We are chuffed to announce the release of: tripleo-heat-templates 14.1.0: Heat templates for deploying OpenStack with OpenStack. This release is part of the wallaby stable release series. The source is available from: https://opendev.org/openstack/tripleo-heat-templates Download the package from: https://tarballs.openstack.org/tripleo-heat-templates/ Please report issues through: https://bugs.launchpad.net/tripleo/+bugs For more details, please see below. 14.1.0 ^^^^^^ Prelude ******* It's not necessary to install ceph-ansible nor prepare a Ceph container when configuring external Ceph in Wallaby and newer. External ceph configuration is done with TripleO (not cephadm nor ceph-ansible) and should be executed using the related environment file. New Features ************ * Added TripleO support for the Unbound DNS resolver service. * Adds a new "IronicInspectorStorageBackend" parameter that can be used to set the storage backend for introspection data. * New environments are added at environments/disable-heat.yaml and environments/disable-neutron.yaml which can be used to disable those services. * The new parameter GlanceCinderMountPointBase has been added which will be used for mounting NFS volumes on glance nodes. When glance uses cinder as store and cinder backend is NFS, this parameter must be set to match cinder's mount point. * Added new options for deploying Barbican with PKCS#11 backends: *BarbicanPkcs11CryptoTokenLabels* and *BarbicanPkcs11CryptoOsLockingOk* * The new paramerter GlanceCinderVolumeType parameter has been added which is required while configuring multiple cinder stores as glance backends. * The logic to configure the connection from barbican to nShield HSMs has been augmented to parse a nshield_hsms parameter, which allows the specification of multiple HSMs. The underlying ansible role (ansible-role-thales-hsm) will configure the HSMs in load sharing mode to provide HA. * The "OS::TripleO::{{role.name}}::PreNetworkConfig" resource has been restored. This resource can be used to implement any configuration steps executed before network configurations are applied. * It is now possible to deploy Ceph with TripleO using cephadm. * New "CinderRpcResponseTimeout" and "CinderApiWsgiTimeout" parameters provide a means for configuring Cinder's RPC response and WSGI connection timeouts, respectively. * The Cinder Backup service can be switched from running active/passive under pacemaker, to active-active mode where it runs simultaneously on every node on which it's deployed. Note that the service will be restarted when switching modes, which will interrupt any backup operations currently in progress. * A new "CinderBackupCompressionAlgorithm" parameter supports specifying the compression algorithm used by Cinder Backup backends that support the feature. The parameter defaults to "zlib," which is Cinder's default value. * Two new parameters are added to control the concurrency of Cinder's backup and restore operations: * CinderBackupWorkers * CinderBackupMaxOperations * Adds support for configuring the cinder-backup service with a Google Cloud Storage (GCS) backend, or an Amazon S3 backend. * The cinder-backup service can be configured to store backups on external Ceph clusters defined by the "CephExternalMultiConfig" parameter. New "CinderBackupRbdClusterName" and "CinderBackupRbdClientUserName" parameters can be specified, which override the default "CephClusterName" and "CephClientUserName" values respectively. * A new "CinderRbdMultiConfig" parameter may be used to configure additional cinder RBD backends on external Ceph clusters defined by the "CephExternalMultiConfig" parameter. * The environment file environments/external-ceph.yaml has been created and can be used when an external Ceph cluster is used. * Added FRR as a new TripleO service. This service allows cloud operators to deploy pure L3 control plane via BGP protocol. This has the following benefits: * Obtain multiple routes on multiple uplinks * BGP used for ECMP load balancing and BFD for resiliency * Advertise routes to API endpoints * Less L2 traffic Please refer to Install and Configure FRRouter specification (https://specs.openstack.org/openstack/tripleo-specs/specs/wallaby /triplo-bgp-frrouter.html) for more information. * *QemuDefaultTLSVerify* will allow operators to enable or disable TLS client certificate verification. Enabling this option will reject any client who does not have a certificate signed by the CA in /etc/pki/qemu/ca-cert.pem. The default is true and matches libvirt's. We will want to disable this by default in train. * The "LibvirtDebug" parameter has been added to enable or disable debug logging of libvirtd and virtlogd. * Now the debug logging of libvirtd and virtlogd is enabled automatically when the Debug parameter is true. * The "manila_api_cron" container has been introduced, which executes db purge job for Manila service. Use ManilaCronDbPurge* parameters to override cron parameters. * Add posibilities to configure ovn dbs monitor interval in tht by OVNDBSPacemakerMonitorInterval (default 30s). Under load, this can create extra stress and since the timeout has already been bumped, it makes sense to bump this interval to a higher value as a trade off between detecting a failure and stressing the service. * Introducing the following parameters: * NovaComputeForceRawImages * NovaComputeUseCowImages * NovaComputeLibvirtPreAllocateImages * NovaComputeImageCacheManagerInterval * NovaComputeImageCacheRemoveUnusedBaseImages * NovaComputeImageCacheRemoveUnusedResizedMinimumAge * NovaComputeImageCachePrecacheConcurrency * When a node has hugepages enabled, we can help with live migrations by enabling *NovaLiveMigrationPermitPostCopy* and *NovaLiveMigrationPermitAutoConverge*. These flags are automatically enabled if hugepages are detected, but operators can override these settings. * Add the following parameters to tune the behavior of nova- scheduler to achieve better distribution of instances. * "NovaSchedulerHostSubsetSize" * "NovaSchedulerShuffleBestSameWeighedHosts" * Introduce new compute role based parameter NovaGlanceEnableRbdDownload to enable direct download if rbd is used for glance, but compute is using local ephemeral storage, to allow nova-compute to direct download the images in this scenario from the glance ceph pool via rbd, instead going through glance api. If NovaGlanceEnableRbdDownload is set, per default the global RBD glance parameters are used, CephClientUserName GlanceRbdPoolName and CephClusterName for the used ceph.conf. Glance supports multi storage backends which can be configured using GlanceMultistoreConfig. If additional RBD glance backends are configured, the NovaGlanceRbdDownloadMultistoreID can be used to pointing to the hash key (backend ID) of GlanceMultistoreConfig to use. If CephClientUserName or GlanceRbdPoolName are not set in the GlanceMultistoreConfig, the global values of those parameters will be used. * Add NovaLibvirtMaxQueues role parameter to set [libvirt]/max_queues in nova.conf of the compute. Default 0 corresponds to not set meaning the legacy limits based on the reported kernel major version will be used. * Nova supports to configure resource provider inventory and traits using a standardized YAML file format starting victoria release [1]. This introduces CustomProviderInventories role parameter to configure the custom provider yaml. [1] https://docs.openstack.org/nova/latest/admin/managing-resource- providers.html * security-group logging is now supported under ML2/OVN. A more detailed explanation can be found in bug 1914757 (https://bugs.launchpad.net/neutron/+bug/1914757). * Adds pre_deploy_step_tasks support which is run after kolla files are setup and podman is configured, but before any deployment task or external deployment task. The use case is being able to start containers before any deployment task. * Add parameter *NovaSchedulerQueryPlacementForRoutedNetworkAggregates* that allows the scheduler to verify if the requested networks or the port are related to Neutron *routed networks* _ with some specific segments to use. In this case, the routed networks prefilter will require the related aggregates to be reported in Placement, so only hosts within the asked aggregates would be accepted. In order to support this behaviour, operators need to set the "[scheduler]/query_placement_for_routed_network_aggregates" configuration option which defaults to "False". (https://docs.openstack.org/neutron/latest/admin/config-routed- networks.html) * The keystone_cron container was reintroduced to run trust_flush job, which removes expired or soft-deleted trusts from keystone database. * The KeystoneEnableDBPurge parameter was readded, to enable or disable purge job for Keystone. * The following parameters were added, to configure parameters about trust_flush cron job. * "KeystoneCronTrustFlushEnsure" * "KeystoneCronTrustFlushMinute" * "KeystoneCronTrustFlushHour" * "KeystoneCronTrustFlushMonthday" * "KeystoneCronTrustFlushMonth" * "KeystoneCronTrustFlushWeekday" * "KeystoneCronTrustFlushMaxDelay" * "KeystoneCronTrustFlushDestination" * "KeystoneCronTrustFlushUser" * Adding ptp parameters for timemaster service configuration on overcloud compute node.Timemaster will use already present chrony parameters. PTPMessageTransport, PTPInterfaces are added new. Upgrade Notes ************* * All service "Debug" parameters are now booleans as expected by oslo. This helps in proper validation and service template composition complexities. * The Keepalived service has been removed. The "OS::Tripleo::Service::Keepalived" resource should be removed during update/upgrade. * The "iscsi" deploy interface is no longer enabled by default in ironic, making the "direct" deploy interface the default. You will need to update your nodes to the "direct" deploy before upgrading or re-enable the "iscsi" deploy in "IronicEnabledDeployInterfaces" (but note that it is going to be deprecated in the future). * The "IronicImageDownloadSource" parameter has been changed to "http" by default making ironic cache glance images and serve them via a local HTTP server. Set the parameter to "swift" to return the previous behavior of relying on swift temporary URLs. * The "NovaHWMachineType" parameter now defaults "x86_64" based instances to the unversioned "q35" machine type. The remaining architecture machine type defaults being provided directly by OpenStack Nova. A "environments/nova-hw-machine-type-upgrade.yaml" environment file has been provided to pin "NovaHWMachineType" to the previous versioned machine type defaults during an upgrade. When the upgrade of the overcloud is complete the following OpenStack Nova documentation should then be used to ensure a machine type is recorded for all existing instances before the new "NovaHWMachineType" default can be used in the environment. https://docs.openstack.org/nova/latest/admin/hw-machine- type.html#update * Users of the "OS::TripleO::Network::Ports::RedisVipPort" and "OS::TripleO::Network::Ports::OVNDBsVipPort" interfaces must update their templates. The interfaces has been removed, and the managment of these virtual IPs has been moved to the tripleo-heat-templates service template. This change will typically affect deployments using already deployed servers. Typically the virtual IPs for Redis and OVNDBs was overriden using the "deployed-neutron-port" template. For example: resource_registry: OS::TripleO::Network::Ports::RedisVipPort: /usr/share/openstack-tripleo-heat-templates/deployed-server/deployed-neutron-port.yaml OS::TripleO::Network::Ports::OVNDBsVipPort: /usr/share/openstack-tripleo-heat-templates/deployed-server/deployed-neutron-port.yaml parameter_defaults: DeployedServerPortMap: redis_virtual_ip: fixed_ips: - ip_address: 192.168.100.10 subnets: - cidr: 192.168.100.0/24 network: tags: - 192.168.100.0/24 ovn_dbs_virtual_ip: fixed_ips: - ip_address: 192.168.100.11 subnets: - cidr: 192.168.100.0/24 network: tags: - 192.168.100.0/24 This will have to be changed. The following example shows how to replicate the above configuration: parameter_defaults: RedisVirtualFixedIPs: - ip_address: 192.168.100.10 use_neutron: false OVNDBsVirtualFixedIPs: - ip_address: 192.168.100.11 use_neutron: false * The legacy DefaultPasswords interface to use passwords from heat resources has been removed as we don't use it anymore. * The "OVNVifType" parameter has been removed because the parameter was not used in Neutron. * The following two services have been removed, and should be removed from role data during upgrade. * "OS::TripleO::Services::CinderBackendVRTSHyperScale" * "OS::TripleO::Services::VRTSHyperScale" * Remove deprecated OS::TripleO::Services::CinderBackendDellEMCXTREMIOIscsi. Use OS::TripleO::Services::CinderBackendDellEMCXtremio instead. Deprecation Notes ***************** * The "IronicInspectorUseSwift" parameter has been deprecated in favor of "IronicInspectorStorageBackend" and will be removed in a future release. * The *BarbicanPkcs11CryptoTokenLabel* option has been deprecated and replaced with the *BarbicanPkcs11CryptoTokenLabels* option. * Some parameters within ThalesVars have been deprecated. These are - thales_hsm_ip_address and thales_hsm_config_location. See environments/barbican-backend-pkcs11-thales.yaml for details. * Ceph Deployment using Ceph versions older than Octopus is deprecated. * The CephOsdPercentageMin parameter has been deprecated and has a new default of 0 so that the validation is not run. There is no need to fail the deployment early if a percentage of the OSDs are not running because the Ceph pools created for OpenStack can now be created even if there are 0 OSDs as the PG number is no longer required on pool creation. TripleO no longer waits for OSD creation and instead only queues the request for OSD creation with the ceph orchestrator. * The environment file environments/ceph-ansible/ceph-ansible- external.yaml has been deprecated and will be removed in X. * The interfaces "OS::TripleO::Network::Ports::RedisVipPort" and "OS::TripleO::Network::Ports::OVNDBsVipPort" ha been removed. The resources are no longer used in the overcloud heat stack. * Supoort for the Veritas HyperScale Driver has been removed. Bug Fixes ********* * Now "ExtraConfigPre" resource and "NodeExtraConfig" resource are executed after network configurations are applied in nodes. This is consitent with the previous version with heat software deployment mechanism instead of config-download. * The default value of CinderNfsSnapshotSupport has been changed from true to false, to be consistent with the default value in cinder. * Previously access to the sshd running by the nova-migration-target container is only limited via the sshd_config. While login is not possible from other networks, the service is reachable via all networks. This change limits the access to the NovaLibvirt and NovaApi networks which are used for cold and live-migration. * Nova vnc configuration right now uses NovaVncProxyNetwork, NovaLibvirtNetwork and NovaApiNetwork to configure the different components (novnc proxy, nova-compute and libvirt) for vnc. If one of the networks get changed from internal_api, the service configuration between libvirt, nova-compute and novnc proxy gets inconsistent and the console is broken. This changed to just use NovaLibvirtNetwork for configuring the vnc endpoints and removes NovaVncProxyNetwork completely. * Decrease Swift proxy timeouts for GET/HEAD requests using a new parameter named SwiftProxyRecoverableNodeTimeout. The default node timeout is 10 seconds in Swift, however this has been set to 60 seconds in TripleO in case there are slow nodes. However, this affects all requests - GET, HEAD and PUT. GET/HEAD requests are typically much faster, thus it makes sense to use a lower timeout to recover earlier from node failures. This will increase stability, because the proxy can select another backend node to retry the request. * Bug #1915800 (https://bugs.launchpad.net/cinder/+bug/1915800): Add support for ports filtering in XtremIO driver. Other Notes *********** * The CephPoolDefaultPgNum paramter default is now 16. The Ceph pg_autoscaler is enabled by default in the supported versions of Ceph though the parameter CephPoolDefaultPgNum may still be used as desired. * The default value of the parameter 'RabbitAdditionalErlArgs' was updated to include the new options '+sbwtdcpu none +sbwtdio none' which disables busy-wait for dirty cpu schedulers and dirty i/o schedulers respectively. This aligns with the flags recommended by RabbitMQ upstream (https://www.rabbitmq.com/runtime.html#busy- waiting). Changes in tripleo-heat-templates 14.0.0..14.1.0 ------------------------------------------------ 4efd15e15 nova: Default to the unversioned q35 machine type on x86_64 1fd3ef688 Make sure the container configuration is refreshed during update. 1590be90f Default CephClientConfigVars within --working-dir beacfa333 Define the GaneshaNetwork parameter used by cephadm 75eb5bcc3 Fix etcd/tls-e deployments 1542df355 Add OVNEncapType option to the ovn controller template acafd67c3 Remove Keepalived service 73c1d300d Disable global_id reclaim for Ceph mons in scenario001 9fcd76ac4 Simplify manila, memcached and logging services b7f0e066e Simplify keystone, iscsid service templates 03213d643 Simplify cephadm service templates cda21df47 Correct metrics_qdr logging path and regex parsing bafd6aba0 Stop using (and breaking) /var/tmp for horizon temporary things 0e30ed962 Migrate nova cron parameters to NovaApi service 0419c9006 Fix random redeploy failure during certificate extraction 6889ac2b3 Simplify horizon, ipservices templates 15ce9b6a2 Simplify haproxy service templates 59e4788ab Don't create/configure swift_temp_url_key 9d9f0ed74 Add DefaultRoute to deployed_port.j2 9cb9618dc Update undercloud TLS template with proper keytab group 550ad722b Remove EXPERIMENTAL from ovn/sriov env file 2da8297c8 cinder: remove support for the Veritas HyperScale driver 99eb1671a ScaleIO: Fix outdate template path 0b04407d0 Glance: Fix wrong indent about healthcheck key 210560d01 Make SkipRhelEnforcement boolean d29e1b249 Add CinderBackupCompressionAlgorithm parameter a453f1b59 Add manila db purge job 23434faf9 Aodh: define authtoken parameters in AodhApi service 0f1230d0b Add RootStackName to group_vars faf71068b Deploy RGW by default when cephadm environment is included a1e464a3d Migrate introspection data for undercloud upgrade 30e071b57 Use CephRgwCertificateKeySize, not CephCertificateKeySize, for RGW fee14740b Remove deprecated CinderBackendDellEMCXTREMIOIscsi 66534f0b4 Simplify ironic service templates e2b52f4a0 Use parameters of the nova::glance class f08ed8036 Support removing cinder-backup from pcmk control e7d37585a Missing client certificate for live-migration with TLS 31674339d Allow access to RabbitMQ management plugin over network addcee106 Add ability to configure glance multiple cinder stores 1a95607b8 Removing duplicate mount point in metrics_qdr e2936d760 Add cinder RBD support for multiple ceph clusters 4ca848fb0 Add CinderBackupWorkers and CinderBackupMaxOperations c6c513a96 Support cinder backups to specific ceph cluster b4b2bc5d7 Add DefaultRoute parameter to ports/noop.yaml 80b226c44 Fix "ManageNetworks" use-case 84cdac627 Simplify glance service templates dc52f3c94 Run update tasks with become 23cdf4dd1 Refactor Service VIPs redis and ovn_dbs 7924cf945 Simplify etcd, frr service template acdddec6d Simplify database service templates 652b86e80 Simplify cinder service templates c5e2ecc5e Simplify ceph-ansible service templates 30ef4e572 Ensure ansible_fqdn is set 755084b52 Moving nova-consoleauth to step4 c04c9b0d7 Limit access to sshd used for nova migration 3b4d488a6 Add new options for Barbican PKCS#11 backend 70dc61cc0 Add tripleo_network_name tag hint to networks 73684d0a8 Set tags on all OS::Neutron::Port resources f4eb7d475 Expose additional network sysctl knobs 7de18e52c Generate bind pool and bind configuration using deployment info ecff7b705 Disable RabbitMQ busy-wait for dirty cpu and dirty i/o schedulers f3968c641 Remove UndercloudExtraConfig merge_strategy 915bf046e Add some tunable parameters for nova-scheduler 01bb2a6f0 Disable snapshot support in Cinder NFS backend by default 9b8413e79 nova: Remove versioned default machine types 313e4484e Mount /etc/openldap inside the keystone container 1ca4f727b Enable exec resource to generate policy.yaml for Gnocchi 79ddf2f87 Move frr setup steps to pre_deploy_step_tasks a65df66fb Always update the local certmonger ca cert 57add501a Add a boolean to allow disk overrides through NodeDataLookup 26cd692ab Fix tls for undercloud with ipa e16384697 Add missing KOLLA_CONFIG_STRATEGY for the aodh_api_cron container a7c593325 Set hieradata for the ceilometer::agent::service_credentials class 909845007 [update][upgrade] Use container-tools:3.0 95bc75aaf Fix some template conditions 3ed29643b Simplify ceilometer service template conditions 06efcbbd1 Simplify conditions in barbican service templates cefbfe418 Simplify apache service conditions 35cb010cc Introduce pre_deploy_step_tasks ef240c1f6 Use list_concat_unique instead of yaql 000e99465 Remove unused environment for split-stack 1954c3b25 Move Ceph services to linux-system-roles.certificate 180fcf18b Remove ovn-cms-options from OVS when OVNCMSOptions is set to "" 3f2e063c7 Enable debug logging of libvirt services when Debug is true 7a4a43d55 Add dependency on OVNMacAddressNetwork for role ResourceGroup 77358cbcc HA: fix injection of certificate in haproxy container dba59f904 Simplify conditions in aodh service templates 4ee0f1894 Simplify conditions in heat service templates c9991c2e3 Use 'wallaby' heat_template_version d04e7b8cc radosgw_frontend_port should be a number 1c7657b00 Move tmpwatch from cron.daily to actual root crontab 1c7bac21f ovn: Set enable_hw_offload by puppet-vswitch 3e9df9576 Move overcloud common bootstrap tasks out of step1 deploy tasks cea78ad4f Add neutron port tag hint for default_route_network b40d5d702 Remove tripleo_hostname tag a013f42e3 Enable ansible-lint d77fe5551 Ensure SELinux context persist across restorecon and reboot b4203a30e Change all *Debug parameter types to boolean e68ed6f7c Remove CrushRules coverage from scenario001 27788212c Remove duplicate keys from yaml files 5e4c17acf Simplify internal_tls_enabled conditions 2f23f470c Fix CephExternalMultiConfig using tripleo_ceph_client 2108a5191 Fixed tox executions 9a30798b3 [collectd] Fix CollectdAmqpSendQueueLimit references 9283e44d1 [OVN] Remove check for OVN + Availability Zones 9616f83e5 Add artifact push interface to deployments d2f6a3be2 Remove no longer used NovaNfsEnabled parameter and condtion 97fc5bcfe Remove neutron-l3-compute-dvr referenced nowhere 93e53b742 HA: inject public certificates without blocking container 3da1e7661 HA: fix race when moving VIP during minor update 5c21f8df6 Provide ability to deploy metrics_qdr using ansible 51059676b Add systemd dependency to openvswitch to ovn-controller 727d1656d Add support for py39 91a84be6f Add support for cinder-backup GCS and S3 backends 5a3f55ed9 Cavium/Liquidio is deprecated 56b8ec4e1 Designate: split bind instance into separate template 37a24bfe5 haproxy: fix typo after migration of TLS to ansible role 0d4a5f04f Disabling LM PostCopy and AutoConverge for RT roles d350da5a8 live_migration setting should be under libvirt namespace 4ddc178cd [collectd][ansible] Add THT to deploy collectd using ansible 8bf1fb755 Updating settings description 519378191 Expose crush rule config parameter e2680bbf7 Remove or fix outdated/incorrect manila hieradata definitions e7077e984 Remove or fix outdated/incorrect swift hieradata definitions 111130d4f Remove or fix outdated/incorrect ironic hieradata definitions 95a0c8ff3 Remove or fix outdated/incorrect ceilometer hieradata definitions 8ba48afc6 Remove or fix outdated/incorrect aodh hieradata definitions 4d0d7adaf Remove or fix outdated/incorrect gnocchi hieradata definitions cc5eb8177 Optimize conditions for TLS support 2c9781726 Remove Deprecated Ceph Environment Files 773fccb7c Add the Unbound DNS resolver service 8799a9421 Comment out parameter_defaults in barbican simple crypto template c0dc78940 Drop older install CentOS/RHEL 7 tasks fc50cfd2e Close if block in dual bonds af4d23838 Add parameter to set iscsid CHAP algorithms b6ae69956 Enable fernet token cache by default 6373ebf9b Correct spelling mistake 6e7e0ab48 Remove obsoleted generate_service_certificates 8d4e8adb3 Add external-ceph environment file c54d9286c Fix up the principal name in ovn-dbs-pacemaker-puppet 1ceb52180 Add TLS support to services using memcached 1c3f2e4e6 Remove extra bash process in frr container 44d1e2ddd Add CephDynamicSpec, CephSpecPath, CephOsdSpec, CephSpecFqdn fad07aa0b Set ansible_distribution vars for ipaclient d8408ebb8 Add legacy fact setting dadf71fca Use single NovaLibvirtNetwork to configure instance console components 97016b201 Add FRR service e3f1ad953 Remove or fix outdated/incorrect keystone hieradata definitions 8874003c4 Remove or fix outdated/incorrect cinder hieradata definitions 4b01172be Add cephadm deployment and environments branch 2ee68bf9a Fix memcached firewall condition e6801cebc Set vlan-limit value depending on vlan_transparent setting c8a828aab Fix start order for {swift_proxy,glance_api}_tls_proxy e329ca915 Generate certificates using ansible role 9be84a2fc Fix parameters for puppet-memcached-6.0.0 ad8f4f86e Revert "Hard code jobs to Nautilus before setting new default to Octopus" d498ebe87 Add deployed_vip_port templates 5250e6d59 Check Ceph cluster healthy state before starting FS to BS playbook 155fe9454 Make UpgradeInitCommand and UpgradeLeapp{ToRemove,ToInstall,CommandOptions} per-role fe53162e3 Adds net_cidr_map variable to allow cidr lists b6d8ed854 [ovn]: Enable port forwarding in neutron service plugins db270e91f [ovn]: Enable network logging in neutron service plugins c0e869755 Add delegate_fact_hosts: false on ci scenarios e7d824688 Fix plan-samples README.rst a6c1aff5c Fix NovaDefaultFloatingPool parameter 9ece6f97a Add posibilities to set ovndbs monitor interval 0f081b4f8 Remove tripleo_transfer cleanup.yml reference 8f38bba53 Remove tempest container support from tht d56a19159 Pass ipaclient_hostname to ipaclient role 59afff0c0 Add environments to disable Heat and Neutron f55a08ad7 Add support for nova custom provider inventories 843713d06 Fix logging_sources map_merge issues 853549e5a Remove ovn_dbs puppet_config section aca8b5fd6 Remove ovn-dbs temporary container 84c85aaff Fix redis_tls_proxy 3af965d6d Support configuring cinder's RPC and WSGI timeouts c1462b760 Don't try creating default admin and member roles 236e0e0b7 Fix typo in ansible_facts 147335f79 Remove default plan-environment.yaml d3b8515c4 Set tag hints on ControlVirtualIP 8d1fc8574 Use ansible_facts instead 73043121e Use include task for host prep tasks 8d66001fc Add parameter NovaSchedulerQueryPlacementForRoutedNetworkAggregates 15b752921 Remove usage of the wrong puppet parameter 850f5a281 Swift: Enable gatekeeper and listing_formats explicitly. 057f41345 Add no log to podman set_fact 9e6893cb8 Reintroduce keystone_cron container b5d5b7dc2 Make content provider depend on tox-pep8/tht on check layout b842a58e2 Fix jinja2 for VipSubnetMapDefaults redis and ovs_dbs ed8d6c0e4 Fix issue with scale down and overcloud TLS e0adf1056 Add ports filtering support to XtremIO Cinder driver 6c11a949f Create post-deploy.conf on update/upgrade for octavia ac5f13c93 Lower MysqlInnodbBufferPoolSize to its old 128M default 75857d3a2 Add parameters to allow multiple nshield HSMs f9100964f Drop service facts usage 712cfcc71 Upgrade mariadb storage during upgrade tasks 60c22c38c Stop non-pcmk services of manila and cinder during upgrade 92dcffc71 Always set NetworkDeploymentActions to its default 9b3ceef9f Add parameter {{role.name}}NetConfigOverride 823c5b48d Default all innodb_buffer_pool_size to 1G 125ebd64f Add non-tls listener to Memcached c78f3afa2 ironic: stop defaulting to iscsi deploy in preparation for its deprecation 7f195ff9a Remove DefaultPasswords interface a68149f24 per_node is not parsing generated json 4535e0f35 Enabling 'cinder_use_multipath' if cinder multipath is enabled 781beb757 Add ContainerDefaultPidsLimit to set default pid limits in containers.conf 365f16e21 Allow configuring cinder mount point for glance cinder store 8149df4c6 Use Ceph cluster name when setting minimum client version b3d334099 Introducing parametrable storage configuration 69357c3a6 Make DnfStreams support RoleParameters 099badda3 Stop ironic services in unupgraded controllers e66a70df6 Problematic nested quotes in hieradata file list a01784dc3 [trivial] Fix mistaken variable rename 8d38363a7 Unify cinder's volume and backup kolla_config settings 91837d4fa Add new parameters to configure nova-compute direct rbd image download b3f4111c9 Disable swift on undercloud by default c35df2f7c Don't use swift backend for introspection data a9bf1c128 Add post delay to reboot 8d962f136 Enforces minimum Ceph client version to Mimic d8267d62d Hard code jobs to Nautilus before setting new default to Octopus e7894c0b2 Restore PreNetworkConfig resources 5bf5dd9d9 Move the Overcloud common bootstrap tasks for step 1 before the deploy tasks 64e735898 Split network validation to it's own play 46df551a0 Use include_role for conditional inclusion 0c20e1e1a Add service ordering to cleanup service to avoid conflicts with agent startup 98c48b229 Config parameters for timemaster service cff1618e4 Make the default transport POLL_SERVER_HEAT 2d0125ed4 Add an index tag on neutron network resources 4a862731b Remove deployed-server bootstrap mappings 67a5a7889 Add NovaLibvirtMaxQueues role parameter to set [libvirt]/max_queues d4ae25e2f Deprecate environments/dcn-hci.yaml for dcn-storage.yaml df207fd2e Live migration optimization with HP b3d783695 Stop octavia servics in unupgraded controllers 9cbf8a39a Remove ffwd lifecycle environment files. 42bf766c7 Remove External{Internal,Public,Admin}Url parameters f87652dfe Add a new role parameter rhsm_enforce. a5383436c Default to cinder v3 in cloud config c4d75bc14 Revert "Reset sriov_numvfs to 0 before leapp upgrade" 29a5bf31a Switch Octavia external tasks to 'post deploy' 67917bf65 nova: Use LIBGUESTFS_BACKEND=direct 1787da144 Add sample network data files for network-data-v2 8a79c1b63 Force json output format for hiera in derive pci whitelist 04405abdd Deleting nova-consoleauth services in post-upgrade 63c5a94f8 Use Ceph-NFS for Manila in scenario004 fe739bd59 Remove useless hieradata for keystone resource management by puppet 9d1e91794 Remove the OVNVifType parameter 06eb1d167 Neutron: Do not set ovn_l3_mode f04f9645a Remove unused [ec2]driver parameter 7de39925d tool: convert heat network-config to ansible j2 6f140b93b Stop barbican servics in unupgraded controllers 5daaed405 Use nova::compute::image_cache class to set image cache parameters f08905d7f Decrease Swift proxy timeouts for GET/HEAD requests 5cfb038cf Set Designate mdns to listen on both ipv6 and ipv4 6ff238199 Add ReaR service to all roles a44181d61 Explicitly set port numbers used in swift storage Diffstat (except docs and test files) ------------------------------------- .ansible-lint | 24 + .gitignore | 115 ++++ bindep.txt | 14 +- ci/common/ironic_standalone_post.yaml | 2 +- ci/common/vbmc_setup.yaml | 2 +- ci/environments/disable-unbound.yaml | 5 +- ci/environments/multinode-core.yaml | 5 +- .../network-isolation-absolute.yaml | 2 - .../multiple-nics-ipv6/network-isolation.yaml | 2 - .../multiple-nics/network-isolation-absolute.yaml | 2 - .../network/multiple-nics/network-isolation.yaml | 2 - .../public-bond/network-isolation-absolute.yaml | 2 - .../network/public-bond/network-isolation.yaml | 2 - ci/environments/scenario000-standalone.yaml | 3 +- .../scenario001-multinode-containers.yaml | 1 - ci/environments/scenario001-standalone.yaml | 54 +- ci/environments/scenario003-standalone.yaml | 46 +- ci/environments/scenario004-standalone.yaml | 6 + .../scenario010-multinode-containers.yaml | 24 +- ci/environments/scenario010-standalone.yaml | 22 +- ci/environments/scenario013-standalone.yaml | 19 +- ci/environments/standalone-ipa.yaml | 1 - common/common-container-config-scripts.yaml | 8 + common/common-container-setup-tasks.yaml | 104 ++++ common/deploy-steps-playbooks-common.yaml | 42 +- common/deploy-steps-tasks-step-0.j2.yaml | 13 +- common/deploy-steps-tasks-step-1.yaml | 105 ---- common/deploy-steps-tasks.yaml | 6 +- common/deploy-steps.j2 | 261 +++++++-- common/generate-config-tasks.yaml | 2 +- common/host-container-puppet-tasks.yaml | 4 +- common/services/role.role.j2.yaml | 19 +- config-download-software.yaml | 2 +- config-download-structured.yaml | 2 +- container_config_scripts/mysql_upgrade_db.sh | 15 + .../nova_libvirt_init_secret.sh | 60 ++ default_passwords.yaml | 25 - deployed-server/ctlplane-port.yaml | 10 +- deployed-server/deployed-neutron-port.yaml | 8 +- .../deployed-server-environment-output.yaml | 53 -- deployed-server/deployed-server.yaml | 10 +- deployment/README.rst | 4 - deployment/aide/aide-baremetal-ansible.yaml | 5 +- deployment/aodh/aodh-api-container-puppet.yaml | 51 +- deployment/aodh/aodh-base.yaml | 47 +- .../aodh/aodh-evaluator-container-puppet.yaml | 9 +- .../aodh/aodh-listener-container-puppet.yaml | 9 +- .../aodh/aodh-notifier-container-puppet.yaml | 9 +- deployment/apache/apache-baremetal-puppet.j2.yaml | 78 +-- deployment/auditd/auditd-baremetal-puppet.yaml | 5 +- .../backup-and-restore/rear-baremetal-ansible.yaml | 5 +- .../barbican/barbican-api-container-puppet.yaml | 338 ++++++------ .../barbican/barbican-backend-dogtag-puppet.yaml | 5 +- .../barbican/barbican-backend-kmip-puppet.yaml | 5 +- .../barbican-backend-pkcs11-crypto-puppet.yaml | 21 +- .../barbican-backend-simple-crypto-puppet.yaml | 5 +- deployment/barbican/barbican-client-puppet.yaml | 5 +- .../ceilometer-agent-central-container-puppet.yaml | 52 +- .../ceilometer-agent-compute-container-puppet.yaml | 12 +- .../ceilometer-agent-ipmi-container-puppet.yaml | 11 +- ...ometer-agent-notification-container-puppet.yaml | 14 +- .../ceilometer-base-container-puppet.yaml | 38 +- deployment/ceph-ansible/ceph-base.yaml | 149 +++-- deployment/ceph-ansible/ceph-client.yaml | 28 +- deployment/ceph-ansible/ceph-external.yaml | 18 +- deployment/ceph-ansible/ceph-grafana.yaml | 91 ++- deployment/ceph-ansible/ceph-mds.yaml | 20 +- deployment/ceph-ansible/ceph-mgr.yaml | 88 ++- deployment/ceph-ansible/ceph-mon.yaml | 49 +- deployment/ceph-ansible/ceph-nfs.yaml | 33 +- deployment/ceph-ansible/ceph-osd.yaml | 26 +- deployment/ceph-ansible/ceph-rbdmirror.yaml | 25 +- deployment/ceph-ansible/ceph-rgw.yaml | 131 +++-- deployment/cephadm/ceph-base.yaml | 607 +++++++++++++++++++++ deployment/cephadm/ceph-client.yaml | 126 +++++ .../ceph-external.yaml} | 59 +- deployment/cephadm/ceph-grafana.yaml | 196 +++++++ deployment/cephadm/ceph-mds.yaml | 58 ++ deployment/cephadm/ceph-mgr.yaml | 181 ++++++ deployment/cephadm/ceph-mon.yaml | 85 +++ deployment/cephadm/ceph-nfs.yaml | 133 +++++ deployment/cephadm/ceph-osd.yaml | 89 +++ deployment/cephadm/ceph-rbdmirror.yaml | 72 +++ deployment/cephadm/ceph-rgw.yaml | 207 +++++++ deployment/certs/ca-certs-baremetal-puppet.yaml | 5 +- .../certs/certmonger-user-baremetal-puppet.yaml | 83 --- deployment/cinder/cinder-api-container-puppet.yaml | 50 +- .../cinder-backend-dellemc-powerflex-puppet.yaml | 11 +- .../cinder-backend-dellemc-powermax-puppet.yaml | 11 +- .../cinder-backend-dellemc-powerstore-puppet.yaml | 11 +- .../cinder/cinder-backend-dellemc-sc-puppet.yaml | 11 +- .../cinder-backend-dellemc-unity-puppet.yaml | 11 +- .../cinder-backend-dellemc-vmax-iscsi-puppet.yaml | 11 +- .../cinder/cinder-backend-dellemc-vnx-puppet.yaml | 11 +- ...inder-backend-dellemc-xtremio-iscsi-puppet.yaml | 120 ---- .../cinder-backend-dellemc-xtremio-puppet.yaml | 18 +- .../cinder/cinder-backend-dellsc-puppet.yaml | 11 +- .../cinder/cinder-backend-netapp-puppet.yaml | 11 +- .../cinder/cinder-backend-nvmeof-puppet.yaml | 11 +- deployment/cinder/cinder-backend-pure-puppet.yaml | 11 +- .../cinder-backend-veritas-hyperscale-puppet.yaml | 66 --- .../cinder/cinder-backup-container-puppet.yaml | 242 +++++--- .../cinder/cinder-backup-pacemaker-puppet.yaml | 57 +- deployment/cinder/cinder-base.yaml | 45 +- .../cinder/cinder-common-container-puppet.yaml | 134 +++-- .../cinder/cinder-hpelefthand-iscsi-puppet.yaml | 11 +- .../cinder/cinder-scheduler-container-puppet.yaml | 15 +- .../cinder/cinder-volume-container-puppet.yaml | 122 ++--- .../cinder/cinder-volume-pacemaker-puppet.yaml | 47 +- .../openstack-clients-baremetal-ansible.yaml | 5 +- ...ntainer-image-prepare-baremetal-ansible.j2.yaml | 21 +- deployment/containers-common.yaml | 5 +- deployment/database/mysql-base.yaml | 190 ++++--- deployment/database/mysql-client.yaml | 5 +- deployment/database/mysql-container-puppet.yaml | 96 ++-- deployment/database/mysql-pacemaker-puppet.yaml | 132 ++--- deployment/database/redis-base-puppet.yaml | 51 +- deployment/database/redis-container-puppet.yaml | 103 ++-- deployment/database/redis-pacemaker-puppet.yaml | 84 +-- .../liquidio-compute-config-container-puppet.yaml | 5 +- .../cinder-backend-dellemc-vxflexos-puppet.yaml | 5 +- .../cinder/cinder-backend-scaleio-puppet.yaml | 5 +- .../keepalived/keepalived-container-puppet.yaml | 156 ------ .../mistral/mistral-api-container-puppet.yaml | 6 +- deployment/deprecated/mistral/mistral-base.yaml | 18 +- .../mistral/mistral-engine-container-puppet.yaml | 6 +- .../mistral-event-engine-container-puppet.yaml | 6 +- .../mistral/mistral-executor-container-puppet.yaml | 6 +- deployment/deprecated/multipathd-container.yaml | 5 +- .../novajoin/ipaclient-baremetal-ansible.yaml | 5 +- .../novajoin/novajoin-container-puppet.yaml | 11 +- .../deprecated/zaqar/zaqar-container-puppet.yaml | 19 +- deployment/etcd/etcd-container-puppet.yaml | 118 ++-- .../designate/designate-api-container-puppet.yaml | 6 +- .../experimental/designate/designate-base.yaml | 16 +- .../designate/designate-bind-container.yaml | 149 +++++ .../designate-central-container-puppet.yaml | 19 +- .../designate/designate-mdns-container-puppet.yaml | 9 +- .../designate-producer-container-puppet.yaml | 6 +- .../designate/designate-sink-container-puppet.yaml | 6 +- .../designate-worker-container-puppet.yaml | 98 +--- deployment/frr/frr-container-ansible.yaml | 230 ++++++++ deployment/glance/glance-api-container-puppet.yaml | 212 ++++--- .../glance/glance-api-edge-container-puppet.yaml | 17 +- .../gnocchi/gnocchi-api-container-puppet.yaml | 14 +- deployment/gnocchi/gnocchi-base.yaml | 20 +- .../gnocchi/gnocchi-metricd-container-puppet.yaml | 6 +- .../gnocchi/gnocchi-statsd-container-puppet.yaml | 6 +- deployment/haproxy/haproxy-container-puppet.yaml | 138 +++-- .../haproxy/haproxy-edge-container-puppet.yaml | 22 +- .../haproxy-internal-tls-certmonger.j2.yaml | 109 ++-- deployment/haproxy/haproxy-pacemaker-puppet.yaml | 147 ++--- .../haproxy/haproxy-public-tls-certmonger.yaml | 167 ++++-- deployment/haproxy/haproxy-public-tls-inject.yaml | 13 +- deployment/heat/heat-api-cfn-container-puppet.yaml | 32 +- .../heat/heat-api-cloudwatch-disabled-puppet.yaml | 5 +- deployment/heat/heat-api-container-puppet.yaml | 35 +- deployment/heat/heat-base-puppet.yaml | 54 +- deployment/heat/heat-engine-container-puppet.yaml | 42 +- deployment/horizon/horizon-container-puppet.yaml | 108 ++-- .../image-serve/image-serve-baremetal-ansible.yaml | 5 +- deployment/ipa/ipaservices-baremetal-ansible.yaml | 108 ++-- deployment/ipsec/ipsec-baremetal-ansible.yaml | 5 +- deployment/ironic/ironic-api-container-puppet.yaml | 50 +- deployment/ironic/ironic-base-puppet.yaml | 82 ++- .../ironic/ironic-conductor-container-puppet.yaml | 130 ++--- .../ironic/ironic-inspector-container-puppet.yaml | 136 +++-- .../ironic-neutron-agent-container-puppet.yaml | 10 +- deployment/ironic/ironic-pxe-container-puppet.yaml | 28 +- deployment/iscsid/iscsid-container-puppet.yaml | 36 +- deployment/kernel/kernel-baremetal-ansible.yaml | 17 +- .../kernel-boot-params-baremetal-ansible.yaml | 5 +- deployment/keystone/keystone-container-puppet.yaml | 352 ++++++------ deployment/logging/files/barbican-api.yaml | 2 +- deployment/logging/files/glance-api.yaml | 2 +- deployment/logging/files/haproxy.yaml | 2 +- deployment/logging/files/heat-api-cfn.yaml | 2 +- deployment/logging/files/heat-api.yaml | 2 +- deployment/logging/files/heat-engine.yaml | 2 +- deployment/logging/files/keystone.yaml | 2 +- deployment/logging/files/neutron-api.yaml | 2 +- deployment/logging/files/neutron-common.yaml | 2 +- deployment/logging/files/nova-api.yaml | 2 +- deployment/logging/files/nova-common.yaml | 2 +- deployment/logging/files/nova-libvirt.yaml | 32 +- deployment/logging/files/nova-metadata.yaml | 2 +- deployment/logging/files/placement-api.yaml | 2 +- deployment/logging/rsyslog-baremetal-ansible.yaml | 6 +- deployment/logging/rsyslog-container-puppet.yaml | 9 +- .../logging/rsyslog-sidecar-container-puppet.yaml | 12 +- deployment/logging/stdout/barbican-api.yaml | 2 +- deployment/logging/stdout/glance-api.yaml | 2 +- deployment/logging/stdout/haproxy.yaml | 2 +- deployment/logging/stdout/heat-api-cfn.yaml | 2 +- deployment/logging/stdout/heat-api.yaml | 2 +- deployment/logging/stdout/heat-engine.yaml | 2 +- deployment/logging/stdout/keystone.yaml | 2 +- deployment/logging/stdout/neutron-common.yaml | 2 +- deployment/logging/stdout/nova-api.yaml | 2 +- deployment/logging/stdout/nova-common.yaml | 2 +- deployment/logging/stdout/nova-libvirt.yaml | 32 +- deployment/logging/stdout/nova-metadata.yaml | 2 +- deployment/logging/stdout/placement-api.yaml | 2 +- .../login-defs/login-defs-baremetal-ansible.yaml | 5 +- .../logrotate-crond-container-puppet.yaml | 63 ++- deployment/logrotate/tmpwatch-install.yaml | 5 +- deployment/manila/manila-api-container-puppet.yaml | 133 ++++- deployment/manila/manila-backend-cephfs.yaml | 14 +- deployment/manila/manila-backend-isilon.yaml | 6 +- deployment/manila/manila-backend-netapp.yaml | 6 +- deployment/manila/manila-backend-unity.yaml | 7 +- deployment/manila/manila-backend-vmax.yaml | 7 +- deployment/manila/manila-backend-vnx.yaml | 8 +- deployment/manila/manila-base.yaml | 46 +- .../manila/manila-scheduler-container-puppet.yaml | 25 +- deployment/manila/manila-share-common.yaml | 15 +- .../manila/manila-share-container-puppet.yaml | 30 +- .../manila/manila-share-pacemaker-puppet.yaml | 18 +- .../masquerade-networks-baremetal-puppet.yaml | 5 +- .../memcached/memcached-container-puppet.yaml | 189 +++++-- .../messaging/rpc-qdrouterd-container-puppet.yaml | 10 +- deployment/metrics/collectd-container-ansible.yaml | 445 +++++++++++++++ deployment/metrics/collectd-container-puppet.yaml | 12 +- deployment/metrics/qdr-container-ansible.yaml | 376 +++++++++++++ deployment/metrics/qdr-container-puppet.yaml | 131 +++-- .../multipathd/multipathd-container-ansible.yaml | 5 +- .../neutron/derive_pci_passthrough_whitelist.py | 2 +- .../neutron-agents-ib-config-container-puppet.yaml | 6 +- .../neutron/neutron-api-container-puppet.yaml | 78 +-- deployment/neutron/neutron-base.yaml | 20 +- .../neutron-bgpvpn-api-container-puppet.yaml | 5 +- .../neutron-bgpvpn-bagpipe-baremetal-puppet.yaml | 5 +- .../neutron-bigswitch-agent-baremetal-puppet.yaml | 5 +- deployment/neutron/neutron-cleanup.service | 2 +- .../neutron/neutron-compute-plugin-nuage.yaml | 5 +- .../neutron/neutron-controller-plugin-nuage.yaml | 5 +- .../neutron/neutron-dhcp-container-puppet.yaml | 91 +-- .../neutron-l2gw-agent-baremetal-puppet.yaml | 16 +- .../neutron/neutron-l2gw-api-container-puppet.yaml | 5 +- .../neutron/neutron-l3-container-puppet.yaml | 28 +- ...neutron-linuxbridge-agent-baremetal-puppet.yaml | 6 +- .../neutron/neutron-metadata-container-puppet.yaml | 17 +- .../neutron-mlnx-agent-container-puppet.yaml | 6 +- .../neutron-ovn-dpdk-config-container-puppet.yaml | 6 +- .../neutron-ovs-agent-container-puppet.yaml | 6 +- .../neutron-ovs-dpdk-agent-container-puppet.yaml | 7 +- ...eutron-plugin-ml2-ansible-container-puppet.yaml | 5 +- ...tron-plugin-ml2-cisco-vts-container-puppet.yaml | 5 +- .../neutron-plugin-ml2-container-puppet.yaml | 5 +- ...lugin-ml2-mlnx-sdn-assist-container-puppet.yaml | 6 +- deployment/neutron/neutron-plugin-ml2-nuage.yaml | 6 +- deployment/neutron/neutron-plugin-ml2-ovn.yaml | 16 +- deployment/neutron/neutron-plugin-ml2.yaml | 6 +- .../neutron-plugin-nsx-container-puppet.yaml | 4 +- deployment/neutron/neutron-plugin-nuage.yaml | 6 +- .../neutron/neutron-sfc-api-container-puppet.yaml | 5 +- .../neutron-sriov-agent-container-puppet.yaml | 37 +- .../neutron-vpp-agent-baremetal-puppet.yaml | 6 +- deployment/nova/nova-api-container-puppet.yaml | 201 ++++++- deployment/nova/nova-apidb-client-puppet.yaml | 5 +- deployment/nova/nova-az-config.yaml | 5 +- deployment/nova/nova-base-puppet.yaml | 198 +------ .../nova/nova-compute-common-container-puppet.yaml | 5 +- deployment/nova/nova-compute-container-puppet.yaml | 495 ++++++++++++++--- .../nova/nova-conductor-container-puppet.yaml | 8 +- deployment/nova/nova-db-client-puppet.yaml | 5 +- deployment/nova/nova-ironic-container-puppet.yaml | 34 +- deployment/nova/nova-libvirt-container-puppet.yaml | 410 ++++++++------ .../nova/nova-libvirt-guests-container-puppet.yaml | 5 +- deployment/nova/nova-manager-container-puppet.yaml | 6 +- .../nova/nova-metadata-container-puppet.yaml | 43 +- .../nova-migration-target-container-puppet.yaml | 58 +- .../nova/nova-scheduler-container-puppet.yaml | 30 +- .../nova/nova-vnc-proxy-container-puppet.yaml | 213 +++++--- .../octavia/octavia-api-container-puppet.yaml | 128 +++-- deployment/octavia/octavia-base.yaml | 35 +- .../octavia/octavia-deployment-config.j2.yaml | 12 +- .../octavia-health-manager-container-puppet.yaml | 24 +- .../octavia-housekeeping-container-puppet.yaml | 24 +- .../octavia/octavia-worker-container-puppet.yaml | 28 +- .../octavia/providers/ovn-provider-config.yaml | 53 +- .../openvswitch-dpdk-baremetal-ansible.yaml | 6 +- ...vswitch-dpdk-netcontrold-container-ansible.yaml | 5 +- .../ovn/ovn-controller-container-puppet.yaml | 78 ++- deployment/ovn/ovn-dbs-container-puppet.yaml | 48 +- deployment/ovn/ovn-dbs-pacemaker-puppet.yaml | 113 ++-- deployment/ovn/ovn-metadata-container-puppet.yaml | 77 ++- .../pacemaker/clustercheck-container-puppet.yaml | 6 +- .../compute-instanceha-baremetal-puppet.yaml | 5 +- deployment/pacemaker/ovn-dbs-baremetal-puppet.yaml | 6 +- .../pacemaker/pacemaker-baremetal-puppet.yaml | 17 +- .../pacemaker-remote-baremetal-puppet.yaml | 13 +- .../placement/placement-api-container-puppet.yaml | 15 +- deployment/podman/podman-baremetal-ansible.yaml | 15 +- deployment/qdr/qdrouterd-container-puppet.yaml | 10 +- deployment/rabbitmq/rabbitmq-container-puppet.yaml | 135 +++-- ...rabbitmq-messaging-notify-container-puppet.yaml | 92 ++-- ...rabbitmq-messaging-notify-pacemaker-puppet.yaml | 61 +-- .../rabbitmq-messaging-notify-shared-puppet.yaml | 5 +- .../rabbitmq-messaging-pacemaker-puppet.yaml | 66 +-- .../rabbitmq-messaging-rpc-container-puppet.yaml | 92 ++-- .../rabbitmq-messaging-rpc-pacemaker-puppet.yaml | 72 ++- deployment/rhsm/rhsm-baremetal-ansible.yaml | 5 +- .../securetty/securetty-baremetal-ansible.yaml | 5 +- deployment/snmp/snmp-baremetal-puppet.yaml | 5 +- deployment/sshd/sshd-baremetal-ansible.yaml | 5 +- deployment/sshd/sshd-baremetal-puppet.yaml | 5 +- .../external-swift-proxy-baremetal-puppet.yaml | 54 +- deployment/swift/swift-base.yaml | 5 +- .../swift/swift-dispersion-baremetal-puppet.yaml | 5 +- deployment/swift/swift-proxy-container-puppet.yaml | 33 +- .../swift/swift-ringbuilder-container-puppet.yaml | 48 +- .../swift/swift-storage-container-puppet.yaml | 50 +- deployment/time/ptp-baremetal-ansible.yaml | 5 +- deployment/time/timezone-baremetal-ansible.yaml | 5 +- .../timemaster/timemaster-baremetal-ansible.yaml | 171 ++++++ deployment/timesync/chrony-baremetal-ansible.yaml | 16 +- deployment/tls/undercloud-remove-novajoin.yaml | 5 +- deployment/tls/undercloud-tls.yaml | 18 +- .../tripleo-firewall-baremetal-ansible.yaml | 5 +- .../tripleo-packages-baremetal-puppet.yaml | 66 ++- deployment/tuned/tuned-baremetal-ansible.yaml | 5 +- deployment/unbound/unbound-container-ansible.yaml | 134 +++++ deployment/undercloud/minion-rabbitmq-puppet.yaml | 5 +- .../undercloud/tempest-container-puppet.yaml | 70 --- deployment/undercloud/undercloud-upgrade.yaml | 26 +- .../tripleo-validations-baremetal-ansible.yaml | 5 +- ...tas-hyperscale-controller-baremetal-puppet.yaml | 130 ----- deployment/vpp/vpp-baremetal-puppet.yaml | 5 +- environments/barbican-backend-pkcs11-atos.yaml | 13 +- environments/barbican-backend-pkcs11-lunasa.yaml | 3 +- environments/barbican-backend-pkcs11-thales.yaml | 21 +- environments/barbican-backend-simple-crypto.yaml | 2 +- environments/cavium-liquidio.yaml | 2 +- .../ceph-ansible/ceph-ansible-external.yaml | 2 + environments/cephadm/ceph-dashboard.yaml | 5 + environments/cephadm/ceph-mds.yaml | 2 + environments/cephadm/ceph-rbdmirror.yaml | 2 + environments/cephadm/cephadm-rbd-only.yaml | 22 + environments/cephadm/cephadm.yaml | 26 + environments/cinder-backup-active-active.yaml | 2 + environments/cinder-backup.yaml | 3 +- environments/cinder-dellemc-xtremio-config.yaml | 1 + .../cinder-dellemc-xtremio-iscsi-config.yaml | 18 - environments/cinder-scaleio-config.yaml | 2 +- environments/dcn-hci.yaml | 5 +- environments/dcn-storage.yaml | 51 ++ environments/dcn.yaml | 2 - environments/deployed-server-environment.j2.yaml | 1 - environments/deployed-server-noop-ctlplane.yaml | 1 - environments/designate-config-ha.yaml | 127 ----- environments/designate-config.yaml | 69 --- environments/disable-heat.yaml | 5 + environments/disable-neutron.yaml | 30 + environments/enable-designate.yaml | 14 + environments/enable-stf.yaml | 2 +- environments/enable_tempest.yaml | 2 - ...nvironment-external.yaml => external-ceph.yaml} | 19 +- environments/external-loadbalancer-vip-v6-all.yaml | 2 - environments/external-loadbalancer-vip-v6.yaml | 2 - environments/external-loadbalancer-vip.yaml | 2 - environments/fixed-ip-vips-v6.yaml | 2 - environments/fixed-ip-vips.yaml | 2 - environments/hyperconverged-ceph.yaml | 63 --- environments/lifecycle/ffwd-upgrade-converge.yaml | 9 - environments/lifecycle/ffwd-upgrade-prepare.yaml | 10 - .../lifecycle/undercloud-upgrade-prepare.yaml | 2 +- environments/lifecycle/update-prepare.yaml | 2 +- environments/lifecycle/upgrade-prepare.yaml | 2 +- environments/low-memory-usage.yaml | 1 + environments/metrics/collectd-write-qdr.yaml | 2 +- environments/metrics/qdr-edge-only-ansible.yaml | 20 + .../metrics/qdr-form-controller-mesh-ansible.yaml | 26 + .../network-isolation-no-tunneling.j2.yaml | 2 - environments/network-isolation-v6-all.j2.yaml | 2 - environments/network-isolation-v6.j2.yaml | 2 - environments/network-isolation.j2.yaml | 2 - environments/nova-hw-machine-type-upgrade.yaml | 10 + environments/overcloud-baremetal.j2.yaml | 3 - environments/overcloud-services.yaml | 2 - ...deprecated_ceph_env_files-e71ea73eefe8bfad.yaml | 7 + .../services-baremetal/neutron-ovn-dvr-ha.yaml | 3 +- .../services-baremetal/neutron-ovn-ha.yaml | 3 +- environments/services/frr.yaml | 9 + environments/services/neutron-ovn-dvr-ha.yaml | 3 +- environments/services/neutron-ovn-ha.yaml | 3 +- environments/services/neutron-ovn-sriov.yaml | 3 - environments/services/neutron-ovn-standalone.yaml | 3 +- environments/services/neutron-ovs.yaml | 1 - environments/services/tempest.yaml | 2 - environments/services/undercloud-keepalived.yaml | 4 - environments/ssl/enable-internal-tls.j2.yaml | 1 - environments/ssl/enable-memcached-tls.yaml | 10 + environments/standalone/standalone-overcloud.yaml | 1 + environments/standalone/standalone-tripleo.yaml | 7 +- environments/storage-environment.yaml | 86 --- environments/tuned-ceph-filestore-hci.yaml | 13 - environments/undercloud-enable-nova.yaml | 1 + environments/undercloud-enable-swift.yaml | 12 + environments/undercloud.yaml | 23 +- environments/undercloud/undercloud-minion.yaml | 6 +- environments/updates/README.md | 3 - environments/updates/update-from-ceph-newton.yaml | 4 - .../cinder-veritas-hyperscale-config.yaml | 18 - .../veritas-hyperscale-config.yaml | 32 -- extraconfig/all_nodes/swap-partition.j2.yaml | 2 +- extraconfig/all_nodes/swap.j2.yaml | 2 +- .../krb-service-principals/role.role.j2.yaml | 2 +- extraconfig/post_deploy/default.yaml | 2 +- extraconfig/post_deploy/example.yaml | 2 +- extraconfig/post_deploy/example_run_on_update.yaml | 2 +- extraconfig/post_deploy/undercloud_post.yaml | 2 +- firstboot/conntectx3_streering.yaml | 2 +- firstboot/os-net-config-mappings.yaml | 2 +- firstboot/userdata_default.yaml | 2 +- firstboot/userdata_dev_rsync.yaml | 2 +- firstboot/userdata_example.yaml | 2 +- firstboot/userdata_heat_admin.yaml | 2 +- firstboot/userdata_root_password.yaml | 2 +- firstboot/userdata_timesync.yaml | 2 +- .../default-network-isolation-ipv6.yaml | 56 ++ .../default-network-isolation.yaml | 56 ++ network-data-samples/ganesha-ipv6.yaml | 22 + network-data-samples/ganesha.yaml | 24 + .../legacy-routed-networks-ipv6.yaml | 90 +++ network-data-samples/legacy-routed-networks.yaml | 98 ++++ network-data-samples/management-ipv6.yaml | 12 + network-data-samples/management.yaml | 12 + network-data-samples/no-networks.yaml | 6 + network-data-samples/routed-networks-ipv6.yaml | 84 +++ network-data-samples/routed-networks.yaml | 84 +++ network/deployed_networks.yaml | 2 +- network/endpoints/build_endpoint_map.py | 2 +- network/endpoints/endpoint_map.yaml | 2 +- network/network.j2 | 41 +- network/networks.j2.yaml | 2 +- network/ovn_mac_addr_net.yaml | 2 +- network/ports/ctlplane_vip.yaml | 18 +- network/ports/deployed_port.j2 | 10 +- network/ports/deployed_vip_ctlplane.yaml | 40 ++ network/ports/deployed_vip_port.j2 | 67 +++ network/ports/deployed_vip_port.network.j2.yaml | 1 + network/ports/from_service.yaml | 5 +- network/ports/from_service_v6.yaml | 5 +- network/ports/net_ip_list_map.j2.yaml | 2 +- network/ports/net_ip_map.j2.yaml | 2 +- network/ports/net_vip_map_external.j2.yaml | 2 +- network/ports/net_vip_map_external_v6.j2.yaml | 2 +- network/ports/noop.yaml | 10 +- network/ports/ovn_mac_addr_port.yaml | 18 +- network/ports/port.j2 | 36 +- network/ports/port_from_pool.j2 | 10 +- network/ports/vip.yaml | 17 +- network/ports/vip_v6.yaml | 18 +- network/service_net_map.j2.yaml | 10 +- overcloud-resource-registry-puppet.j2.yaml | 24 +- overcloud.j2.yaml | 137 ++--- plan-environment.yaml | 8 - plan-samples/README.rst | 26 +- plan-samples/plan-environment-derived-params.yaml | 7 - .../pre_deploy/compute/neutron-ml2-bigswitch.yaml | 2 +- .../pre_deploy/controller/multiple.yaml | 2 +- .../controller/neutron-ml2-bigswitch.yaml | 2 +- puppet/extraconfig/pre_deploy/default.yaml | 2 +- puppet/extraconfig/pre_deploy/per_node.yaml | 16 +- puppet/extraconfig/tls/ca-inject.yaml | 2 +- puppet/role.role.j2.yaml | 14 +- .../Add-Unbound-service-ba72830f9c75ecc3.yaml | 4 + ...rStorageBackend-parameter-9dd87e751b576007.yaml | 9 + ...envs-disable-neutron-heat-6f031e2a4058a581.yaml | 5 + ...ount-point-base-parameter-852554398b9f3a19.yaml | 7 + ...r-barbican-pkcs11-options-a2ec14369518b40e.yaml | 9 + ...re_multiple_cinder_stores-74eea265ee795660.yaml | 5 + .../notes/barbican-thales-ha-581fbe9b5ef4dc87.yaml | 11 + .../notes/bug-1907214-df2f07cbacbe8a24.yaml | 13 + releasenotes/notes/cephadm-28185ca8ac814567.yaml | 17 + ...er-add-timeout-parameters-54550a6e1c11c0b9.yaml | 6 + ...nder-backup-active-active-2eb8f8cf612a7989.yaml | 8 + ...kup-compression-algorithm-337a6708264cb84a.yaml | 7 + ...cinder-backup-concurrency-dc7627c617d36133.yaml | 8 + ...er-backup-gcs-s3-backends-7dc04376150164fc.yaml | 5 + ...backup-other-ceph-cluster-36852bf2edfd11a7.yaml | 8 + ...snapshot-support-disabled-2d2e08c97537bc94.yaml | 14 + .../cinder-rbd-multiconfig-dff6b46a0b20331a.yaml | 6 + .../dcn-hci-storage-rename-0b1c17dd50f4cc9a.yaml | 8 + ...-all-debug-params-boolean-b1256f282e414b98.yaml | 6 + .../erl-sbwtdcpu-sbwtdio-b26506a0430480dc.yaml | 9 + ...external_ceph_environment-05a1405bce969060.yaml | 15 + .../notes/frr-support-21648d0660a810ac.yaml | 15 + ...introducing-qemutlsverify-af590e0243fe6b08.yaml | 9 + .../notes/keepalived_removed-04c52519d7b33acb.yaml | 6 + .../notes/libvirt-debug-0bf95db421329ff6.yaml | 9 + .../notes/manila-db-purge-811512391617216d.yaml | 6 + .../monitor_interval_ovndbs-b14c886737965300.yaml | 9 + releasenotes/notes/no-iscsi-df52429ef64f4093.yaml | 13 + ...-compute-image-parameters-eb3a11bf0fd4691b.yaml | 11 + ...mit-postcopy-autoconverge-ca1719fd2abed45f.yaml | 8 + ...hine-type-default-changed-27244a925f6d6200.yaml | 17 + .../nova-scheduler-tunables-8c1dbab10b289480.yaml | 8 + ...irect_glance_rbd_download-e945933da26f10f0.yaml | 17 + .../nova_libvirt_max_queues-8024fc63105bd25d.yaml | 6 + ...va_migration_limit_access-20be8d69686ca95c.yaml | 8 + .../notes/nova_novnc_network-83a1479bf227f867.yaml | 10 + ...placement_custom_provider-21203c3ff54c878c.yaml | 7 + ...vn-security-group-logging-0542b777ea58b5f6.yaml | 6 + ...ploy_setup_tasks-addition-63a9e4dfccc2132a.yaml | 6 + ...routed_network_aggregates-b23a7279643c6a70.yaml | 15 + .../refactor-service-vips-a48739c1b2fab207.yaml | 54 ++ ...reintroduce-keystone_corn-85290afe6bf8b019.yaml | 21 + ...dd_support_for_timemaster-a8dc3e4d5db4e8b3.yaml | 7 + ...efault-password-interface-55a4e85ef0ccef2f.yaml | 5 + .../remove-ovn-vif_type-1c09bf29d1bd38da.yaml | 5 + ...tempest-container-support-8950767b0047c9af.yaml | 8 + ...remove-veritas-hyperscale-a0b5da7d882c853f.yaml | 12 + ...-recoverable-node-timeout-1fcd7a83f983e61b.yaml | 11 + .../xtremio-add-ports-option-8991f7c8acc1aadb.yaml | 5 + ...o-iscsi-remove-deprecated-68a8830be3d4f2b8.yaml | 5 + roles/BlockStorage.yaml | 3 +- roles/CellController.yaml | 3 +- roles/CephAll.yaml | 2 +- roles/CephFile.yaml | 3 +- roles/CephObject.yaml | 3 +- roles/CephStorage.yaml | 3 +- roles/Compute.yaml | 2 +- roles/ComputeAlt.yaml | 3 +- roles/ComputeDVR.yaml | 3 +- roles/ComputeHCI.yaml | 2 +- roles/ComputeHCIOvsDpdk.yaml | 2 +- roles/ComputeHCISriov.yaml | 3 +- roles/ComputeInstanceHA.yaml | 3 +- roles/ComputeLiquidio.yaml | 3 +- roles/ComputeLocalEphemeral.yaml | 2 +- roles/ComputeOvsDpdk.yaml | 2 +- roles/ComputeOvsDpdkRT.yaml | 2 +- roles/ComputeOvsDpdkSriov.yaml | 3 +- roles/ComputeOvsDpdkSriovRT.yaml | 3 +- roles/ComputePPC64LE.yaml | 2 +- roles/ComputeRBDEphemeral.yaml | 2 +- roles/ComputeRealTime.yaml | 2 +- roles/ComputeSriov.yaml | 2 +- roles/ComputeSriovIB.yaml | 3 +- roles/ComputeSriovRT.yaml | 2 +- roles/Controller.yaml | 6 +- roles/ControllerAllNovaStandalone.yaml | 5 +- roles/ControllerNoCeph.yaml | 6 +- roles/ControllerNovaStandalone.yaml | 5 +- roles/ControllerOpenstack.yaml | 4 +- roles/ControllerSriov.yaml | 6 +- roles/ControllerStorageDashboard.yaml | 6 +- roles/ControllerStorageNfs.yaml | 6 +- roles/Database.yaml | 3 +- roles/DistributedCompute.yaml | 3 +- roles/DistributedComputeHCI.yaml | 3 +- roles/DistributedComputeHCIDashboard.yaml | 2 +- roles/DistributedComputeHCIScaleOut.yaml | 3 +- roles/DistributedComputeScaleOut.yaml | 3 +- roles/HciCephAll.yaml | 2 +- roles/HciCephFile.yaml | 2 +- roles/HciCephMon.yaml | 2 +- roles/HciCephObject.yaml | 2 +- roles/IronicConductor.yaml | 3 +- roles/Messaging.yaml | 3 +- roles/Minimal.yaml | 1 - roles/Networker.yaml | 3 +- roles/NetworkerSriov.yaml | 3 +- roles/NovaManager.yaml | 2 +- roles/Novacontrol.yaml | 3 +- roles/ObjectStorage.yaml | 2 +- roles/README.rst | 7 +- roles/Standalone.yaml | 9 +- roles/Telemetry.yaml | 3 +- roles/Undercloud.yaml | 2 +- roles/UndercloudMinion.yaml | 1 - roles_data.yaml | 16 +- roles_data_undercloud.yaml | 2 +- sample-env-generator/dcn.yaml | 13 +- sample-env-generator/enable-services.yaml | 173 +----- sample-env-generator/ssl.yaml | 4 - sample-env-generator/standalone.yaml | 12 +- sample-env-generator/undercloud-minion.yaml | 8 +- setup.cfg | 4 +- test-requirements.txt | 1 + tools/__init__.py | 0 tools/convert_heat_nic_config_to_ansible_j2.py | 513 +++++++++++++++++ tools/process-templates.py | 11 + .../2-linux-bonds-vlans-controller.yaml | 344 ++++++++++++ .../heat_templates/bond-vlans-controller.yaml | 298 ++++++++++ .../heat_templates/complex.yaml | 237 ++++++++ .../multiple-nics-vlans-controller.yaml | 280 ++++++++++ .../heat_templates/simple.yaml | 51 ++ .../single-nic-linux-bridge-vlans-controller.yaml | 285 ++++++++++ .../single-nic-vlans-controller.yaml | 281 ++++++++++ .../2-linux-bonds-vlans-controller.j2 | 96 ++++ .../j2_references/bond-vlans-controller.j2 | 61 +++ .../j2_references/complex_complete.j2 | 48 ++ .../j2_references/complex_incomplete.j2 | 39 ++ .../multiple-nics-vlans-controller.j2 | 78 +++ .../j2_references/simple.j2 | 26 + .../single-nic-linux-bridge-vlans-controller.j2 | 56 ++ .../j2_references/single-nic-vlans-controller.j2 | 51 ++ .../network_file_complex.yaml | 32 ++ .../networks_file_simple.yaml | 4 + .../stack_env_complex.yaml | 17 + .../stack_env_simple.yaml | 10 + .../test_convert_heat_nic_config_to_ansible_j2.py | 303 ++++++++++ tools/yaml-validate.py | 45 +- tox.ini | 12 +- tripleo_heat_templates/environment_generator.py | 2 +- zuul.d/layout.yaml | 6 +- 612 files changed, 14278 insertions(+), 6979 deletions(-) Requirements updates -------------------- diff --git a/test-requirements.txt b/test-requirements.txt index 36bb9c41f..90fd4a994 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -16,0 +17 @@ ansible-runner>=1.4.2 # Apache +ansible-lint[core,yamllint]>=5.0.5 # MIT/GPL