We are excited to announce the release of: . 10.5.0: Heat templates for deploying OpenStack with OpenStack. This release is part of the stein release series. The source is available from: https://opendev.org/openstack/. Download the package from: https://tarballs.openstack.org/tripleo-heat-templates/ For more details, please see below. 10.5.0 ^^^^^^ New Features ************ * Added the configuration option to disable Exact Match Cache (EMC) * A new parameter, CinderEtcdLocalConnect, is available for the CinderVolume service. When deploying the service A/A, the parameter can be set to true which willconfigure cinder-volume to connect to Etcd locally through the node's own IP instead of going through a VIP. * The Etcd service is added to the DistributedCompute and DistributedComputeHCI roles for Active/Active management of the CinderVolume service. * Added ability to rewrap project KEKs (key encryption keys) when doing an upgrade. This allows deployers to rewrap KEKs whenever they rotate the master KEK and HMAC keys when using the PKCS#11 plugin behind Barbican. * Also added some needed ordering for master key creation, sync and update when using a Thales HSM behind Barbican. * Podman is now the default ContainerCli unless you deploy Pacemaker. then you must run Docker when deploying on CentOS7. * A new option "host_routes" are now available for subnet defenitions in "undercloud.conf". * Host routes specified for the *local_subnet* will be added to the routing table on the Undercloud. * Host routes for *all* subnets are passed to tripleo-heat- templates so that the *host_routes* property of the ctlplane subnets are set accordingly when installing the Undercloud. * ContainerHealthcheckDisabled is a new parameter which allows to disable the container healthcheck management in Paunch. * Adds the ability to set "external_resource_network_id" for the network, "external_resource_vip_id" for the network VIP, "external_resource_subnet_id" for the subnet(s), and "external_resource_segment_id" for the segment(s) to network_data.yaml. When setting these properties, the external_id attribute will be set on the corresponding Heat resources. This causes Heat to not re-create these resources and instead adopt them from outside the stack. * A new service, OS::TripleO::Services::NovaAZConfig, is available which can be used to create a host aggregate and availabiity zone in Nova during the deployment. Compute nodes in the deployment will also be added to the zone. The zone name is set with the parameter value NovaComputeAvailabilityZone. If let unset, it will default to the root stack name. By default the service is mapped to None, but can be enabled by including environments/nova-az-config.yaml. * The parameter "NovaRbdPoolName" is changed to be role specific. This requires the usage of host aggregates as otherwise it will break live migration of instances as we can not do this with different storage backends. * New parameter "NovaNfsVersion" allow configuring the NFS version used for nova storage (when NovaNfsEnabled is true). Since NFSv3 does not support full locking a NFSv4 version need to be used. To not break current installations the default is the previous hard coded version 4. * By adding parameter *OctaviaAmphoraImageFormat*, it adds flexibility to select amphora image format without forcing to use of the *NovaEnableRbdBackend* parameter. * When deploying with internal TLS, the Octavia API now runs as an Apache WSGI application improving support for IPv6 and performance. * Using Ansible timezone module to manage the system timezone for the deployed systems. * The *get_attr* function is now used to read the "gateway_ip" of a ports subnet. The gateway_ip value is passed to nic config templates using the "%network%InterfaceDefaultRoute" parameter. (This parameter is only used if the network is present in the roles "default_route_networks".) Using *get_attr* ensures that the correct gateway ip address is used when networks have multiple subnets. Upgrade Notes ************* * Removes UpgradeRemoveUnusedPackages parameter and some service upgrade_tasks that use this parameter to remove any unused packages. * When deploying with internal TLS, previous versions configured a separate TLS proxy to provide a secure access point for the Octavia API. This is now implemented by running the Octavia API as an Apache WSGI application and the Octavia TLS Proxy will be removed during updates and upgrades. Deprecation Notes ***************** * The nova-placement service is deprecated in Stein and will be replaced in Train by an extracted Placement API service. * As of Rocky [1], the nova-consoleauth service has been deprecated and cell databases are used for storing token authorizations. All new consoles will be supported by the database backend and existing consoles will be reset. Console proxies must be run per cell because the new console token authorizations are stored in cell databases. Lets deprecate it also in tripleo so that it can be removed in a later release. [1] https://docs.openstack.org/releasenotes/nova/rocky.html * Managing timezone via puppet is now deprecated. Bug Fixes ********* * Fixes an issue that caused a subnet to be wrongly created on the Undercloud provisioning network based on environment default values. If the default "ctlplane-subnet" was renamed in "undercloud.conf", the defaults for "ctlplane-subnet" in "environments/undercloud.yaml" was merged with the subnets defined in "undercloud.conf". See bug 1820330 (https://bugs.launchpad.net/tripleo/+bug/1820330). * ServiceNetMap now handles any network name when computing the default network for each service in ServiceNetMapDefaults. * Allow to configure Mistral parameters for Heartbeat and set sane defaults for the Undercloud so we can deploy an Overcloud in Stein. Fixes bug 1821611. * With large number of OSDs, where each OSD need a connection, the default nofile (1024) of nova_compute is too small. This changes the default DockerNovaComputeUlimit to 131072 what is the same for cinder. * With cellsv2 multicell in each cell there needs to be a novnc proxy as the console token is stored in the cell conductor database. This change adds the NovaVncProxy service to the CellController role and configures the endpoint to the local public address of the cell. * If nova-manage command was triggered on a host for the first time as root (usually manual runs) the nova-manage.log gets created as root user. On overcloud deploy runs the nova-manage command is run as nova user. In such situation the overcloud deploy fails as the nova user can not write to the nova-manage.log. With this change we run the chown of the logs files on every overcloud deploy to fix the nova-manage.log file permissions. Other Notes *********** * Congress was removed, as it seems nobody used it. Therefore, we don't need to keep supporting it. Changes in . 10.4.0..10.5.0 --------------------------- da5b57c7b Handle any network name in ServiceNetMap e701077c9 Add CinderEtcdLocalConnect parameter 00f35055d Add Etcd to DistributedCompute roles 0df81abe8 Add OS::TripleO::NovaAZConfig 0da9644b0 Fix the bond-with-vlans NIC config DPDK route indentation ed51c04bf Fix typo in 2-linux-bonds-vlans NIC config templates cb9497d76 Correct error catching while in "--check" mode 8043b1c6d Modifying the ovs-hw-offlaod file to adapt new changes 1efe2a018 Fixed wrong cinder store user name 23352806b Fix OVN yaql KeyError: type error 00842cf23 Update/combine docker/services/README.rst a52498ab4 Move containers-common.yaml into deployment 3514952b8 move logging into deployment 170cd2be9 Allow to disable Container Healthchecks 983d17e02 Increase DockerNovaComputeUlimit default value b4454024f Move warn clause as a shell task option. e4901745e Allow NovaRbdPoolName to be role specific 00b56e07b Set Standalone's br-ctlplane MTU e096a93e6 Do not set the cell endpoints for regular split-controlplane child stacks 551e35591 flatten the neutron-plugin-mlnx-sdn service 34a932c9c Ensure lvm2 is installed prior to lvm commands 80f0176f6 Bind mount undercloud.conf with ,z in mistral_executor 30cfaccb4 flatten the ovn service configurations b01a57491 Set ulimit 16384 for Neutron SR-IOV container b3bf680fb Ensure non-pacemaker versions for undercloud 031f5fb61 Do not archive ceph-ansible fetch directory if it is empty 56a51647c Add {{network.name}}NetworkVlanID to THT/net-config-* 5d3fe630d Increase default ulimit values for Neutron agents containers f4460a580 Run octavia-api under httpd 7bf040e8f Fix minor typos d8c605775 Make Ceph RGW accept ResellerAdmin role for administration 9a36edb32 Ensure we get rsyslog state, even in "--check" mode a18a556d7 MetricsQdr: Add InternalTLS support 4bf9687d9 Stop writing /var/lib/container-startup-configs.json e345b3c23 Run octavia external tasks with elevated permissions b4e4878b8 Deprecate nova-consoleauth service d80a956d7 Fix usage of satellite in organization mode d4ea8e686 Add parameter ContainerImageRegistryCredentials 268aad225 Run nova_api unprivileged b98519d09 Drop docker/docker-toool b993163ff deployed-server: start and enable network service d5ecc1f65 Make krb-service-principal metadata per-Role e8f3436b6 Update to the ceilometer publisher list ceb005b07 Fix RabbitMQ locale for CentOS 7 (t-h-t part) fa37170f8 Add systemd dependency to openvswitch to neutron agents c61c052fd Use tripleo-admin as octavia groups_vars owner 066fd3a36 Fix CI ipv6 NIC config default route 59c5e23c5 Jinja automation for %network%NetworkVlanId 12637c5ac remove dep job in gate 5e5c5cdd7 Backup /etc/os-net-config/config.json when os-net-config runs bc9b922dd Force C.UTF-8 when dealing with rabbitmq ffa6810e4 Add novnc proxy to cellsv2 multicell controller e645d2e75 Fix comments in environments/net-* network configuration envs 4d4232384 Add ci/common as trigger to scenarios multinode 423ecead8 Disable a directory listing of /icons in httpd. 5f8e1fd33 Add GnocchiStorageS3BucketPrefix into deployment 26e369e0b turn voting/gating on scen009 master 26cd9f943 Fix conditional/if usage for amphora conversion 3c49d1c76 Fix skydive deployment not able to read ssh private key 1a6bd0c34 Use discovered private key file 405366fa3 Deprecate messaging params replaced by global oslo params 4e2056066 Remove osd_objectstore default 9e61e2313 Enable objects versioning for Ceph RadosGW 8523a90e1 Update zuul layout for new deployment directory 793187d62 Move Aide to deployments 876a65cd5 Default to 'podman' in container-puppet.py 0172f4153 Move container-puppet.py to common 1a802f3dd Adding configurability to the amphora image format a0e262e20 TLS everywhere: switch Octavia to use DNS entries dbe516df0 Provide option to disable EMC in puppet-vswitch 89def2b55 Fix Nova/Libvirt memory backed file conditions when they are role params 9b88439eb Fixes for freeipa_setup.sh 6ddadc193 Run mistral_executor unprivileged a64311ee6 Update scenario 10 for flattened ceph f370b81af Deprecate opendaylight service cced6333b Add ExternalInterfaceDefaultRoute parameter to ci nic configs 0fb353339 [Configuration] Add missing py37 and corrected default envlist. 1de74ccc7 Rename docker-container-startup-configs to container-startup-configs 860333cf3 Rename /var/lib/docker-config-scripts to /var/lib/container-config-scripts bd318943b Add %network%InterfaceDefaultRoute for compatibility fc65d197c Move apache service under deployment directory febab2bf8 ContainerCli param added to ceph-base heat template 4251eb781 ipaclient: do not explicitely install python-simplejson 374fafd66 mistral: configure heartbeat parameters to avoid action timeout c7a97ce99 Add external_resource_vip_id property to network_data.yaml c023784d5 Add storage_mgmt network to DistributedComputeHCI role c4eb9688d Add external_resource_id properties to network_data.yaml 12fe2e1cd Only add VlanID parameters to multiple-nics examples if using vlans b285c2686 Switch OpenShift nodes to use Podman 012948701 Stop loading nf_conntrack_proto_sctp module b3ce4f00b Make sure openssl-perl is installed on split stack tls-everywhere deployments d9df3c0ab Ensure we configure SELinux at the earliest stage. ad05860f4 Enable paunch logging to its full extent 98c2b78dc Enable flat network for ovn 5c8456c5c move ceph-ansible into deployment c693ba664 Use container_cli instead of docker to run mysql upgrade command. 5b38d9d96 Octavia: set net configuration to none for mkdir in containers f316311a3 move undercloud-upgrade.yaml into deployment 8b0b6eeb4 move tempest to deployment 889573970 Replace hard-coded 'docker pull' by '{{container_cli}} pull' 55724c127 Translating scenario010 to standalone b152659d8 We have to allow httpd to listen on those ports in some cases. 5b6984eb0 Fixup ipaclient.yaml for python3 ce9a83c8c Use get_attr to set %network%InterfaceDefaultRoute 38f3bfd76 correct parameter names in openid federation support a4a51ed9c Tag external_post_deploy_steps 39930ed2f Only attempt to start previous MariaDB if the image is available f441b25be Change scheme/port to template instead of getting from hiera 7985f02b8 nova: Deprecate the nova-placement service a2db936e7 Change OS::TripleO::Services::OVNDBs to non ha file ea2f759f7 move clustercheck.yaml into deployment 39be82216 flatten the cavium liquidio service 2a8fcc4dd Remove UpgradeRemoveUnusedPackages 393e89bfb Make nfs version for nova ephemeral storage configurable 214e8448a Add missing TLS configuration for ironic b848cef62 Only bind-mount internal TLS haproxy dirs if enabled 281bea1a8 Move neutron-plugin-ml2.yaml to deployment 4c3438970 Open firewall port 3300 for ceph monitors v2 protocol 8b6ea5e14 Include python-panko client. ea80847f9 Remove UndercloudCtlplaneSubnets defaults in UC env c62247fa8 Run chown for nova log files on every run to fix wrong permissions 19fec5d9d Enable authtoken cache 256d763d4 rename rsyslogd service to rsyslog and deal with lack of reload. 1c33183c0 octavia: pass container cli to external deploy tasks e7d3bd90c fix tox python3 overrides c55cf61c9 Avoid "-a" cp option in order to avoid SELinux AVC df403c2cd Add python36 job 9f0d23c78 Drop the old python35 job b9d382c51 Increase log level for command failures 866a7f79e Manage system timezone with ansible 3bcea8e0c Fix: Unknown Property ML2HostConfigs 5ff6f7416 Switch ContainerCli to podman by default c180847b8 Make sure ContainerCli is set to the stack f1ab762ed Move Designate to Experimental 42b0bc930 Support ctlplane subnet host routes from undercloud.conf 95e142d84 Fix idempotency for horizon container logs 24fb8776d Rename docker_puppet_apply to container_puppet_apply 2182e0b0d Reload rsyslog/cron when we change timezones 79da22a89 Deploy steps playbook: add a step0 tag 836705161 Install and configure tmpwatch for log cleanup 2e261993e flatten the gnocchi service configurations 736a6aa16 Suppress output from copy tasks 0f3e0cfec Refactored configuration options for nova/neutron in manila 402ae1a6e Disable cinder's LVM backend when deploying Pure backend 8948eced7 Test the correct placement endpoint with multiple regions fe1e1d79a Copy tripleo-admin key to mistral home directory 172594573 Disable TripleO UI service ba9141c63 Set setype on etcd's service directory cdfa27f07 Give sudo powers in Disable mysql task. 78ad47978 Drop unused parameters 80e2dad36 Add kek_rewrap functionality to Barbican fc612b86b Delay check CI jobs until the pep8 passes.. b53f6bacd Request certificate for using host service principals 9799dd549 Fix metadata_settings for redis 3997198c2 flatten opendaylight-api service f3b85e4ba Remove Congress a1969b4f4 OVN: Add VLAN to NeutronNetworkType 7a6c99476 Clean up after tripleo_persist and tripleo_transfer a85b00bb8 Always include step tasks in external update/upgrade ca944436d Set the NTP server on Sahara too abff4fd29 Remove tasks that stop and disable Horizon services. b697b0184 Allow embedded Skydive etcd port 1827ba884 Set neutron tenant network types for ODL configurations b2f76a9a7 Default ControlPlaneMtu to 1500 1e3fd7e84 Update the min tox version to 2.0 bb4f86fc0 Deploy Sahara with unversioned endpoints b1b67ac63 Introduce OpenShiftAnsiblePath parameter 32d993bbf Trim whitespace in multi-line env descriptions 1bfa62c09 Update min tox version to 2.0 6bf6c5ac1 Fix a spelling mistake Diffstat (except docs and test files) ------------------------------------- README.rst | 2 - capabilities-map.yaml | 5 - ci/common/net-config-multinode-os-net-config.yaml | 26 ++ ci/common/net-config-multinode.yaml | 26 ++ ci/common/net-config-simple-bridge.yaml | 26 ++ ci/environments/multinode-3nodes-registry.yaml | 2 +- ci/environments/multinode-containers.yaml | 2 +- .../nic-configs/compute-dvr.yaml | 2 +- .../multiple-nics-ipv6/nic-configs/controller.yaml | 2 +- .../scenario000-multinode-containers.yaml | 2 +- .../scenario001-multinode-containers.yaml | 10 +- ci/environments/scenario001-standalone.yaml | 14 +- .../scenario002-multinode-containers.yaml | 2 +- ci/environments/scenario002-standalone.yaml | 6 +- .../scenario003-multinode-containers.yaml | 12 +- ci/environments/scenario003-standalone.yaml | 10 +- .../scenario004-multinode-containers.yaml | 14 +- ci/environments/scenario004-standalone.yaml | 14 +- .../scenario007-multinode-containers.yaml | 4 +- .../scenario008-multinode-containers.yaml | 2 +- .../scenario010-multinode-containers.yaml | 10 +- ci/environments/scenario010-standalone.yaml | 98 ++++++ .../scenario012-multinode-containers.yaml | 2 +- ci/environments/scenario012-standalone.yaml | 2 +- ci/scripts/freeipa_setup.sh | 25 +- {docker => common}/container-puppet.py | 14 +- common/deploy-steps-tasks.yaml | 68 ++-- common/deploy-steps.j2 | 55 ++- .../{services.yaml => services/role.role.j2.yaml} | 4 +- .../nova_wait_for_placement_service.py | 1 + .../deployed-server-bootstrap-centos.sh | 4 + deployed-server/deployed-server-bootstrap-rhel.sh | 4 + deployed-server/deployed-server-roles-data.yaml | 1 - deployment/README.rst | 159 +++++++++ .../aide/aide-baremetal-puppet.yaml | 0 deployment/aodh/aodh-api-container-puppet.yaml | 18 +- deployment/aodh/aodh-base.yaml | 18 +- .../aodh/aodh-evaluator-container-puppet.yaml | 16 +- .../aodh/aodh-listener-container-puppet.yaml | 16 +- .../aodh/aodh-notifier-container-puppet.yaml | 16 +- .../apache/apache-baremetal-puppet.j2.yaml | 1 + .../barbican/barbican-api-container-puppet.yaml | 108 ++++-- .../liquidio-compute-config-container-puppet.yaml | 55 ++- .../ceilometer-agent-central-container-puppet.yaml | 16 +- .../ceilometer-agent-compute-container-puppet.yaml | 20 +- .../ceilometer-agent-ipmi-container-puppet.yaml | 16 +- ...ometer-agent-notification-container-puppet.yaml | 16 +- .../ceilometer-base-container-puppet.yaml | 100 ++++-- .../ceph-ansible/ceph-base.yaml | 51 ++- .../ceph-ansible/ceph-client.yaml | 0 .../ceph-ansible/ceph-external.yaml | 0 .../ceph-ansible/ceph-mds.yaml | 0 .../ceph-ansible/ceph-mgr.yaml | 0 .../ceph-ansible/ceph-mon.yaml | 1 + .../ceph-ansible/ceph-nfs.yaml | 0 .../ceph-ansible/ceph-osd.yaml | 5 +- .../ceph-ansible/ceph-rbdmirror.yaml | 0 .../ceph-ansible/ceph-rgw.yaml | 0 deployment/cinder/cinder-api-container-puppet.yaml | 17 +- .../cinder/cinder-backup-container-puppet.yaml | 16 +- .../cinder/cinder-backup-pacemaker-puppet.yaml | 12 +- deployment/cinder/cinder-base.yaml | 17 +- .../cinder/cinder-common-container-puppet.yaml | 6 +- .../cinder/cinder-scheduler-container-puppet.yaml | 16 +- .../cinder/cinder-volume-container-puppet.yaml | 33 +- .../cinder/cinder-volume-pacemaker-puppet.yaml | 12 +- .../openstack-clients-baremetal-puppet.yaml | 1 + deployment/congress/congress-container-puppet.yaml | 264 -------------- ...ntainer-image-prepare-baremetal-ansible.j2.yaml | 12 + .../services => deployment}/containers-common.yaml | 14 +- deployment/database/mysql-base.yaml | 12 +- deployment/database/mysql-container-puppet.yaml | 4 +- deployment/database/mysql-pacemaker-puppet.yaml | 16 +- deployment/database/redis-container-puppet.yaml | 22 +- deployment/database/redis-pacemaker-puppet.yaml | 12 +- .../logging/fluentd-container-puppet.yaml | 2 +- .../monitoring/sensu-client-container-puppet.yaml | 4 +- .../nova/nova-consoleauth-container-puppet.yaml | 20 +- .../nova/nova-placement-container-puppet.yaml | 26 +- .../opendaylight-api-container-puppet.yaml | 137 ++++++-- .../opendaylight-ovs-baremetal-puppet.yaml | 2 + .../panko/panko-api-container-puppet.yaml | 4 +- .../deprecated/time/timezone-baremetal-puppet.yaml | 60 ++++ .../tripleo-ui/tripleo-ui-container-puppet.yaml | 146 +------- deployment/ec2/ec2-api-container-puppet.yaml | 2 +- deployment/etcd/etcd-container-puppet.yaml | 1 + deployment/experimental/README.rst | 6 + .../designate/designate-api-container-puppet.yaml | 2 +- .../designate/designate-base.yaml | 18 +- .../designate-central-container-puppet.yaml | 4 +- .../designate/designate-mdns-container-puppet.yaml | 4 +- .../designate-producer-container-puppet.yaml | 2 +- .../designate/designate-sink-container-puppet.yaml | 2 +- .../designate-worker-container-puppet.yaml | 2 +- deployment/glance/glance-api-container-puppet.yaml | 36 +- .../gnocchi/gnocchi-api-container-puppet.yaml | 151 +++++++- .../gnocchi}/gnocchi-base.yaml | 5 + .../gnocchi/gnocchi-metricd-container-puppet.yaml | 32 +- .../gnocchi/gnocchi-statsd-container-puppet.yaml | 26 +- deployment/haproxy/haproxy-container-puppet.yaml | 19 +- .../haproxy-internal-tls-certmonger.j2.yaml | 10 +- deployment/haproxy/haproxy-pacemaker-puppet.yaml | 16 +- deployment/heat/heat-api-cfn-container-puppet.yaml | 4 +- deployment/heat/heat-api-container-puppet.yaml | 4 +- deployment/heat/heat-base-puppet.yaml | 20 +- deployment/heat/heat-engine-container-puppet.yaml | 2 +- deployment/horizon/horizon-container-puppet.yaml | 35 +- .../image-serve/image-serve-baremetal-ansible.yaml | 8 + deployment/ironic/ironic-api-container-puppet.yaml | 29 +- deployment/ironic/ironic-base-puppet.yaml | 18 +- .../ironic/ironic-conductor-container-puppet.yaml | 18 +- .../ironic/ironic-inspector-container-puppet.yaml | 16 +- .../ironic-neutron-agent-container-puppet.yaml | 2 +- deployment/ironic/ironic-pxe-container-puppet.yaml | 17 +- deployment/iscsid/iscsid-container-puppet.yaml | 2 +- .../keepalived/keepalived-container-puppet.yaml | 16 +- deployment/kernel/kernel-baremetal-puppet.yaml | 1 - deployment/keystone/keystone-container-puppet.yaml | 40 +-- .../logging/files/barbican-api.yaml | 0 .../logging/files/haproxy.yaml | 0 .../logging/files/heat-api-cfn.yaml | 0 .../logging/files/heat-api.yaml | 0 .../logging/files/heat-engine.yaml | 0 .../logging/files/keystone.yaml | 0 .../logging/files/neutron-api.yaml | 0 .../logging/files/neutron-common.yaml | 0 .../logging/files/nova-api.yaml | 13 + .../logging/files/nova-common.yaml | 13 + .../logging/files/nova-metadata.yaml | 0 .../logging/files/nova-placement.yaml | 0 .../logging/files/opendaylight-api.yaml | 0 .../logging/files/panko-api.yaml | 0 .../logging/rsyslog-sidecar-container-puppet.yaml | 2 +- .../logging/stdout/barbican-api.yaml | 0 .../logging/stdout/haproxy.yaml | 0 .../logging/stdout/heat-api-cfn.yaml | 0 .../logging/stdout/heat-api.yaml | 0 .../logging/stdout/heat-engine.yaml | 0 .../logging/stdout/keystone.yaml | 0 .../logging/stdout/neutron-common.yaml | 0 .../logging/stdout/nova-api.yaml | 0 .../logging/stdout/nova-common.yaml | 0 .../logging/stdout/nova-libvirt.yaml | 0 .../logging/stdout/nova-metadata.yaml | 0 .../logging/stdout/nova-placement.yaml | 0 .../logging/stdout/panko-api.yaml | 0 .../logrotate-crond-container-puppet.yaml | 20 +- .../tmpwatch-install.yaml} | 30 +- deployment/manila/manila-api-container-puppet.yaml | 4 +- deployment/manila/manila-base.yaml | 20 +- .../manila/manila-scheduler-container-puppet.yaml | 19 +- deployment/manila/manila-share-common.yaml | 2 +- .../manila/manila-share-container-puppet.yaml | 19 +- .../manila/manila-share-pacemaker-puppet.yaml | 12 +- .../memcached/memcached-container-puppet.yaml | 2 +- .../messaging/rpc-qdrouterd-container-puppet.yaml | 2 +- deployment/metrics/collectd-container-puppet.yaml | 16 +- deployment/metrics/qdr-container-puppet.yaml | 142 ++++++-- .../mistral/mistral-api-container-puppet.yaml | 16 +- deployment/mistral/mistral-base.yaml | 55 ++- .../mistral/mistral-engine-container-puppet.yaml | 16 +- .../mistral-event-engine-container-puppet.yaml | 16 +- .../mistral/mistral-executor-container-puppet.yaml | 36 +- deployment/multipathd/multipathd-container.yaml | 2 +- .../neutron/neutron-api-container-puppet.yaml | 16 +- .../neutron-bgpvpn-api-container-puppet.yaml | 2 +- .../neutron/neutron-dhcp-container-puppet.yaml | 14 +- .../neutron/neutron-l2gw-api-container-puppet.yaml | 2 +- .../neutron/neutron-l3-container-puppet.yaml | 14 +- .../neutron-lbaas-api-container-puppet.yaml | 2 +- .../neutron/neutron-metadata-container-puppet.yaml | 2 +- .../neutron-ovs-agent-container-puppet.yaml | 31 +- ...eutron-plugin-ml2-ansible-container-puppet.yaml | 1 - .../neutron-plugin-ml2-container-puppet.yaml | 0 ...lugin-ml2-mlnx-sdn-assist-container-puppet.yaml | 45 ++- .../neutron-sriov-agent-container-puppet.yaml | 7 +- deployment/nova/nova-api-container-puppet.yaml | 32 +- deployment/nova/nova-az-config.yaml | 91 +++++ deployment/nova/nova-base-puppet.yaml | 20 +- deployment/nova/nova-compute-container-puppet.yaml | 43 ++- .../nova/nova-conductor-container-puppet.yaml | 16 +- deployment/nova/nova-ironic-container-puppet.yaml | 24 +- deployment/nova/nova-libvirt-container-puppet.yaml | 14 +- .../nova/nova-metadata-container-puppet.yaml | 4 +- .../nova-migration-target-container-puppet.yaml | 2 +- .../nova/nova-scheduler-container-puppet.yaml | 16 +- .../nova/nova-vnc-proxy-container-puppet.yaml | 22 +- deployment/nova/novajoin-container-puppet.yaml | 12 +- .../octavia/octavia-api-container-puppet.yaml | 110 +++--- deployment/octavia/octavia-base.yaml | 18 +- .../octavia/octavia-deployment-config.j2.yaml | 41 ++- .../octavia-health-manager-container-puppet.yaml | 17 +- .../octavia-housekeeping-container-puppet.yaml | 3 +- .../octavia/octavia-worker-container-puppet.yaml | 31 +- .../ovn/ovn-controller-container-puppet.yaml | 101 +++++- .../ovn/ovn-dbs-container-puppet.yaml | 43 ++- .../ovn/ovn-dbs-pacemaker-puppet.yaml | 19 +- .../ovn/ovn-metadata-container-puppet.yaml | 106 +++++- .../pacemaker/clustercheck-container-puppet.yaml | 2 +- deployment/qdr/qdrouterd-container-puppet.yaml | 2 +- deployment/rabbitmq/rabbitmq-container-puppet.yaml | 5 +- ...rabbitmq-messaging-notify-container-puppet.yaml | 2 +- ...rabbitmq-messaging-notify-pacemaker-puppet.yaml | 15 +- .../rabbitmq-messaging-notify-shared-puppet.yaml | 2 +- .../rabbitmq-messaging-pacemaker-puppet.yaml | 15 +- .../rabbitmq-messaging-rpc-container-puppet.yaml | 2 +- .../rabbitmq-messaging-rpc-pacemaker-puppet.yaml | 15 +- deployment/sahara/sahara-api-container-puppet.yaml | 16 +- deployment/sahara/sahara-base.yaml | 27 +- .../sahara/sahara-engine-container-puppet.yaml | 16 +- deployment/swift/swift-proxy-container-puppet.yaml | 37 +- .../swift/swift-ringbuilder-container-puppet.yaml | 2 +- .../swift/swift-storage-container-puppet.yaml | 21 +- deployment/tacker/tacker-container-puppet.yaml | 20 +- deployment/time/timezone-baremetal-ansible.yaml | 58 +++ .../tripleo-packages-baremetal-puppet.yaml | 18 +- .../undercloud/tempest-container-puppet.yaml | 4 - .../undercloud}/undercloud-upgrade.yaml | 0 deployment/zaqar/zaqar-container-puppet.yaml | 18 +- .../neutron-plugin-ml2-mlnx-sdn-assist.yaml | 65 ---- environments/cavium-liquidio.yaml | 2 +- .../ceph-ansible/ceph-ansible-external.yaml | 2 +- environments/ceph-ansible/ceph-ansible.yaml | 8 +- environments/ceph-ansible/ceph-mds.yaml | 2 +- environments/ceph-ansible/ceph-rbdmirror.yaml | 2 +- environments/ceph-ansible/ceph-rgw.yaml | 2 +- environments/cinder-pure-config.yaml | 1 + environments/docker-ha.yaml | 6 +- environments/docker-uc-light.yaml | 2 +- environments/enable-designate.yaml | 12 +- environments/enable_congress.yaml | 2 - environments/enable_tempest.yaml | 2 +- environments/horizon_password_validation.yaml | 2 +- .../lifecycle/undercloud-upgrade-prepare.yaml | 2 +- environments/lifecycle/upgrade-converge.yaml | 1 - environments/lifecycle/upgrade-prepare.yaml | 1 - environments/manila-cephfsganesha-config.yaml | 2 +- environments/metrics-collectd-qdr.yaml | 3 +- environments/net-2-linux-bonds-with-vlans.j2.yaml | 2 +- .../net-bond-with-vlans-no-external.j2.yaml | 2 +- environments/net-bond-with-vlans-v6.j2.yaml | 2 +- environments/net-bond-with-vlans.j2.yaml | 2 +- environments/net-dpdkbond-with-vlans.j2.yaml | 2 +- environments/net-multiple-nics-v6.j2.yaml | 2 +- environments/net-multiple-nics.j2.yaml | 2 +- .../net-single-nic-linux-bridge-with-vlans.j2.yaml | 2 +- .../net-single-nic-with-vlans-no-external.j2.yaml | 2 +- environments/net-single-nic-with-vlans-v6.j2.yaml | 2 +- environments/net-single-nic-with-vlans.j2.yaml | 2 +- environments/network-isolation-v6-all.j2.yaml | 6 +- environments/network-isolation-v6.j2.yaml | 4 + environments/network-isolation.j2.yaml | 4 + environments/neutron-ml2-ovn-ha.yaml | 8 +- environments/neutron-ovs-dvr.yaml | 2 +- environments/nova-az-config.yaml | 2 + environments/openshift.yaml | 2 +- environments/ovs-hw-offload.yaml | 16 +- environments/services-baremetal/congress.yaml | 2 - .../services-baremetal/neutron-opendaylight.yaml | 2 +- .../services-baremetal/neutron-ovn-ha.yaml | 6 +- .../services-baremetal/undercloud-gnocchi.yaml | 6 +- environments/services/congress.yaml | 2 - .../services/neutron-opendaylight-sriov.yaml | 2 +- environments/services/neutron-opendaylight.yaml | 4 +- environments/services/neutron-ovn-dvr-ha.yaml | 8 +- environments/services/neutron-ovn-ha.yaml | 8 +- environments/services/neutron-ovn-standalone.yaml | 8 +- environments/services/neutron-ovs-dvr.yaml | 2 +- environments/services/neutron-ovs.yaml | 2 +- environments/services/tempest.yaml | 2 +- environments/services/undercloud-gnocchi.yaml | 6 +- ...ternal-tls.yaml => enable-internal-tls.j2.yaml} | 6 +- environments/ssl/no-tls-endpoints-public-ip.yaml | 3 - environments/ssl/tls-endpoints-public-dns.yaml | 3 - environments/ssl/tls-endpoints-public-ip.yaml | 3 - environments/ssl/tls-everywhere-endpoints-dns.yaml | 7 +- environments/standalone.yaml | 3 +- environments/standalone/standalone-overcloud.yaml | 5 +- environments/standalone/standalone-tripleo.yaml | 8 +- environments/stdout-logging.yaml | 30 +- environments/storage-environment-external.yaml | 2 +- environments/storage-environment.yaml | 10 +- environments/undercloud.yaml | 76 +++- .../role.role.j2.yaml} | 7 +- .../post_deploy/undercloud_ctlplane_network.py | 2 + extraconfig/post_deploy/undercloud_post.py | 6 +- .../rhel-registration/rhel-registration.yaml | 6 + .../rhel-registration/scripts/rhel-registration | 13 +- extraconfig/services/ipaclient.yaml | 15 +- extraconfig/services/openshift-master.yaml | 42 +-- extraconfig/services/skydive-analyzer.yaml | 10 +- lower-constraints.txt | 2 +- net-config-bond.j2.yaml | 8 + net-config-bridge.j2.yaml | 8 + net-config-linux-bridge.j2.yaml | 8 + net-config-noop.j2.yaml | 8 + net-config-standalone.j2.yaml | 5 + ...config-static-bridge-with-external-dhcp.j2.yaml | 8 + net-config-static-bridge.j2.yaml | 8 + net-config-static.j2.yaml | 8 + net-config-undercloud.j2.yaml | 4 + .../config/2-linux-bonds-vlans/role.role.j2.yaml | 13 +- .../bond-with-vlans/controller-no-external.j2.yaml | 17 +- .../config/bond-with-vlans/controller-v6.j2.yaml | 17 +- network/config/bond-with-vlans/role.role.j2.yaml | 19 +- network/config/multiple-nics/compute-dvr.j2.yaml | 21 +- network/config/multiple-nics/controller-v6.j2.yaml | 17 +- network/config/multiple-nics/role.role.j2.yaml | 15 +- .../controller-v6.j2.yaml | 17 +- .../role.role.j2.yaml | 13 +- .../controller-no-external.j2.yaml | 17 +- .../config/single-nic-vlans/controller-v6.j2.yaml | 17 +- network/config/single-nic-vlans/role.role.j2.yaml | 13 +- network/endpoints/endpoint_data.yaml | 15 - network/endpoints/endpoint_map.yaml | 390 ++++----------------- network/network.j2 | 21 +- .../ports/external_resource_port.network.j2.yaml | 2 + .../external_resource_port_v6.network.j2.yaml | 3 + network/ports/noop.yaml | 3 + network/ports/port.j2 | 7 + network/ports/port_from_pool.j2 | 7 + network/scripts/run-os-net-config.sh | 10 +- network/service_net_map.j2.yaml | 27 +- network_data.yaml | 16 +- overcloud-resource-registry-puppet.j2.yaml | 65 ++-- overcloud.j2.yaml | 45 ++- puppet/all-nodes-config.j2.yaml | 2 +- puppet/role.role.j2.yaml | 45 ++- puppet/services/congress.yaml | 152 -------- puppet/services/gnocchi-api.yaml | 198 ----------- puppet/services/gnocchi-metricd.yaml | 69 ---- puppet/services/gnocchi-statsd.yaml | 63 ---- puppet/services/liquidio-compute-config.yaml | 77 ---- puppet/services/neutron-base.yaml | 18 +- puppet/services/neutron-plugin-ml2-ovn.yaml | 4 +- puppet/services/opendaylight-api.yaml | 168 --------- puppet/services/openvswitch.yaml | 9 + puppet/services/ovn-controller.yaml | 127 ------- puppet/services/ovn-dbs.yaml | 65 ---- puppet/services/ovn-metadata.yaml | 134 ------- ...cate-opendaylight-service-64b960923324edc4.yaml | 5 + .../notes/OvsDisableEMC-ab29e5c08856d439.yaml | 3 + ...tcdLocalConnect-parameter-8831aad928235458.yaml | 6 + ...etcd-to-distributed-roles-9fe55e4d05f46874.yaml | 5 + ...dd-kek-rewrap-to-barbican-ef930dda85fe1e1d.yaml | 7 + .../notes/congress_removal-95dd16335fbb8bce.yaml | 5 + .../notes/container_cli-64a217e8abb508c4.yaml | 5 + ...dercloud-conf-host-routes-00e981d1f00405d8.yaml | 12 + ...ne-subnet-defaults-merged-5a6061b29618f5cf.yaml | 9 + ...ork-name-in-ServiceNetMap-efffd0583bab827f.yaml | 4 + .../healthcheck_disabled-7e67b45cda9afb17.yaml | 5 + .../notes/mistral_timeout-c00344d5b3d8c4b0.yaml | 6 + ...ta-external-id-properties-20d4aec2e557e980.yaml | 9 + ...va-az-config-service.yaml-ed7f3846398b2291.yaml | 9 + .../notes/nova-placement-43fd353e6870461c.yaml | 5 + ...va-rbd-pool-role-specific-010f6072d641d84f.yaml | 6 + ...va_add_nfs_vers_parameter-62b9e9d6150358d1.yaml | 8 + .../nova_compute_nofile-0427e49cc8ae70a6.yaml | 6 + ...ova_deprecate_consoleauth-ffb93ffa5393b630.yaml | 13 + ...nova_novnc_proxy_per_cell-f2d0c50d3c21c46c.yaml | 7 + ...run_chown_on_every_deploy-c366af9898ecaeed.yaml | 9 + ...avia-amphora-image-format-f2f3f494e6fbe82c.yaml | 6 + ...ssaging-separate-backends-2d2221066f88f479.yaml | 9 + ...nused-packages-on-upgrade-99bfd428dd52b4c9.yaml | 4 + .../run-octavia-under-apache-94afa32e4f1ae3e1.yaml | 11 + .../notes/timezone-ansible-c7ffcd118f881b82.yaml | 8 + ...r-interface-default-route-2578a4d292901024.yaml | 9 + requirements.txt | 2 +- roles/CellController.yaml | 1 + roles/Controller.yaml | 1 - roles/ControllerAllNovaStandalone.yaml | 1 - roles/ControllerNoCeph.yaml | 1 - roles/ControllerNovaStandalone.yaml | 1 - roles/ControllerOpenstack.yaml | 1 - roles/ControllerStorageNfs.yaml | 1 - roles/DistributedCompute.yaml | 1 + roles/DistributedComputeHCI.yaml | 3 + roles/Standalone.yaml | 2 +- roles/Undercloud.yaml | 1 + roles_data.yaml | 1 - roles_data_undercloud.yaml | 1 + sample-env-generator/enable-services.yaml | 12 +- sample-env-generator/ssl.yaml | 24 +- sample-env-generator/standalone.yaml | 9 +- sample-env-generator/storage.yaml | 2 + tools/check-up-to-date.sh | 2 +- tools/process-templates.py | 11 + tools/yaml-diff.py | 32 ++ tools/yaml-validate.py | 28 +- tox.ini | 5 +- tripleo_heat_templates/environment_generator.py | 5 +- zuul.d/layout.yaml | 141 +++++--- 395 files changed, 3463 insertions(+), 4140 deletions(-) Requirements updates -------------------- diff --git a/requirements.txt b/requirements.txt index 7f3177f7f..2527f95bc 100644 --- a/requirements.txt +++ b/requirements.txt @@ -9 +9 @@ tripleo-common>=7.1.0 # Apache-2.0 -paunch>=4.0.0 # Apache-2.0 +paunch>=4.2.0 # Apache-2.0