We are pumped to announce the release of: puppet-tripleo 9.0.0: Puppet module for OpenStack TripleO This release is part of the rocky release series. The source is available from: http://git.openstack.org/cgit/openstack/puppet-tripleo Download the package from: https://tarballs.openstack.org/puppet-tripleo/ Please report issues through launchpad: http://bugs.launchpad.net/tripleo (tag: puppet) For more details, please see below. 9.0.0 ^^^^^ New Features ************ * Adds a new parameter to validate whether run the archive or purge manifest for deleted instances in Nova. * Add the ability to deploy an NFS backend for the Cinder Backup service. * Add support for specifying a table name when creating IPtables rules with the firewall class. * Adds support for Ironic Networking Baremetal. Networking Baremetal is used to integrate the Bare Metal service with the Networking service. * Add support for either rabbitmq server nodes or new oslo.messaging service nodes for separated rpc and notify communications * Added variables for endpoint_proxy_nova, endpoint_config_nova, and Apache mod_proxy configuration to proxy nova service just like similar services * Add support via hiera keys like 'tripleo::haproxy::${name}::listen_options' to customize the options of an haproxy service stanza. For example passing the by setting the 'tripleo::haproxy::cinder::options' hiera key to a hash made composed of: 'timeout client': '90m' 'timeout server': '90m' * Split up neutron-lbaas service plugin and agent Upgrade Notes ************* * Class tripleo::profile::base::neutron::lbaas will only configure the Neutron LBaaS service plugin from now on. Use class tripleo::profile::base::neutron::agents::lbaas to configure the Neutron LBaaS agent. Security Issues *************** * TLS v1.0 connections are no longer accepted by our HAProxy configuration. Bug Fixes ********* * Removes neutron ownership of certificates. * Fixes a bug where TLS certificates for ODL could not be generated correctly for deployment due to wrong owner/group applied to the files. Other Notes *********** * Added unit test for tripleo::keepalived class. * Added network_vips parameter to the tripleo::keepalived class where previously it was only exposed via the network_virtual_ips hiera data key. The new parameter still uses the network_virtual_ips hiera data for the default value or falls back to an empty hash. Changes in puppet-tripleo 8.3.0..9.0.0 -------------------------------------- c513172 Merge default_listen with swift_proxy_server_listen_options 6d51054 Partially revert "Fail more gracefully when passed an empty ip" 2131880 Add resource-stickiness=INFINITY to VIPs 001f563 haproxy: enable UI on containerized undercloud 7e72b2e metadata.json: prepare for 9.0.0 release (rocky-m1) f50d381 masquerade: configure FORWARD rules baec322 Fix docker debug/mirrors JSON augeas changes b6c3309 ceilo:base: include ::ceilometer::dispatcher::gnocchi 6bc451b Fixes incorrect license for certmonger haproxy dirs 2419b95 firewall/masquerading: configure state and proto 128ecf1 Fix mode for openstack services 4d08ec3 Include local CA installation outside of HAProxy cert setup b93250a Split up neutron-lbaas service plugin and agent 03402f2 Implement tripleo::masquerade_networks e2beaad Add support for Ironic Networking Baremetal fe09335 Removes neutron ownership of certs 1c13f0c HAProxy: expose stats socket in HA containerized deployment 6bc7a7f Add missing cron jobs for Overcloud cleanup 6dcb55f Add fact to get array of nic alias name e118042 Fixes incorrect ownership of ODL TLS cert/key c6db8d0 Add configuration for the Nova proxy endpoint 77527bb Make the 'Could not find data item hacluster_pwd' error a bit clearer 489d550 Pin puppet-collectd d8d86cf Conventional log directories for pacemaker bundles 7c234ba Include cors modules for Nova, Ironic Inspector 79ccad4 Support both rabbitmq and oslo.messaging service nodes 8f3c647 firewall/rule: add 'table' support cc82b62 Replace perl with awk 364c761 Add NFS backend for cinder-backup service 4bd257b ironic-inspector: enable support for dnsmasq PXE filter ce45763 Allow custom per-service listen_options for haproxy 35daa4f Fix rabbitmq haproxy configuration a4ae09d Extract local CA if it expired 4c7ca4c Fail more gracefully when passed an empty ip b51f182 Enable networking-mlnx ml2 drivers 65f3714 firewall: don't reload IPtables after cleanup fdcad62 Add flag to enable SELinux in docker profile f4e5a91 mistral/api: include cron_trigger ebde918 Disallow TLS v1.0 from HAProxy bd5599c Pin puppet-systemd 4802fa1 ironic/api: include cors config c8fe3cb Create vhost_socket_dir with proper permissions 2abe91f Fix stack update with rabbitmq containers 2207900 neutron/server: expose quotas configuration 1ec7756 Update default Cinder RBD backend_host value 7fb7d63 Move ip_forward configuration to THT 20cdbd3 Ensure ip_forward set before Docker bb50139 Reload iptables instead of restart 79b631b Update reno for stable/queens 3b304d1 Follow the new PTI for document build fd3c3e5 Conditionally include Nuage VRS and Nuage Metadata Agent e083f24 Add tests for tripleo::keepalived 85a7e64 Add support for Designate 49be755 Correct Neutron RabbitMQ User Param Mapping c62bb66 Ensure interface names are downcased Diffstat (except docs and test files) ------------------------------------- Puppetfile_extras | 10 +- lib/facter/nic_alias.rb | 22 +++ lib/puppet/parser/functions/interface_for_ip.rb | 3 +- lib/puppet/parser/functions/is_ip_addresses.rb | 25 +++ manifests/certmonger/ca/local.pp | 2 +- manifests/certmonger/haproxy.pp | 3 - manifests/certmonger/haproxy_dirs.pp | 4 +- manifests/certmonger/neutron.pp | 4 - manifests/certmonger/opendaylight.pp | 4 - manifests/firewall.pp | 32 ++-- manifests/firewall/rule.pp | 12 +- manifests/haproxy.pp | 47 ++++- manifests/haproxy/endpoint.pp | 10 +- manifests/haproxy/horizon_endpoint.pp | 10 +- manifests/keepalived.pp | 12 +- manifests/masquerade_networks.pp | 62 ++++++ manifests/pacemaker/haproxy_with_vip.pp | 4 + manifests/profile/base/aodh.pp | 19 +- manifests/profile/base/barbican/api.pp | 47 +++-- manifests/profile/base/ceilometer.pp | 20 +- manifests/profile/base/certmonger_user.pp | 12 ++ manifests/profile/base/cinder.pp | 19 +- manifests/profile/base/cinder/backup/nfs.pp | 36 ++++ manifests/profile/base/cinder/volume/rbd.pp | 4 +- manifests/profile/base/congress.pp | 12 +- manifests/profile/base/database/mysql.pp | 3 + manifests/profile/base/database/mysql/client.pp | 2 +- manifests/profile/base/designate.pp | 73 +++++++ manifests/profile/base/designate/api.pp | 49 +++++ manifests/profile/base/designate/central.pp | 58 ++++++ manifests/profile/base/designate/mdns.pp | 33 ++++ manifests/profile/base/designate/producer.pp | 33 ++++ manifests/profile/base/designate/sink.pp | 33 ++++ manifests/profile/base/designate/worker.pp | 33 ++++ manifests/profile/base/docker.pp | 35 +++- manifests/profile/base/glance/api.pp | 12 +- manifests/profile/base/heat.pp | 20 +- manifests/profile/base/ironic.pp | 12 +- manifests/profile/base/ironic/api.pp | 1 + manifests/profile/base/ironic_inspector.pp | 5 +- manifests/profile/base/keystone.pp | 22 ++- manifests/profile/base/manila.pp | 19 +- manifests/profile/base/mistral.pp | 19 +- manifests/profile/base/mistral/api.pp | 1 + manifests/profile/base/neutron.pp | 28 +-- manifests/profile/base/neutron/agents/lbaas.pp | 41 ++++ .../base/neutron/agents/networking_baremetal.pp | 36 ++++ manifests/profile/base/neutron/agents/nuage.pp | 26 ++- manifests/profile/base/neutron/lbaas.pp | 13 +- manifests/profile/base/neutron/ovs.pp | 4 +- manifests/profile/base/neutron/plugins/ml2.pp | 9 + .../neutron/plugins/ml2/networking_baremetal.pp | 36 ++++ .../base/neutron/plugins/ovs/opendaylight.pp | 47 ++++- manifests/profile/base/neutron/plumgrid.pp | 4 - manifests/profile/base/neutron/server.pp | 1 + manifests/profile/base/nova.pp | 21 ++- manifests/profile/base/nova/api.pp | 7 +- manifests/profile/base/novajoin.pp | 14 +- manifests/profile/base/octavia.pp | 12 +- manifests/profile/base/pacemaker.pp | 4 + manifests/profile/base/qdr.pp | 18 +- manifests/profile/base/rabbitmq.pp | 46 +++-- manifests/profile/base/sahara.pp | 19 +- manifests/profile/base/swift/proxy.pp | 10 +- manifests/profile/base/tacker.pp | 12 +- .../profile/pacemaker/database/mysql_bundle.pp | 9 +- .../profile/pacemaker/database/redis_bundle.pp | 2 +- manifests/profile/pacemaker/haproxy_bundle.pp | 5 + manifests/profile/pacemaker/rabbitmq.pp | 30 ++- manifests/profile/pacemaker/rabbitmq_bundle.pp | 47 ++++- manifests/ui.pp | 15 ++ metadata.json | 2 +- .../notes/No-TLS-v1.0-0edeac680bb51f94.yaml | 4 + .../notes/add-purge-tables-4f2de7c7e12ccf0c.yaml | 6 + ...cinder-backup-nfs-backend-59bf771a58af65f6.yaml | 4 + .../notes/firewall_table-f58ec47de40ec62d.yaml | 5 + .../fix-neutron-cert-perms-4a034bb516be6f9f.yaml | 4 + .../notes/fix-odl-tls-owner-77d2d71fe39ea3e7.yaml | 5 + ...onic-networking-baremetal-ebb19eca5fa235bc.yaml | 4 + .../notes/keepalived-test-f3eddf57a5b4d433.yaml | 9 + ...r-oslo-messaging-services-f29943b2eafd24e6.yaml | 5 + .../notes/nova-endpoint-a957a840ee653307.yaml | 5 + ...r-service-options-haproxy-75f5f00cf5243ecb.yaml | 9 + .../split-up-neutron-lbaas-f0c248220ed872cd.yaml | 9 + releasenotes/source/index.rst | 1 + releasenotes/source/queens.rst | 6 + spec/classes/tripleo_certmonger_ca_local_spec.rb | 2 +- .../tripleo_certmonger_opendaylight_spec.rb | 4 - spec/classes/tripleo_firewall_spec.rb | 7 + spec/classes/tripleo_keepalive_spec.rb | 209 +++++++++++++++++++++ spec/classes/tripleo_masquerade_networks_spec.rb | 86 +++++++++ .../tripleo_profile_base_cinder_backup_nfs_spec.rb | 59 ++++++ spec/classes/tripleo_profile_base_docker_spec.rb | 25 ++- ...o_profile_base_neutron_ovs_opendaylight_spec.rb | 75 +++++--- .../tripleo_profile_base_neutron_ovs_spec.rb | 14 +- spec/classes/tripleo_profile_base_qdr_spec.rb | 20 +- spec/defines/tripleo_haproxy_endpoint_spec.rb | 13 +- spec/fixtures/hieradata/default.yaml | 9 + spec/fixtures/hieradata/step4.yaml | 2 - spec/functions/is_ip_addresses_spec.rb | 12 ++ templates/designate/pools.yaml.erb | 43 +++++ templates/logrotate/containers_logrotate.conf.erb | 2 +- templates/ui/tripleo_ui_config.js.erb | 1 + test-requirements.txt | 6 - tox.ini | 2 +- 106 files changed, 1770 insertions(+), 319 deletions(-)