We are psyched to announce the release of: tripleo-heat-templates 11.0.0: Heat templates for deploying OpenStack with OpenStack. This release is part of the train release series. The source is available from: https://opendev.org/openstack/tripleo-heat-templates Download the package from: https://tarballs.openstack.org/tripleo-heat-templates/ Please report issues through: https://bugs.launchpad.net/tripleo/+bugs For more details, please see below. 11.0.0 ^^^^^^ New Features ************ * Allows a deployer to specify the IdM domain with --domain on the ipa-client-install invocation by providing the IdMDomain parameter. * Allows a deployer to direct the ipa-client-install to skip NTP setup by specifying the IdMNoNtpSetup parameter. This is useful if the ipa-client-install setup clobbers the NTP setup by puppet. * Add GlanceImageCacheDir parameter to set base directory location that the Image Cache uses. Add GlanceImageCacheMaxSize parameter to set the upper limit on cache size, in bytes, after which the cache- pruner cleans up the image cache. Add GlanceImageCacheStallTime parameter to set the amount of time to let an image remain in the cache without being accessed. * Bluestore replaces Filestore as the default Ceph backend. * New parameters, NovaCronDBArchivedMaxDelay and CinderCronDbPurgeMaxDelay, are introduced to configure max_delay parameter to calculate randomized sleep time before db archive/purge. This avoids db collisions when performing db archive/purge operations on multiple controller nodes. * The passphrase for config option 'server_certs_key_passphrase', that was recently added to Octavia, and will now be auto-generated by TripleO by adding OctaviaServerCertsKeyPassphrase to the list of parameters TripleO configures in Octavia. * To allow PAM to create home directory for user who do not have one, ipa-client-install need an option. This change allow to enable it. * *IronicConductorGroup* allows to define an Ironic Conductor Group so that the managed baremetal nodes may be later manually distributed by operators across multiple conductors. By default, *IronicConductorGroup* takes an empty value, which creates no conductor groups associated with the given Ironic Conductor service instance. Note: There is the default Ironic conductor group named "''", but it cannot be re-defined with *IronicConductorGroup* because of the empty value has been reserved for another purposes in t-h-t. * *IronicRpcTransport* controlls the remote procedure call transport between Ironic Conductor and API processes. For some case, like Edge DCN, this parameter may be set to 'json-rpc', when the used messaging broker should not be stretched over WAN. For such cases, this option also plays nicely alongside the Ironic Conductor Groups (https://docs.openstack.org/ironic/latest/admin/conductor- groups.html) feature. Defaults to an empty value, which leaves the corresponding service's default value intact. * A new service, NeutronAZConfig, is avaialable which can be used to configure Neutron for using avaialabiity zones. By default the service is mapped to None, but can be enabled by including *environments/neutron-az-config.yaml*. "NeutronDefaultAvailabilityZones", "NeutronDhcpAgentAvailabilityZone", "NeutronL3AgentAvailabilityZone", "NeutronDhcpAgentsPerNetwork", "NeutronNetworkSchedulerDriver", "NeutronRouterSchedulerDriver" and "NeutronDhcpLoadType" parameters can be used to configure various AZ configurations. By default, "Neutron*AvailabilityZone" takes the name of the heat stack/deployment plan, and "NeutronDefaultAvailabilityZones" takes an additional value 'nova'. For details, see Official Documentaion (https://docs.openstack.org/neutron/latest/admin/config-az.html). * Configure Neutron API for Nova Placement When the Neutron Routed Provider Networks feature is used in the overcloud, the Networking service will use those credentials to communicate with the Compute scheduler's placement API. * The parameters "NovaNfsEnabled", "NovaNfsShare", "NovaNfsOptions", "NovaNfsVersion" are changed to be role specific. This requires the usage of host aggregates as otherwise it will break live migration of instances as we can not do this with different storage backends. * Add role parameter NovaLibvirtNumPciePorts which sets *libvirt/num_pcie_ports* to specify the number of PCIe ports an instance will get. Libvirt allows a custom number of PCIe ports (pcie-root-port controllers) a target instance will get. Some will be used by default, rest will be available for hotplug use. When using the 'q35' machine type, by default, it allows only a *single* PCIe device to be hotplugged. And Nova currently sets 'num_pcie_ports' to "0" (which means, it defaults to libvirt's "1"), which is not sufficient for hotplug use. Default for NovaLibvirtNumPciePorts is 16. * Added OVN-DPDK support * Introduced two new numeric parameters OvsRevalidatorCores and OvsHandlerCores to set values of n-revalidator-threads and n -handler-threads on openvswitch. * Composable service templates can now define scale_tasks. They are meant for scale down/up logic of services which need to be stopped/started during the scaling procedure. All happens within a single playbook and the down/up Ansible tags are required to differenciate them during the run. Upgrade Notes ************* * The Neutron LBaaS project was retired. Upgrading to deployment to Train release will not upgrade Neutron LBaaS. Learn more about its retirement and Octavia as its successor at https://wiki.openstack.org/wiki/Neutron/LBaaS/Deprecation * Removed the OS::TripleO::Services::Ntp service and related ntp files as chrony is the new default. Deprecation Notes ***************** * OpenDaylight service is deprecated in Stein and will be disabled in future releases. * OS::TripleO::Services::SELinux has been deprecated. Management of selinux configuration is now handled via ansible during the deployment. * The following files are removed (environments/neutron-ml2-ovn-dvr- ha.yaml and environments/neutron-ml2-ovn-ha.yaml). The reason for this is that the maintained versions are kept under environment/services and to avoid confusion we remove the unmaintained ones. * The only OVN Tunnel Encap Type that we are supporting in OVN is Geneve and this is set by default in ovn puppet. So there are no need to set it in TripleO * The Neutron LBaaS project was retired and support for it in TripleO removed. * The template *tuned-baremetal-puppet* has been deprecated. This template has been replaced by *tuned-baremetal-ansible* which provides for the same functionality and interfaces. Bug Fixes ********* * OpenDaylight inactivity probe for setting the OVSDB timeout now defaults to 180s. This helps fix scale issues for large number of computes nodes in OpenDaylight deployments. * Fixed launchpad bug 1831122 (https://bugs.launchpad.net/tripleo/+bug/1831122) with the NetApp Backend. * Fixes an issue where deployment would fail if a non-default "name_lower" is used in network data for one of the networks: "External", "InternalApi" or "StorageMgmt". (See bug: 1830852 (https://bugs.launchpad.net/tripleo/+bug/1830852).) * Fixed service auth URL in Octavia to use the Keystone v3 internal endpoint. * As of Rocky [1], the nova-consoleauth service has been deprecated and cell databases are used for storing token authorizations. All new consoles will be supported by the database backend and existing consoles will be reset. Console proxies must be run per cell because the new console token authorizations are stored in cell databases. nova-consoleauth was deprecated in tripleo with: I68485a6c4da4476d07ec0ab5e7b5a4c528820a4f This change now removes the NovaConsoleauth Service. [1] https://docs.openstack.org/releasenotes/nova/rocky.html * With 405366fa32583e88c34417e5f46fa574ed8f4e98 the parameters RpcPort, RpcUserName, RpcPassword and RpcUseSSL got deprecated and nova::rabbitmq_port removed. As a result the healtcheck get called with null parameter and fail. We now get the global_config_settings from RabbitMQService and use oslo_messaging_rpc_port for the healthcheck. * Change-Id: I1a159a7c2ac286373df2b7c566426b37b7734961 moved the dicovery to run on a single compute host to not race on simultanious nova-manage commands. This change make sure we run the discover on every deploy run which is required for scaling up events. Other Notes *********** * The EndpointMap parameter is now required by post_deploy templates. So if an user overrides OS::TripleO::NodeExtraConfigPost with another template, the template would need to have EndpointMap parameter to work fine. Changes in tripleo-heat-templates 10.5.0..11.0.0 ------------------------------------------------ 0e11de618 Configure Neutron API for Nova Placement... 0f6dabc72 Add new role parameter NovaLibvirtNumPciePorts c0860d58a Do not assume the CNI config directory exists 67f8a42a8 Remove tripleo-ui references 14436f915 Remove Neutron LBaaS d6b08579a Set TenantNetPhysnetMtu to 0 to allow different MTUs 9be6c1c93 Use ansible for AllNodesDeployment 0cb21704e Drop dhcp_domain from ironic compute 715d9c2f2 Ensure ceph-ansible is installed 7cbcea8b5 Add support for Ironic Conductor Groups 1c4304aea Make node_ips generic in the Heat template efa301786 Move puppet/services/README and releasenotes 4101b35bc Move compute-instanceha, neutron-ovn-dvr-ha to deployments d799f4193 Move vpp, and veritas-hyperscale into deployment 3ae00015e Move masq-nets, swift-external, and validations to deployment 2e2750b72 Move auditd, ca-cert, certmonger to deployment 48ca0b4ac Move openvswitch into deployments 8e4f70322 Fix netapp deployment manifest 34e1c75e5 Remove unnecessary openldap-clients package from overcloud controllers 8e482688d Convert tuned puppet to ansible 05f4b253b Refactor ovn_dbs upgrade_tasks. 0e6769b4b Remove baremetal to containerized pacemaker upgrade_tasks. bf8cde549 Remove OpenStack packages right before upgrading the operating system b0519479c Add operating system upgrade preparation via Leapp 6d9560e17 Respect tags in upgrade tasks f8ca0d41a Reintroduce upgrade tasks for stopping pacemaker cluster 6454247dd Delete the stale and incorrect ovn environment files 7910cf3b4 Fix ssl.yaml generating GaneshaInternal in the endpoint map b4223ead2 Do not bind /run on host to nova_migration_target 30708633d Switch to use $NETWORK_uri for memcached f708ab7a8 krb-service-principals support service_net_map_replace c0fcf8674 Fix custom network.name_lower in krb-service-principals f7b8be6cc Fix manila-scheduler-container-puppet.yaml typo c450bae2b ceph-base: Update ceph-ansible default playbook 6f6032e81 novajoin: set project_name to service d8ebe0c50 neutron: force project_name for midonet & bigswitch d75aee60f cinder: set cinder::nova::project_name to service 9d5c972d9 Stop all services before upgrading node's OS. e97d4dcfd Initialize ip(6)tables "raw" table bbc18dd8d Handle openvswitch meta-package on undercloud upgrade. 1cd8347c2 mistral-event-engine: only import ::tripleo::profile::base::mistral a3f5d1282 Adapt sensu on refactor 504f8fc75 Re-add amphora flavor management settings 824dd9003 Use make_url to wrap IPv6 addresses in brackets. edfbeae91 Add domain and no-ntp options to ipaclient 45f5c283e Fix haproxy stats network binding acc4fb032 Add support for Ironic Rpc Transport override 68bfc2672 Fix run-os-net-config.sh to use ping6 for IPv6 hostnames 6858ef411 Add CephAnsibleEnvironmentVariables to nodes-uuid call 7ac8e67d8 Set force_config_drive only when OVNMetadata is disabled 114e5778f Remove the iptables rules set via service_config_settings 5e83eeda5 Override ovn::controller::hostname to use hiera:fqdn_canonical 016279b71 standalone/undercloud - post: use EndpointMap to fetch Keystone URL eafe39085 Try a timesync as part of first boot 885715855 Ensure openstack clients are installed 4559d3b74 Configure server_certs_key_passphrase for Octavia cf6fc40c6 Ironic Inspector - use make_url for db connection cb8d27105 Sync the ControllerStorageNfs role with the Controller role 8f8b750e4 Add cinder credentials to nova conf 6e150aeb0 Correct ceph configuration for scenario 10 environments e9c26b6d3 Consolidate RpcPort healthchecks 05f650d5d Fix IPA client when doing brownfield deployment of internal TLS 3c5ad2aab OVS Revalidator and handler threads 3778e6121 Configure nova_compute for vendordata bb95ce843 Remove HostEntryDeployment 3a1948390 Remove InstanceIdDeployment 32bf12e20 Fix NovaNfs role parameter precedence in conditions bbbca8d65 Modified the way fluentd configures rsyslog aeb91c34f Re-add undercloud-aodh.yaml 18bae394a Move neutron base, plugins to deployment cc95b17ed Ensure we aren't running some dry-run also for Pacemaker case ef6c23ef6 Fix haproxy firewall rules 967d42b54 placement: Add nova_api data extraction step during deployment 1f2a71e41 Add more settings for glance image cache 2471642f6 [ipaclient] Fix type of MakeHomeDir heat param c5fe51147 Use RpcPort for container healthchecks 20dbe3206 Remove NovaConsoleauth Service 0c19fa2b9 Fix the step_config input in the OvS-DPDK template c901a4137 Enable zaqar healthchecks b20ca116a Remove OVNTunnelEncapType bbd2d9448 Allow multiple same options in nova.conf 055d15f92 Gracefully handle empty config json data 485b3c964 Remove hardcoded RabbitMQService 940de74b8 Default CephAnsibleDisksConfig to bluestore f3df90f2c Set arp_notify to match ndisc_notify 6ce5b5e12 Revert "Switch off nova metadata api on the undercloud" 9755a1b2d Enable serial execution for ansible host a8ec69941 Clean up leftover mount point after docker stop. d2fae913d Copy keys for tripleo-admin user 4b113a7a1 Enable ndisc_notify sysctl setting to notify of MAC changes 9e14ae6c9 Set configure_delegated_roles a parameter d1b187a56 Scale-down tasks for nova-compute 738486f10 Revert "mistral: configure heartbeat parameters to avoid action timeout" 894481faf Enable Podman Service For Lacking Roles 3abededac Remove NTP 90562b6f5 Use timesync service 36148ff6a Propagate AdditionalArchitectures to container image prepare db89f2d9a Avoid issues with non-existing directories d9c83dbf9 Adjust deployed-server install package list for RHEL8 87549eb4c Remove ceph-ansible fetch directory as privileged user 28a675dea Switch off nova metadata api on the undercloud 4d4263f4f Set debug level of nova container_config_scripts only when enabled 372ca2248 Use oslo_messaging_rpc_port for nova rpc healthchecks 75361e66b ensure /var/run/redis is present upon reboot 1e33dfa8f Fix cinder-backup deployment templates 53657f618 Remove ceph-ansible fetch directory after it is saved 5906f45ff Change setype for non container /var/log/<service> directories 63c451869 nova: Remove the NovaPlacement service 08015d6f9 Run nova-manage as root to prevent wrong nova-manage.log permissions ae439aa39 MetricsQdr: Build sslProfiles without internal TLS dfc99bad0 Run nova_cell_v2_discover_hosts.py on every deploy run 5a4223c86 Ensure there is no redis on host 155074693 Override ceph_mon to v2 protocol 910765965 Create /var/log/placement on host for file logging e0d26441f Add ServiceNetMap to global_vars bfd3fea2e Add Keystone admin/public to enabled services list cd6a1b3d4 Drop puppet/services/metrics/collectd.yaml a82f3f0c7 Scale-down tasks for RHSM 5d66b9c1e Introduce scale_tasks 72d52593b nova_metadata firewall_rules missmatch 44d6d689e Adapt check-docker-health for podman 096816a23 Simplify and correct how we provide the undercloud.conf to mistral 9e4bb8b86 Activate health checks for cron containers e2159e552 fup: Keep NovaPlacement in the service registry for upgrades f62189850 fup: Add comment removed by I9e3287bcbe9d317f32bf6b468c6ee17f04b6fff9 afe583b39 heat: use oslo_messaging_rpc_port for nova rpc healthchecks 8e60f8361 Properly indent placement::firewall_rules 54c54d384 Add ANSIBLE_GATHER_TIMEOUT=60 to ceph-ansible run 3eb5ca307 Split upgrade_steps_playbook into different plays. ba14b75c8 Move pacemaker, pacemaker-remote into deployments 4a9f2ac05 Move Manila backends into deployment 3fc9ea118 OpenDev Migration Patch 555178160 placement: Introduce an extracted PlacementAPI service 1c241362f fix storage.yaml to write environments/storage/nova-nfs.yaml 455119d0b Update master for stable/stein e7dee7bd2 Remove puppet selinux management 908e6b981 Avoid concurrent nova cell_v2 discovery instances 0a5b248c9 Add OS::TripleO::NeutronAZConfig 7e73fac11 Evaluating ansible_check_mode as a boolean 8ff04029f Use oslo_messaging_rpc_port for nova rpc healthchecks 1295868dd Allow NovaNfs parameters to be role specific 9f6caf772 Fix service auth URL in Octavia 91c08c1e2 Add ability to specify dns search domains fca094570 Add DPDK support for OVN 492816a16 Clean metrics related environments 2a34ccb62 Add parameter to configure maxdelay in db purge/archive job 364a0eaab Add mkhomedir option to ipa-client-install Diffstat (except docs and test files) ------------------------------------- .gitreview | 2 +- capabilities-map.yaml | 5 - ci/common/vbmc_setup.yaml | 5 + ci/environments/multinode-3nodes-registry.yaml | 4 +- ci/environments/multinode-3nodes.yaml | 7 +- ci/environments/multinode-containers.yaml | 4 +- .../nic-configs/compute-dvr.yaml | 5 + .../multiple-nics-ipv6/nic-configs/compute.yaml | 5 + .../multiple-nics-ipv6/nic-configs/controller.yaml | 5 + .../multiple-nics/nic-configs/compute-dvr.yaml | 5 + .../network/multiple-nics/nic-configs/compute.yaml | 5 + .../multiple-nics/nic-configs/controller.yaml | 5 + .../network/public-bond/nic-configs/compute.yaml | 5 + .../public-bond/nic-configs/controller.yaml | 5 + .../scenario000-multinode-containers.yaml | 6 +- .../scenario001-multinode-containers.yaml | 8 +- ci/environments/scenario001-standalone.yaml | 2 + .../scenario002-multinode-containers.yaml | 8 +- .../scenario003-multinode-containers.yaml | 8 +- .../scenario004-multinode-containers.yaml | 10 +- ci/environments/scenario004-standalone.yaml | 7 +- .../scenario006-multinode-containers.yaml | 4 +- ci/environments/scenario006-multinode.yaml | 6 +- .../scenario007-multinode-containers.yaml | 6 +- .../scenario008-multinode-containers.yaml | 6 +- ci/environments/scenario009-multinode.yaml | 2 +- .../scenario010-multinode-containers.yaml | 9 +- ci/environments/scenario010-standalone.yaml | 2 + .../scenario012-multinode-containers.yaml | 8 +- ci/environments/scenario012-standalone.yaml | 4 +- common/container-puppet.py | 5 + common/deploy-steps-tasks.yaml | 54 +-- common/deploy-steps.j2 | 219 +++++++-- common/services/role.role.j2.yaml | 11 + .../nova_cell_v2_discover_hosts.py | 62 +++ .../nova_statedir_ownership.py | 9 +- ...er_host.py => nova_wait_for_compute_service.py} | 63 +-- .../nova_wait_for_placement_service.py | 29 +- deployed-server/deployed-server-bootstrap-rhel.sh | 4 +- deployed-server/deployed-server-roles-data.yaml | 15 +- deployed-server/deployed-server.yaml | 49 +- deployment/README.rst | 119 ++++- .../aodh/aodh-listener-container-puppet.yaml | 10 +- .../aodh/aodh-notifier-container-puppet.yaml | 10 +- .../auditd/auditd-baremetal-puppet.yaml | 0 .../barbican/barbican-api-container-puppet.yaml | 51 +-- .../ceilometer-agent-compute-container-puppet.yaml | 14 +- ...ometer-agent-notification-container-puppet.yaml | 14 +- deployment/ceph-ansible/ceph-base.yaml | 26 +- deployment/ceph-ansible/ceph-osd.yaml | 4 +- .../certs/ca-certs-baremetal-puppet.yaml | 0 .../certs/certmonger-user-baremetal-puppet.yaml | 0 deployment/cinder/cinder-api-container-puppet.yaml | 4 +- .../cinder/cinder-backup-container-puppet.yaml | 19 +- .../cinder/cinder-backup-pacemaker-puppet.yaml | 45 +- deployment/cinder/cinder-base.yaml | 9 +- .../cinder/cinder-scheduler-container-puppet.yaml | 10 +- .../cinder/cinder-volume-container-puppet.yaml | 10 +- .../cinder/cinder-volume-pacemaker-puppet.yaml | 49 -- ...ntainer-image-prepare-baremetal-ansible.j2.yaml | 5 + deployment/containers-common.yaml | 16 +- deployment/database/mysql-pacemaker-puppet.yaml | 52 +-- deployment/database/redis-container-puppet.yaml | 18 +- deployment/database/redis-pacemaker-puppet.yaml | 47 +- .../logging/fluentd-container-puppet.yaml | 27 +- .../monitoring/sensu-client-container-puppet.yaml | 42 +- .../nova/nova-consoleauth-container-puppet.yaml | 14 +- .../nova/nova-placement-container-puppet.yaml | 242 ---------- .../opendaylight-ovs-baremetal-puppet.yaml | 2 +- .../tripleo-ui/tripleo-ui-container-puppet.yaml | 45 -- .../tuned/tuned-baremetal-puppet.yml} | 0 deployment/glance/glance-api-container-puppet.yaml | 23 + deployment/haproxy/haproxy-container-puppet.yaml | 13 +- deployment/haproxy/haproxy-pacemaker-puppet.yaml | 54 +-- deployment/heat/heat-api-container-puppet.yaml | 2 + deployment/heat/heat-engine-container-puppet.yaml | 16 +- deployment/horizon/horizon-container-puppet.yaml | 7 - deployment/ironic/ironic-base-puppet.yaml | 13 + .../ironic/ironic-conductor-container-puppet.yaml | 22 +- .../ironic/ironic-inspector-container-puppet.yaml | 18 +- .../ironic-neutron-agent-container-puppet.yaml | 3 +- deployment/kernel/kernel-baremetal-puppet.yaml | 4 + deployment/keystone/keystone-container-puppet.yaml | 2 + deployment/logging/files/barbican-api.yaml | 2 +- deployment/logging/files/heat-api-cfn.yaml | 2 +- deployment/logging/files/heat-api.yaml | 2 +- deployment/logging/files/heat-engine.yaml | 2 +- deployment/logging/files/keystone.yaml | 2 +- deployment/logging/files/neutron-api.yaml | 2 +- deployment/logging/files/neutron-common.yaml | 2 +- deployment/logging/files/nova-api.yaml | 2 +- deployment/logging/files/nova-common.yaml | 2 +- deployment/logging/files/nova-metadata.yaml | 2 +- deployment/logging/files/nova-placement.yaml | 49 -- deployment/logging/files/opendaylight-api.yaml | 2 +- deployment/logging/files/panko-api.yaml | 2 +- deployment/logging/files/placement-api.yaml | 49 ++ .../{nova-placement.yaml => placement-api.yaml} | 34 +- .../logrotate-crond-container-puppet.yaml | 2 + .../manila}/manila-backend-cephfs.yaml | 0 .../manila}/manila-backend-isilon.yaml | 0 .../manila}/manila-backend-netapp.yaml | 0 .../manila}/manila-backend-unity.yaml | 0 .../manila}/manila-backend-vmax.yaml | 0 .../manila}/manila-backend-vnx.yaml | 0 .../manila/manila-scheduler-container-puppet.yaml | 14 +- .../manila/manila-share-pacemaker-puppet.yaml | 43 -- .../masquerade-networks-baremetal-puppet.yaml | 0 .../memcached/memcached-container-puppet.yaml | 6 + deployment/metrics/collectd-container-puppet.yaml | 4 +- deployment/metrics/qdr-container-puppet.yaml | 2 +- deployment/mistral/mistral-base.yaml | 35 -- .../mistral/mistral-engine-container-puppet.yaml | 14 +- .../mistral-event-engine-container-puppet.yaml | 16 +- .../mistral/mistral-executor-container-puppet.yaml | 39 +- .../neutron/neutron-api-container-puppet.yaml | 12 +- deployment/neutron/neutron-az-config.yaml | 121 +++++ .../neutron}/neutron-base.yaml | 0 .../neutron-bigswitch-agent-baremetal-puppet.yaml | 0 .../neutron}/neutron-compute-plugin-midonet.yaml | 0 .../neutron}/neutron-compute-plugin-nuage.yaml | 0 .../neutron}/neutron-compute-plugin-plumgrid.yaml | 0 .../neutron}/neutron-controller-plugin-nuage.yaml | 0 .../neutron/neutron-dhcp-container-puppet.yaml | 16 +- .../neutron}/neutron-l3-compute-dvr.yaml | 0 .../neutron/neutron-l3-container-puppet.yaml | 16 +- .../neutron-lbaas-api-container-puppet.yaml | 70 --- ...neutron-linuxbridge-agent-baremetal-puppet.yaml | 0 .../neutron/neutron-metadata-container-puppet.yaml | 12 +- .../neutron/neutron-midonet-baremetal-puppet.yaml | 0 .../neutron-ovn-dpdk-config-container-puppet.yaml | 91 ++++ .../neutron-ovs-agent-container-puppet.yaml | 16 +- .../neutron-ovs-dpdk-agent-container-puppet.yaml | 5 +- ...eutron-plugin-ml2-ansible-container-puppet.yaml | 2 +- ...tron-plugin-ml2-cisco-vts-container-puppet.yaml | 2 +- .../neutron}/neutron-plugin-ml2-fujitsu-cfab.yaml | 0 .../neutron}/neutron-plugin-ml2-fujitsu-fossw.yaml | 0 ...lugin-ml2-mlnx-sdn-assist-container-puppet.yaml | 2 +- .../neutron}/neutron-plugin-ml2-nuage.yaml | 0 .../neutron}/neutron-plugin-ml2-odl.yaml | 0 .../neutron}/neutron-plugin-ml2-ovn.yaml | 21 + .../neutron}/neutron-plugin-ml2.yaml | 0 .../neutron}/neutron-plugin-nuage.yaml | 0 .../neutron}/neutron-plugin-plumgrid.yaml | 0 .../neutron-sriov-agent-container-puppet.yaml | 16 +- .../neutron}/neutron-sriov-host-config.yaml | 0 .../neutron-vpp-agent-baremetal-puppet.yaml | 0 deployment/nova/nova-api-container-puppet.yaml | 10 +- deployment/nova/nova-base-puppet.yaml | 32 +- .../nova/nova-compute-common-container-puppet.yaml | 11 +- deployment/nova/nova-compute-container-puppet.yaml | 260 ++++++++--- deployment/nova/nova-ironic-container-puppet.yaml | 36 +- .../nova/nova-metadata-container-puppet.yaml | 2 +- .../nova-migration-target-container-puppet.yaml | 1 - .../nova/nova-scheduler-container-puppet.yaml | 10 +- deployment/nova/novajoin-container-puppet.yaml | 6 +- .../octavia/octavia-api-container-puppet.yaml | 17 +- deployment/octavia/octavia-base.yaml | 8 +- .../octavia/octavia-deployment-config.j2.yaml | 11 +- .../octavia-health-manager-container-puppet.yaml | 7 - .../octavia/octavia-worker-container-puppet.yaml | 14 +- .../openvswitch/openvswitch-baremetal-puppet.yaml | 18 + .../ovn/ovn-controller-container-puppet.yaml | 13 +- deployment/ovn/ovn-dbs-pacemaker-puppet.yaml | 112 ++--- deployment/ovn/ovn-metadata-container-puppet.yaml | 2 +- .../compute-instanceha-baremetal-puppet.yaml | 0 .../pacemaker/ovn-dbs-baremetal-puppet.yaml | 0 .../pacemaker/pacemaker-baremetal-puppet.yaml | 10 + .../pacemaker-remote-baremetal-puppet.yaml | 0 .../placement/placement-api-container-puppet.yaml | 298 ++++++++++++ deployment/podman/podman-baremetal-ansible.yaml | 24 +- ...rabbitmq-messaging-notify-pacemaker-puppet.yaml | 41 -- .../rabbitmq-messaging-pacemaker-puppet.yaml | 42 -- .../rabbitmq-messaging-rpc-pacemaker-puppet.yaml | 42 -- .../sahara/sahara-engine-container-puppet.yaml | 10 +- deployment/selinux/selinux-baremetal-puppet.yaml | 48 -- .../external-swift-proxy-baremetal-puppet.yaml | 0 .../swift/swift-storage-container-puppet.yaml | 2 +- deployment/time/ntp-baremetal-puppet.yaml | 115 ----- .../tripleo-firewall-baremetal-puppet.yaml | 47 ++ .../tripleo-packages-baremetal-puppet.yaml | 57 +++ deployment/tuned/tuned-baremetal-ansible.yaml | 111 +++++ deployment/undercloud/undercloud-upgrade.yaml | 143 ++++++ .../tripleo-validations-baremetal-puppet.yaml | 0 ...tas-hyperscale-controller-baremetal-puppet.yaml | 0 .../vpp/vpp-baremetal-puppet.yaml | 0 deployment/zaqar/zaqar-container-puppet.yaml | 8 + environments/auditd.yaml | 3 +- environments/compute-instanceha.yaml | 3 +- environments/docker-ha.yaml | 4 +- environments/docker-uc-light.yaml | 2 +- environments/low-memory-usage.yaml | 3 +- environments/manila-cephfsganesha-config.yaml | 2 +- environments/manila-cephfsnative-config.yaml | 2 +- environments/manila-isilon-config.yaml | 2 +- environments/manila-netapp-config.yaml | 6 +- environments/manila-unity-config.yaml | 2 +- environments/manila-vmax-config.yaml | 2 +- environments/manila-vnx-config.yaml | 2 +- environments/metrics/collect-read-rabbitmq.yaml | 15 + .../collectd-standalone.yaml} | 2 +- .../collectd-write-qdr.yaml} | 4 +- environments/networking/neutron-midonet.yaml | 2 +- environments/neutron-az-config.yaml | 2 + environments/neutron-linuxbridge.yaml | 3 +- environments/neutron-midonet.yaml | 2 +- environments/neutron-ml2-bigswitch.yaml | 3 +- environments/neutron-ml2-fujitsu-cfab.yaml | 2 +- environments/neutron-ml2-fujitsu-fossw.yaml | 2 +- environments/neutron-ml2-ovn-dvr-ha.yaml | 29 -- environments/neutron-ml2-ovn-ha.yaml | 31 -- environments/neutron-ml2-vpp.yaml | 5 +- environments/neutron-nsx.yaml | 2 +- environments/neutron-ovs-dvr.yaml | 2 +- environments/neutron-plumgrid.yaml | 2 +- environments/neutron-sriov.yaml | 2 +- .../services-baremetal/neutron-lbaasv2.yaml | 19 - .../neutron-opendaylight-sriov.yaml | 2 +- .../services-baremetal/neutron-opendaylight.yaml | 2 +- .../services-baremetal/neutron-ovn-dvr-ha.yaml | 4 +- .../services-baremetal/neutron-ovn-ha.yaml | 2 +- environments/services-baremetal/neutron-sriov.yaml | 2 +- environments/services-baremetal/octavia.yaml | 5 +- environments/services/masquerade-networks.yaml | 2 +- environments/services/neutron-lbaasv2.yaml | 7 - environments/services/neutron-nsx-lbaasv2.yaml | 6 - .../services/neutron-opendaylight-sriov.yaml | 2 +- environments/services/neutron-opendaylight.yaml | 2 +- environments/services/neutron-ovn-dpdk.yaml | 7 + environments/services/neutron-ovn-dvr-ha.yaml | 2 +- environments/services/neutron-ovn-ha.yaml | 2 +- environments/services/neutron-ovn-sriov.yaml | 2 +- environments/services/neutron-ovn-standalone.yaml | 2 +- environments/services/neutron-ovs-dvr.yaml | 2 +- environments/services/neutron-ovs.yaml | 2 +- environments/services/neutron-sriov.yaml | 2 +- environments/services/octavia.yaml | 5 +- environments/services/ptp.yaml | 1 - environments/services/tripleo-ui.yaml | 3 - environments/services/undercloud-aodh.yaml | 7 + environments/services/vpp.yaml | 3 +- environments/ssl/enable-internal-tls.j2.yaml | 2 +- environments/ssl/no-tls-endpoints-public-ip.yaml | 6 +- environments/ssl/tls-endpoints-public-dns.yaml | 6 +- environments/ssl/tls-endpoints-public-ip.yaml | 6 +- environments/ssl/tls-everywhere-endpoints-dns.yaml | 8 +- environments/standalone.yaml | 2 - environments/standalone/standalone-overcloud.yaml | 1 - environments/standalone/standalone-tripleo.yaml | 1 - environments/stdout-logging.yaml | 2 +- environments/storage/nova-nfs.yaml | 4 + environments/swift-external.yaml | 2 +- environments/tripleo-validations.yaml | 2 +- environments/undercloud.yaml | 67 ++- .../veritas-hyperscale-config.yaml | 2 +- .../krb-service-principals/role.role.j2.yaml | 22 +- extraconfig/post_deploy/default.yaml | 5 + extraconfig/post_deploy/standalone_post.yaml | 42 +- extraconfig/post_deploy/undercloud_post.yaml | 34 +- extraconfig/pre_network/boot-params-service.yaml | 2 +- extraconfig/pre_network/boot_param_tasks.yaml | 19 +- .../pre_network/host_config_and_reboot.yaml | 2 +- extraconfig/services/ipaclient.yaml | 63 ++- extraconfig/services/rhsm.yaml | 9 +- firstboot/userdata_timesync.yaml | 97 ++++ net-config-bond.j2.yaml | 8 + net-config-standalone.j2.yaml | 6 + net-config-static-bridge.j2.yaml | 6 + net-config-static.j2.yaml | 6 + net-config-undercloud.j2.yaml | 6 + .../config/2-linux-bonds-vlans/role.role.j2.yaml | 6 + .../bond-with-vlans/controller-no-external.j2.yaml | 8 + .../config/bond-with-vlans/controller-v6.j2.yaml | 6 + network/config/bond-with-vlans/role.role.j2.yaml | 6 + network/config/multiple-nics/compute-dvr.j2.yaml | 6 + network/config/multiple-nics/controller-v6.j2.yaml | 6 + network/config/multiple-nics/role.role.j2.yaml | 6 + .../controller-v6.j2.yaml | 6 + .../role.role.j2.yaml | 6 + .../controller-no-external.j2.yaml | 6 + .../config/single-nic-vlans/controller-v6.j2.yaml | 6 + network/config/single-nic-vlans/role.role.j2.yaml | 6 + network/endpoints/endpoint_data.yaml | 6 +- network/endpoints/endpoint_map.yaml | 498 ++++++++++----------- network/ports/ctlplane_vip.yaml | 8 +- network/ports/net_ip_list_map.j2.yaml | 59 +-- network/ports/net_ip_map.j2.yaml | 8 +- network/ports/net_vip_map_external.j2.yaml | 16 +- network/ports/net_vip_map_external_v6.j2.yaml | 19 +- network/ports/noop.yaml | 8 +- network/ports/port.j2 | 16 +- network/ports/port_from_pool.j2 | 16 +- network/ports/vip.yaml | 8 +- network/ports/vip_v6.yaml | 13 +- network/scripts/run-os-net-config.sh | 3 +- network/service_net_map.j2.yaml | 5 +- overcloud-resource-registry-puppet.j2.yaml | 40 +- overcloud.j2.yaml | 58 ++- puppet/all-nodes-config.j2.yaml | 58 ++- .../all_nodes/neutron-midonet-all-nodes.yaml | 1 + .../controller/neutron-ml2-bigswitch.yaml | 1 + puppet/services/README.rst | 194 -------- puppet/services/metrics/collectd.yaml | 433 ------------------ puppet/services/neutron-lbaas-agent.yaml | 70 --- ...t-inactivity-probe-config-a89f6dcd204192a8.yaml | 0 ...n_and_no_ntp_to_ipaclient-048fdfccf0cb7835.yaml | 7 + .../add_image_cache_settings-50af5ff56a7d7f75.yaml | 10 + .../bluestore_disks_config-f5553b0540237c4c.yaml | 4 + .../notes/bug-1823274-ca992c1055035c7b.yaml | 7 + ...31122-fix-netapp-env-file-e5aeb0c2bf417d2b.yaml | 6 + ...cate-opendaylight-service-64b960923324edc4.yaml | 0 ...ate-puppet-selinux-config-cc8d2788c534d628.yaml | 5 + ...eprecated-vn-ha-env-files-f0d967d173dcdb16.yaml | 7 + .../notes/endpointmap-8825fcd5fa5a2ba2.yaml | 7 + ...-lower-and-tls-everywhere-1f2300f9a2ba4d98.yaml | 7 + ...-service-auth-url-octavia-90f19c835cb1cc0a.yaml | 4 + ...rver_certs_key_passphrase-229a677df1b7f6e0.yaml | 6 + .../notes/ipa-mkhomedir-c126291bcbdd0111.yaml | 5 + .../ironic-conductor-groups-577543f8ca612f06.yaml | 13 + .../ironic-rpc-transport-b637fd2a3b99fee7.yaml | 11 + .../notes/mistral_timeout-c00344d5b3d8c4b0.yaml | 6 - ...neutron-az-config-service-3085b2c296df06c9.yaml | 14 + .../notes/neutron-placement-6ea6de89bd30b592.yaml | 8 + ...a-nfs-parms-role-specific-527915c6e99ceb89.yaml | 7 + ...va_libvirt_num_pcie_ports-f904bf0fb9a7b19e.yaml | 12 + ...a_remove_nova-consoleauth-227cbeb44e9ab5ef.yaml | 15 + .../nova_rpc_healthcheck-adbe5307dc04eeac.yaml | 9 + ...ell_discovery_on_each_run-11dbb6096ebbf51b.yaml | 7 + releasenotes/notes/ovn-dpdk-15e8747068682f91.yaml | 3 + .../ovn_tunnel_encap_type-04df21d622874c27.yaml | 7 + ...ator-handler-threads.yaml-f5a12d1066b042f1.yaml | 3 + .../remove-neutron-lbaas-e72025b67de3563b.yaml | 11 + .../notes/remove-ntp-20905abec5281f54.yaml | 5 + .../notes/scale_tasks-2042b294d074b37a.yaml | 8 + ...remetal-puppet-deprecated-3e97347917905254.yaml | 5 + releasenotes/source/index.rst | 1 + releasenotes/source/stein.rst | 6 + roles/CellController.yaml | 3 +- roles/ComputeOvsDpdk.yaml | 1 + roles/ComputeOvsDpdkRT.yaml | 1 + roles/ComputeOvsDpdkSriov.yaml | 4 +- roles/ComputeOvsDpdkSriovRT.yaml | 4 +- roles/Controller.yaml | 6 +- roles/ControllerAllNovaStandalone.yaml | 2 +- roles/ControllerNoCeph.yaml | 6 +- roles/ControllerNovaStandalone.yaml | 3 +- roles/ControllerOpenstack.yaml | 6 +- roles/ControllerStorageNfs.yaml | 19 +- roles/Networker.yaml | 1 - roles/Novacontrol.yaml | 3 +- roles/Standalone.yaml | 6 +- roles/Undercloud.yaml | 4 +- roles_data.yaml | 6 +- roles_data_undercloud.yaml | 4 +- sample-env-generator/composable-roles.yaml | 6 +- sample-env-generator/enable-services.yaml | 2 +- sample-env-generator/networking.yaml | 4 +- sample-env-generator/ssl.yaml | 31 +- sample-env-generator/standalone.yaml | 10 +- sample-env-generator/storage.yaml | 3 +- tools/yaml-validate.py | 7 +- 361 files changed, 3438 insertions(+), 3283 deletions(-)