environments 8fac4c433 ceilometer_agent_notification: disable-panko.yaml e115e14e5 Use Ansible to configure the Hiera config cb767a97b Use Ansible for {{server_resource_name}}Deployment d3a9614d8 Don't create symlink for swift container logs 0d9efc378 Remove deprecated config-download-environment.yaml 45fa04594 Skip standalone deploys if tox jobs fail ea24b7820 Remove duplicated parameters about nova db archive 063b34ce4 Remove duplicated cinder::cron::db_purge::destination 92a0b41f3 Resolve symlinks when copying undercloud.conf to container. 5f9c0d667 Add DockerNovaComputeUlimit to nova_cell_v2_discover_hosts 7ac8cf9c2 Make comparisons case insensitive 3791bf36c Fix Ceph RGW listener port configuration b6c88a99a Remove duplicate mount destinations in containers 1a12568b7 Fix ipaclient script 6baf5326b Upgrade playbook fixes for OS upgrade cb8caaae4 Setup cluster definition based on the ansible limit option. 99b63d780 [AZs] Better detect OVN in NeutronMechanismDrivers 17e16e510 Interface for Ansible Host variables 825b30eb2 Add new parameter NovaLiveMigrationWaitForVIFPlug 79d9113e5 Use ansible for HostsConfig 0d67ecaf7 Disable iscsi.service to avoid iscsid on host from getting started 37a6aa859 Enable Request Filter for Image Types b31b7fd4e Use ansible for ArtifactsConfig 0cd9b7254 Use ansible for NetworkConfig ec68f1740 Use ansible for AllNodesValidationConfig ed5c2ad70 Fix bare reference of cinder_enable_iscsi_backend 002fcaad1 Fix NovaNfs role parameters 06d6fb3bd Remove extraneous references to RpcXXX parameters b8a8dda5b Remove duplicate key in UndercloudExtraConfig caf690f76 Remove scenario008 jobs 564d89b2f Fix network rename + service_net_map_replace 6947d0842 Add higher retry/delay defaults to check the quorum status. ce1da1f6c Remove deprecated NFV environment files 12aaf4b54 Also set nova::network::neutron::dhcp_domain 4373d6461 Temporarily add .yaml extension for all-nodes-deployment-hieradata.j2 d87c49f4d Add HostnameNetworkConfigMap output 203418529 Replace hardcoded gather_facts:no with variable ccabc8f8e Fix log owner on computes during overcloud deploy runs 2bd0012a6 Fix RedisVirtualIP when overrdiing InternalApi name_lower 20f34fc55 Rework neutron AZ configs considering OVN 89e9fe53b Remove os-collect-config related poperties and attributes 12c0f3a16 Remove get-occ-config.sh script for deployed server 3f0c2ceb0 Remove os-collect-config dependency from os-net-config c8311ecc5 Remove disable-config-download-environment.yaml e2a4d90aa Set cache_backend for token caching 770b578bf Explicitly set ansible_python_interpreter in external upgrade playbook 4070b62e8 Clean docker and podman after executing an update or upgrade 1de24c496 Re-enable manila dashboard 53650f963 Put on hold the Ansible package update until is fixed df3b4b3c5 Configure insecure registries before Pacemaker-managed image pulls 66c4e2365 Add new role parameter NovaLibvirtMemStatsPeriodSeconds c53e76627 Env file to disable undercloud nova 8eaac3026 keystone: drop duplicate -DFOREGROUND d03f29e48 Add panko_api_cron container da1827f7d Add networks to Standalone role a6ba0bcf3 Cleanup deprecated nova options f86635803 Run ceph-ansible using tripleo-ansible-inventory aa305a9d7 Fix correct network for nova-vnc 8c6bec227 Change all step checks to |int a59a188a6 Force ansible serial to 1 for the Controller 6b9b80d88 Enabling Neutron Routed Provider Networks (segments) 166dd42fc Add ComputeHCIOvsDpdk role 198cfb6f8 Remove deployed-server bootstrap resource a01c8703f Remove reference to removed OctaviaEventStreamerDriver param 7b3d8f786 Change package installs for Stein and OS upgrade 7c379543c Enable Ceph RGW 'account in url' option fda0f4284 Fix disappearing Puppet logs 3db1b7415 Increase neutron VNI Ranges for ML2/OVS deployments d6eb263d5 Add df plugin and make description consistent 90ecca6f6 DVR neutron template should enable ARP responder a68151d02 Convert Docker*Image parameters fe1bdee58 Add EndpointMap to the ironic post_deploy template ff7cce93e Add creating br-ex for compute node in ovn fdb204b96 Add in-flight health validations to Ceph deployment fa1a6111e Configure the region-related settings for core components 2efcb7b4e Revert "Revert "Switch off nova metadata api on the undercloud"" 0cd87414a Convert aide puppet to ansible 36670f60c Fix cleanup to remove external resources v6 6b0d025fd Make NovaResumeGuestsStateOnHostBoot podman compatible b3b9b44da Add {{role.name}}RemovalPoliciesMode parameter 462d45b82 Cleanup keystone items 3623b96c6 Add healthcheck to ironic_pxe_http 812e08607 Configure Horizon timezone according to the host timezone 1b46f36c8 Update min tox version to 2.0 Diffstat (except docs and test files) ------------------------------------- .gitignore | 2 - README.rst | 2 +- capabilities-map.yaml | 10 - ci/common/ironic_standalone_post.yaml | 6 + ci/common/net-config-multinode-os-net-config.yaml | 5 - ci/common/net-config-multinode.yaml | 5 - ci/common/net-config-simple-bridge.yaml | 5 - ci/common/vbmc_setup.yaml | 11 +- ci/environments/multinode-3nodes.yaml | 2 + ci/environments/multinode-containers.yaml | 1 + .../nic-configs/ceph-storage.yaml | 7 - .../nic-configs/cinder-storage.yaml | 5 - .../nic-configs/compute-dvr.yaml | 7 - .../multiple-nics-ipv6/nic-configs/compute.yaml | 7 - .../multiple-nics-ipv6/nic-configs/controller.yaml | 7 - .../nic-configs/swift-storage.yaml | 5 - .../multiple-nics/nic-configs/ceph-storage.yaml | 7 - .../multiple-nics/nic-configs/cinder-storage.yaml | 5 - .../multiple-nics/nic-configs/compute-dvr.yaml | 7 - .../network/multiple-nics/nic-configs/compute.yaml | 7 - .../multiple-nics/nic-configs/controller.yaml | 8 - .../multiple-nics/nic-configs/swift-storage.yaml | 5 - .../public-bond/nic-configs/ceph-storage.yaml | 7 - .../public-bond/nic-configs/cinder-storage.yaml | 5 - .../network/public-bond/nic-configs/compute.yaml | 7 - .../public-bond/nic-configs/controller.yaml | 8 - .../public-bond/nic-configs/swift-storage.yaml | 5 - .../scenario001-multinode-containers.yaml | 5 + ci/environments/scenario001-standalone.yaml | 4 + .../scenario002-multinode-containers.yaml | 1 + .../scenario003-multinode-containers.yaml | 1 + .../scenario004-multinode-containers.yaml | 3 + ci/environments/scenario004-standalone.yaml | 3 + .../scenario007-multinode-containers.yaml | 1 + ci/environments/scenario007-standalone.yaml | 56 +++ ci/environments/scenario009-multinode.yaml | 6 +- .../scenario010-multinode-containers.yaml | 3 + ci/environments/scenario010-standalone.yaml | 2 + .../scenario012-multinode-containers.yaml | 1 + ci/environments/scenario012-standalone.yaml | 8 +- common/container-puppet.py | 64 ++- common/deploy-steps-tasks.yaml | 70 ++- common/deploy-steps.j2 | 556 ++++++++++++++++++--- .../nova_cell_v2_discover_hosts.py | 62 --- deployed-server/README.rst | 61 --- .../deployed-server-bootstrap-centos.sh | 4 + .../deployed-server-bootstrap-centos.yaml | 4 + deployed-server/deployed-server-bootstrap-rhel.sh | 4 + .../deployed-server-bootstrap-rhel.yaml | 4 + .../deployed-server-environment-output.yaml | 1 - deployed-server/deployed-server-roles-data.yaml | 4 + deployed-server/deployed-server.yaml | 5 - deployed-server/scripts/get-occ-config.sh | 164 ------ deployment/aide/aide-baremetal-ansible.yaml | 86 ++++ deployment/aodh/aodh-api-container-puppet.yaml | 8 +- deployment/aodh/aodh-base.yaml | 31 -- .../aodh/aodh-evaluator-container-puppet.yaml | 8 +- .../aodh/aodh-listener-container-puppet.yaml | 8 +- .../aodh/aodh-notifier-container-puppet.yaml | 8 +- .../barbican/barbican-api-container-puppet.yaml | 22 +- .../liquidio-compute-config-container-puppet.yaml | 8 +- .../ceilometer-agent-central-container-puppet.yaml | 8 +- .../ceilometer-agent-compute-container-puppet.yaml | 8 +- .../ceilometer-agent-ipmi-container-puppet.yaml | 8 +- ...ometer-agent-notification-container-puppet.yaml | 26 +- .../ceilometer-base-container-puppet.yaml | 22 - deployment/ceph-ansible/ceph-base.yaml | 371 +++----------- deployment/ceph-ansible/ceph-client.yaml | 2 +- deployment/ceph-ansible/ceph-external.yaml | 2 +- deployment/ceph-ansible/ceph-grafana.yaml | 125 +++++ deployment/ceph-ansible/ceph-mds.yaml | 58 ++- deployment/ceph-ansible/ceph-mgr.yaml | 30 +- deployment/ceph-ansible/ceph-mon.yaml | 18 +- deployment/ceph-ansible/ceph-nfs.yaml | 4 +- deployment/ceph-ansible/ceph-osd.yaml | 16 +- deployment/ceph-ansible/ceph-rbdmirror.yaml | 2 +- deployment/ceph-ansible/ceph-rgw.yaml | 19 +- deployment/cinder/cinder-api-container-puppet.yaml | 10 +- .../cinder/cinder-backup-container-puppet.yaml | 8 +- .../cinder/cinder-backup-pacemaker-puppet.yaml | 18 +- deployment/cinder/cinder-base.yaml | 32 -- .../cinder/cinder-common-container-puppet.yaml | 20 +- .../cinder/cinder-scheduler-container-puppet.yaml | 8 +- .../cinder/cinder-volume-container-puppet.yaml | 8 +- .../cinder/cinder-volume-pacemaker-puppet.yaml | 18 +- deployment/database/mysql-container-puppet.yaml | 10 +- deployment/database/mysql-pacemaker-puppet.yaml | 86 +++- deployment/database/redis-container-puppet.yaml | 8 +- deployment/database/redis-pacemaker-puppet.yaml | 62 ++- .../aide/aide-baremetal-puppet.yaml | 0 .../docker/docker-baremetal-ansible.yaml | 71 +++ .../logging/fluentd-container-puppet.yaml | 8 +- .../monitoring/sensu-client-container-puppet.yaml | 8 +- .../nova/nova-consoleauth-container-puppet.yaml | 10 +- .../opendaylight-api-container-puppet.yaml | 8 +- .../panko/panko-api-container-puppet.yaml | 36 +- deployment/ec2/ec2-api-container-puppet.yaml | 12 +- deployment/etcd/etcd-container-puppet.yaml | 8 +- .../designate/designate-api-container-puppet.yaml | 8 +- .../designate-central-container-puppet.yaml | 8 +- .../designate/designate-mdns-container-puppet.yaml | 8 +- .../designate-producer-container-puppet.yaml | 8 +- .../designate/designate-sink-container-puppet.yaml | 8 +- .../designate-worker-container-puppet.yaml | 14 +- deployment/glance/glance-api-container-puppet.yaml | 76 ++- .../glance/glance-api-logging-file-container.yaml | 4 +- .../gnocchi/gnocchi-api-container-puppet.yaml | 8 +- .../gnocchi/gnocchi-metricd-container-puppet.yaml | 8 +- .../gnocchi/gnocchi-statsd-container-puppet.yaml | 8 +- deployment/haproxy/haproxy-container-puppet.yaml | 8 +- deployment/haproxy/haproxy-pacemaker-puppet.yaml | 63 ++- deployment/heat/heat-api-cfn-container-puppet.yaml | 8 +- deployment/heat/heat-api-container-puppet.yaml | 10 +- deployment/heat/heat-base-puppet.yaml | 37 +- deployment/heat/heat-engine-container-puppet.yaml | 8 +- deployment/horizon/horizon-container-puppet.yaml | 15 +- .../ipa/ipaclient-baremetal-ansible.yaml | 4 + .../ipsec/ipsec-baremetal-ansible.yaml | 6 +- deployment/ironic/ironic-api-container-puppet.yaml | 8 +- deployment/ironic/ironic-base-puppet.yaml | 31 -- .../ironic/ironic-conductor-container-puppet.yaml | 8 +- .../ironic/ironic-inspector-container-puppet.yaml | 8 +- .../ironic-neutron-agent-container-puppet.yaml | 8 +- deployment/ironic/ironic-pxe-container-puppet.yaml | 11 +- deployment/iscsid/iscsid-container-puppet.yaml | 17 +- .../keepalived/keepalived-container-puppet.yaml | 8 +- deployment/kernel/kernel-baremetal-puppet.yaml | 8 + deployment/keystone/keystone-container-puppet.yaml | 44 +- .../kubernetes-master-baremetal-ansible.yaml | 0 .../kubernetes-worker-baremetal-ansible.yaml | 0 deployment/logging/files/barbican-api.yaml | 4 +- deployment/logging/files/heat-engine.yaml | 4 +- deployment/logging/files/keystone.yaml | 4 +- deployment/logging/files/neutron-api.yaml | 4 +- deployment/logging/files/nova-api.yaml | 4 +- deployment/logging/files/nova-common.yaml | 4 +- deployment/logging/files/nova-metadata.yaml | 4 +- deployment/logging/files/panko-api.yaml | 4 +- deployment/logging/files/placement-api.yaml | 4 +- .../logging/rsyslog-sidecar-container-puppet.yaml | 4 +- deployment/logging/stdout/barbican-api.yaml | 8 +- deployment/logging/stdout/haproxy.yaml | 4 +- deployment/logging/stdout/heat-api-cfn.yaml | 8 +- deployment/logging/stdout/heat-api.yaml | 8 +- deployment/logging/stdout/keystone.yaml | 8 +- deployment/logging/stdout/nova-api.yaml | 8 +- deployment/logging/stdout/nova-common.yaml | 2 +- deployment/logging/stdout/nova-metadata.yaml | 8 +- deployment/logging/stdout/panko-api.yaml | 8 +- deployment/logging/stdout/placement-api.yaml | 8 +- .../login-defs/login-defs-baremetal-puppet.yaml | 10 +- .../logrotate-crond-container-puppet.yaml | 18 +- deployment/manila/manila-api-container-puppet.yaml | 8 +- deployment/manila/manila-base.yaml | 31 -- .../manila/manila-scheduler-container-puppet.yaml | 8 +- .../manila/manila-share-container-puppet.yaml | 8 +- .../manila/manila-share-pacemaker-puppet.yaml | 18 +- .../memcached/memcached-container-puppet.yaml | 8 +- .../messaging/rpc-qdrouterd-container-puppet.yaml | 8 +- deployment/metrics/collectd-container-puppet.yaml | 11 +- deployment/metrics/qdr-container-puppet.yaml | 8 +- .../mistral/mistral-api-container-puppet.yaml | 8 +- deployment/mistral/mistral-base.yaml | 31 -- .../mistral/mistral-engine-container-puppet.yaml | 8 +- .../mistral-event-engine-container-puppet.yaml | 8 +- .../mistral/mistral-executor-container-puppet.yaml | 9 +- deployment/multipathd/multipathd-container.yaml | 72 ++- deployment/neutron/kill-script | 71 +++ .../neutron/neutron-api-container-puppet.yaml | 55 +- deployment/neutron/neutron-az-config.yaml | 121 ----- deployment/neutron/neutron-base.yaml | 33 +- .../neutron-bgpvpn-api-container-puppet.yaml | 4 +- .../neutron/neutron-compute-plugin-midonet.yaml | 41 -- .../neutron/neutron-dhcp-container-puppet.yaml | 67 ++- .../neutron/neutron-l2gw-api-container-puppet.yaml | 4 +- .../neutron/neutron-l3-container-puppet.yaml | 75 ++- .../neutron/neutron-metadata-container-puppet.yaml | 8 +- .../neutron/neutron-midonet-baremetal-puppet.yaml | 74 --- .../neutron-ovs-agent-container-puppet.yaml | 11 +- .../neutron-ovs-dpdk-agent-container-puppet.yaml | 4 +- ...eutron-plugin-ml2-ansible-container-puppet.yaml | 4 +- ...tron-plugin-ml2-cisco-vts-container-puppet.yaml | 4 +- .../neutron-plugin-ml2-container-puppet.yaml | 4 +- ...lugin-ml2-mlnx-sdn-assist-container-puppet.yaml | 4 +- .../neutron-plugin-nsx-container-puppet.yaml | 4 +- .../neutron/neutron-sfc-api-container-puppet.yaml | 4 +- .../neutron-sriov-agent-container-puppet.yaml | 8 +- deployment/nova/nova-api-container-puppet.yaml | 47 +- deployment/nova/nova-base-puppet.yaml | 34 +- .../nova/nova-compute-common-container-puppet.yaml | 38 +- deployment/nova/nova-compute-container-puppet.yaml | 194 +++++-- .../nova/nova-conductor-container-puppet.yaml | 10 +- deployment/nova/nova-ironic-container-puppet.yaml | 69 ++- deployment/nova/nova-libvirt-container-puppet.yaml | 77 ++- .../nova/nova-metadata-container-puppet.yaml | 28 +- .../nova-migration-target-container-puppet.yaml | 31 +- .../nova/nova-scheduler-container-puppet.yaml | 25 +- .../nova/nova-vnc-proxy-container-puppet.yaml | 16 +- deployment/nova/novajoin-container-puppet.yaml | 12 +- .../octavia/octavia-api-container-puppet.yaml | 10 +- deployment/octavia/octavia-base.yaml | 35 +- .../octavia/octavia-deployment-config.j2.yaml | 12 +- .../octavia-health-manager-container-puppet.yaml | 9 +- .../octavia-housekeeping-container-puppet.yaml | 8 +- .../octavia/octavia-worker-container-puppet.yaml | 8 +- .../openshift/openshift-cns-baremetal-ansible.yaml | 14 +- .../openshift-infra-baremetal-ansible.yaml | 0 .../openshift-master-baremetal-ansible.yaml | 82 +-- .../openshift-node-baremetal-ansible.yaml | 4 +- .../openshift-worker-baremetal-ansible.yaml | 0 .../ovn/ovn-controller-container-puppet.yaml | 8 +- deployment/ovn/ovn-dbs-container-puppet.yaml | 12 +- deployment/ovn/ovn-dbs-pacemaker-puppet.yaml | 25 +- deployment/ovn/ovn-metadata-container-puppet.yaml | 38 +- .../pacemaker/clustercheck-container-puppet.yaml | 8 +- .../pacemaker/pacemaker-baremetal-puppet.yaml | 109 +++- .../placement/placement-api-container-puppet.yaml | 13 +- deployment/podman/podman-baremetal-ansible.yaml | 83 ++- deployment/qdr/qdrouterd-container-puppet.yaml | 8 +- deployment/rabbitmq/rabbitmq-container-puppet.yaml | 8 +- ...rabbitmq-messaging-notify-container-puppet.yaml | 8 +- ...rabbitmq-messaging-notify-pacemaker-puppet.yaml | 74 ++- .../rabbitmq-messaging-pacemaker-puppet.yaml | 59 ++- .../rabbitmq-messaging-rpc-container-puppet.yaml | 8 +- .../rabbitmq-messaging-rpc-pacemaker-puppet.yaml | 73 ++- .../rhsm/rhsm-baremetal-ansible.yaml | 0 deployment/sahara/sahara-api-container-puppet.yaml | 8 +- deployment/sahara/sahara-base.yaml | 33 +- .../sahara/sahara-engine-container-puppet.yaml | 8 +- .../skydive/skydive-agent-baremetal-ansible.yaml | 0 .../skydive-analyzer-baremetal-ansible.yaml | 10 +- deployment/swift/swift-proxy-container-puppet.yaml | 60 +-- .../swift/swift-ringbuilder-container-puppet.yaml | 6 +- .../swift/swift-storage-container-puppet.yaml | 62 ++- deployment/tacker/tacker-container-puppet.yaml | 39 +- deployment/time/timezone-baremetal-ansible.yaml | 6 +- .../tripleo-firewall-baremetal-puppet.yaml | 13 +- .../tripleo-packages-baremetal-puppet.yaml | 60 ++- deployment/tuned/tuned-baremetal-ansible.yaml | 54 +- deployment/undercloud/minion-rabbitmq-puppet.yaml | 85 ++++ .../undercloud/tempest-container-puppet.yaml | 6 +- deployment/undercloud/undercloud-upgrade.yaml | 10 +- deployment/zaqar/zaqar-container-puppet.yaml | 8 +- .../ceph-ansible/ceph-ansible-per-role.yaml | 18 + environments/ceph-ansible/ceph-dashboard.yaml | 5 + environments/config-download-environment.yaml | 14 - ...ployed-server-bootstrap-environment-centos.yaml | 4 + ...deployed-server-bootstrap-environment-rhel.yaml | 4 + environments/deployed-server-environment.j2.yaml | 3 + .../disable-config-download-environment.yaml | 6 - environments/docker-uc-light.yaml | 2 +- environments/hyperconverged-ceph.yaml | 1 + environments/ipsec.yaml | 2 +- environments/kubernetes.yaml | 4 +- environments/lifecycle/upgrade-prepare.yaml | 5 - environments/manila-cephfsganesha-config.yaml | 10 +- environments/metrics/collectd-standalone.yaml | 6 +- environments/multipathd.yaml | 5 + environments/networking/neutron-midonet.yaml | 66 --- environments/neutron-az-config.yaml | 2 - environments/neutron-midonet.yaml | 28 -- environments/neutron-ml2-cisco-nexus-ucsm.yaml | 23 - environments/neutron-ovs-dpdk.yaml | 43 -- environments/neutron-ovs-dvr.yaml | 5 +- environments/neutron-sriov.yaml | 13 - environments/openshift-cns.yaml | 2 +- environments/openshift.yaml | 6 +- environments/ovs-dpdk-permissions.yaml | 20 - environments/rhsm.yaml | 2 +- .../services-baremetal/neutron-ml2-cisco-vts.yaml | 4 +- .../neutron-opendaylight-dpdk.yaml | 37 -- .../services-baremetal/neutron-ovn-dvr-ha.yaml | 2 +- .../services-baremetal/neutron-ovn-ha.yaml | 2 +- .../services-baremetal/neutron-ovs-dpdk.yaml | 11 - environments/services/heat-engine.yaml | 2 + environments/services/ironic-conductor.yaml | 2 + environments/services/neutron-ml2-cisco-vts.yaml | 4 +- environments/services/neutron-ovn-dvr-ha.yaml | 2 +- environments/services/neutron-ovn-ha.yaml | 2 +- environments/services/neutron-ovn-standalone.yaml | 2 +- environments/services/neutron-ovs-dvr.yaml | 4 +- environments/services/neutron-ovs.yaml | 4 +- environments/services/skydive-environment.yaml | 4 +- environments/ssl/enable-internal-tls.j2.yaml | 2 +- environments/standalone/standalone-tripleo.yaml | 6 +- environments/undercloud-disable-nova.yaml | 10 + environments/undercloud.yaml | 7 +- environments/undercloud/undercloud-minion.yaml | 253 ++++++++++ extraconfig/all_nodes/mac_hostname.j2.yaml | 77 --- extraconfig/all_nodes/random_string.j2.yaml | 51 -- .../krb-service-principals/role.role.j2.yaml | 17 +- extraconfig/post_deploy/clouds_yaml.py | 136 ++--- extraconfig/post_deploy/example.yaml | 2 +- extraconfig/post_deploy/example_run_on_update.yaml | 2 +- extraconfig/post_deploy/standalone_post.yaml | 4 +- .../post_deploy/undercloud_ctlplane_network.py | 24 +- extraconfig/post_deploy/undercloud_post.py | 9 - extraconfig/post_deploy/undercloud_post.yaml | 9 +- .../environment-rhel-registration.yaml | 27 - .../rhel-registration-resource-registry.yaml | 2 - .../rhel-registration/rhel-registration.yaml | 216 -------- .../rhel-registration/scripts/rhel-registration | 308 ------------ .../rhel-registration/scripts/rhel-unregistration | 21 - extraconfig/pre_network/boot-params-service.yaml | 2 +- extraconfig/pre_network/config_then_reboot.yaml | 77 --- extraconfig/services/README.rst | 6 - extraconfig/tasks/run_puppet.sh | 31 -- extraconfig/tasks/ssh/host_public_key.yaml | 56 --- extraconfig/tasks/ssh/known_hosts_config.yaml | 42 -- net-config-bond.j2.yaml | 5 - net-config-bridge.j2.yaml | 5 - net-config-linux-bridge.j2.yaml | 11 +- net-config-noop.j2.yaml | 5 - net-config-standalone.j2.yaml | 5 - ...config-static-bridge-with-external-dhcp.j2.yaml | 9 +- net-config-static-bridge.j2.yaml | 9 +- net-config-static.j2.yaml | 9 +- net-config-undercloud.j2.yaml | 5 - .../config/2-linux-bonds-vlans/role.role.j2.yaml | 10 +- .../bond-with-vlans/controller-no-external.j2.yaml | 10 +- .../config/bond-with-vlans/controller-v6.j2.yaml | 10 +- network/config/bond-with-vlans/role.role.j2.yaml | 10 +- network/config/multiple-nics/compute-dvr.j2.yaml | 11 +- network/config/multiple-nics/controller-v6.j2.yaml | 12 +- network/config/multiple-nics/role.role.j2.yaml | 13 +- .../controller-v6.j2.yaml | 11 +- .../role.role.j2.yaml | 11 +- .../controller-no-external.j2.yaml | 11 +- .../config/single-nic-vlans/controller-v6.j2.yaml | 11 +- network/config/single-nic-vlans/role.role.j2.yaml | 11 +- network/endpoints/endpoint_data.yaml | 6 +- network/endpoints/endpoint_map.yaml | 147 +++--- network/ports/net_ip_list_map.j2.yaml | 114 ----- network/ports/noop.yaml | 3 + network/ports/port.j2 | 6 +- network/scripts/run-os-net-config.sh | 61 +-- network/service_net_map.j2.yaml | 2 +- overcloud-resource-registry-puppet.j2.yaml | 17 +- overcloud.j2.yaml | 303 +++++------ puppet/all-nodes-config.j2.yaml | 262 ---------- puppet/deploy-artifacts.yaml | 32 -- .../all_nodes/neutron-midonet-all-nodes.yaml | 105 ---- .../all_nodes/neutron-ml2-cisco-nexus-ucsm.j2.yaml | 284 ----------- puppet/role.role.j2.yaml | 253 ++++------ releasenotes/notes/6.0.0-b52a14a71fc62788.yaml | 2 +- ...-container-registry-login-08d6a87586c84a99.yaml | 10 + ...add-removal-policies-mode-6869362fbeed2cd2.yaml | 6 + ...remetal-puppet-deprecated-25388c875e1d9884.yaml | 5 + ...alApi-name-lower-override-7ea2635877b753c7.yaml | 8 + ...hboard_composable_service-f72dc4b1cd007734.yaml | 9 + .../configure-multipathd-d3fb4683b9ffbb4b.yaml | 6 + .../create-br-ex-for-compute-b967312323d45d9b.yaml | 9 + .../extraconfig_services-18ca28841974b8dd.yaml | 5 + .../fix-odl-karaf-logging-eca10973e57caa3a.yaml | 2 +- ...tr-replace-hostname-issue-393fb6954f12f7e6.yaml | 2 +- .../gather-facts-variable-d7f1d74d1dc68ee9.yaml | 4 + ...rver_certs_key_passphrase-908471f31d09f088.yaml | 5 + ...gration_wait_for_vif_plug-6d16da261a138fb8.yaml | 9 + .../notes/midonet_removal-9b91c6bb610b139e.yaml | 5 + ...arams_to_configure_ulimit-82057bf64d7173a8.yaml | 5 + ...neutron-az-config-service-3085b2c296df06c9.yaml | 32 +- .../neutron-kill-script-4d8b6a0130f6fcdd.yaml | 6 + ...-routed-provider-networks-2af1220125612d6f.yaml | 8 + .../nova-memlock-increase-066ed22764ed3ce1.yaml | 9 + ...mpute_fix_log_permissions-e866f91848d647fb.yaml | 9 + ..._mem_stats_period_seconds-b9b606232629cb38.yaml | 8 + .../notes/nova_metadata_wsgi-bfb240bc84194d05.yaml | 2 +- ...ion_target_libvirt_socket-585fa579e5b2704d.yaml | 9 + ...xternal_post_deploy_tasks-e978560ee59b8b56.yaml | 12 + .../nova_nfs_enabled_podman-a92ea12cd4cd92c8.yaml | 8 + .../nova_qemu_enable_config-c89016b4d93802d6.yaml | 2 +- ...ts_to_placement_aggregate-9889b0a73dd1d042.yaml | 9 + ...a_templated_cells_db_urls-2eb151090c49c51d.yaml | 2 +- ...lated_cells_transport_url-275f0b707d9227ab.yaml | 2 +- ...nova_api_db_for_placement-eea44dd48c768f04.yaml | 2 +- ..._placement_for_image_type-0bfbef90bb8c3871.yaml | 9 + ...server-bootstrap-resource-7de0596b90f1b15a.yaml | 8 + ...nfig-download-environment-04f61210d0a304a1.yaml | 8 + ...ove-ec2metadata-parameter-36e75f70d2322e55.yaml | 6 + ...fig-download-deprecations-a40fb47c0c0a49f1.yaml | 6 + ...emove_deprecated_nfv_envs-30f6b3552d34d489.yaml | 10 + .../notes/rhel-registration-2752c4e0a14cec98.yaml | 6 + .../notes/ucsm_removal-929fe9971ed4acc8.yaml | 5 + .../notes/update_serial-785ff794ff88fb2e.yaml | 9 + roles/BlockStorage.yaml | 2 + roles/CellController.yaml | 1 + roles/CephAll.yaml | 3 + roles/CephFile.yaml | 2 + roles/CephObject.yaml | 2 + roles/CephStorage.yaml | 2 + roles/Compute.yaml | 5 + roles/ComputeAlt.yaml | 1 + roles/ComputeDVR.yaml | 4 + roles/ComputeHCI.yaml | 3 + roles/ComputeHCIOvsDpdk.yaml | 68 +++ roles/ComputeInstanceHA.yaml | 2 + roles/ComputeLiquidio.yaml | 2 + roles/ComputeLocalEphemeral.yaml | 71 +++ roles/ComputeOvsDpdk.yaml | 2 + roles/ComputeOvsDpdkRT.yaml | 3 + roles/ComputeOvsDpdkSriov.yaml | 2 + roles/ComputeOvsDpdkSriovRT.yaml | 3 + roles/ComputePPC64LE.yaml | 2 + roles/ComputeRBDEphemeral.yaml | 71 +++ roles/ComputeRealTime.yaml | 3 + roles/ComputeSriov.yaml | 2 + roles/ComputeSriovRT.yaml | 3 + roles/Controller.yaml | 3 + roles/ControllerAllNovaStandalone.yaml | 2 + roles/ControllerNoCeph.yaml | 2 + roles/ControllerNovaStandalone.yaml | 2 + roles/ControllerOpenstack.yaml | 3 + roles/ControllerStorageNfs.yaml | 2 + roles/Database.yaml | 1 + roles/DistributedCompute.yaml | 2 + roles/DistributedComputeHCI.yaml | 3 + roles/HciCephAll.yaml | 6 +- roles/HciCephFile.yaml | 3 + roles/HciCephMon.yaml | 3 + roles/HciCephObject.yaml | 3 + roles/IronicConductor.yaml | 1 + roles/Messaging.yaml | 1 + roles/Networker.yaml | 3 + roles/Novacontrol.yaml | 1 + roles/ObjectStorage.yaml | 2 + roles/OpenShiftAllInOne.yaml | 1 + roles/OpenShiftInfra.yaml | 1 + roles/OpenShiftMaster.yaml | 1 + roles/OpenShiftWorker.yaml | 1 + roles/README.rst | 3 + roles/Standalone.yaml | 13 + roles/Telemetry.yaml | 1 + roles/Undercloud.yaml | 2 +- roles/UndercloudMinion.yaml | 30 ++ roles_data.yaml | 14 + roles_data_undercloud.yaml | 2 +- sample-env-generator/networking.yaml | 32 -- sample-env-generator/ssl.yaml | 4 +- sample-env-generator/standalone.yaml | 5 +- sample-env-generator/undercloud-minion.yaml | 272 ++++++++++ .../instanceha => scripts}/check-run-nova-compute | 2 +- scripts/hosts-config.sh | 2 +- setup.cfg | 2 +- tools/process-templates.py | 4 + tools/yaml-validate.py | 48 +- tox.ini | 2 +- validation-scripts/all-nodes.sh | 12 +- zuul.d/layout.yaml | 38 +- 448 files changed, 5074 insertions(+), 5383 deletions(-)