We are pleased to announce the release of: puppet-tripleo 6.4.0: Puppet module for OpenStack TripleO This release is part of the ocata stable release series. Download the package from: https://tarballs.openstack.org/puppet-tripleo/ For more details, please see below. 6.4.0 ^^^^^ New Features ************ * Add keystone::ldap_backend call as resource when is trigged to setup a LDAP backend as keystone domain. This allows per-domain LDAP backends for keystone. * U * n * l * e * s * s * a * n * o * n * d * e * f * a * u * l * t * v * a * l * u * e * i * s * p * r * o * v * i * d * e * d * , * t * h * e * d * h * c * p * _ * a * g * e * n * t * s * _ * p * e * r * _ * n * e * t * w * o * r * k * n * e * u * t * r * o * n * c * o * n * f * i * g * u * r * a * t * i * o * n * v * a * r * i * a * b * l * e * i * s * s * e * t * t * o * t * h * e * n * u * m * b * e * r * o * f * d * e * p * l * o * y * e * d * n * e * u * t * r * o * n * d * h * c * p * a * g * e * n * t * s * . * Configure ssh tunneling for nova cold-migration. Re-use the tunnel for libvirt live-migration unless TLS is enabled. Bug Fixes ********* * Octavia is now properly registered with keystone when deployed. * Add a tunnel timeout to the HAProxy tripleo-ui configuration to ensure Zaqar WebSocket tunnels persist longer than two minutes https://bugs.launchpad.net/tripleo/+bug/1672826 * We need ceilometer user in cases where ceilometer API is disabled. This is to ensure other ceilometer services can still authenticate with keystone. * With having package mod_ssl by default installed in images we introduced issue with mod_ssl package update. In case of SSL not being used or provided by HAproxy the puppet-apache module by default purges the ssl.conf file. The package update then recreates the file with default Listen 443 option. This causes conflict on 443 port during httpd restart. If we include ::apache::mod::ssl the ssl.conf file will be configured and the Listen option will be used only if there is vhost set to use SSL. * Fixes horizon getting temporarily deconfigured during a stack update due to the apache configuration occuring in step 3 but the horizon configuration not occuring until step 4. * Fixes missing neutron base class in sriov * Re-run gnocchi and ceilometer upgrade in step5. This is required for gnocchi resource types to be created in ceilometer and gnocchi to function properly. * Add a way for mongodb to limit amount of memory it comsumes with systemd. A new param memory_limit has been added to tripleo::profile::base::database::mongodb class with default limit of 20G. Changes in puppet-tripleo 6.3.0..6.4.0 -------------------------------------- f9867d2 Prepare 6.4.0 release (ocata) 0eeee9a Add a flag to rabbitmq so that we can deploy with ha-mode: all again 7be9a3b Update Gemfile to pull spec_helper from stable/ocata 7d13719 Refactor SSHD config to allow both SSHD options and banner/motd to be set f01cef0 Stop SSHD profile clobbering SSH client config 0e991f9 SSHD Service extensions 4e398a7 Configure migration SSH tunnel ef4a1da Ensure we configure ssl.conf 9e81a1b Move ceilometer wsgi to step 3 243e3bd Move gnocchi wsgi configuration to step 3 ac5954c Restrict mongodb memory usage fb28647 Migrate Swift ring handling from tripleo-heat-templates to puppet-tripleo b14631a Enable creation of keystone domain when ldap backends are created c290801 syntax error extra comma in rabbitmq.pp 38142b7 Add missing octavia auth include to keystone manifest 44f627c Add a trigger to call ldap_backend define 0a12215 Make the cluster-check property configurable 7ac3d9d Deploy WSGI apps at the same step (3) 79e3a9f Fixes missing neutron base in sriov 12e6b07 Decouple ceilometer user create from API b1b418d Add tunnel timeout for ui proxy container 3424991 Move horizon to step 3 607f646 Fix deprecated eqlx parameters b6a9d14 Check rabbitmq user at step >= 2 d7ae2b8 Add missing include of ::ec2api::keystone::authtoken d11e83b Re-run gnocchi and ceilometer upgrade in step 5 413a694 Ensure iscsi-initiator-utils installed c802a80 Correct haproxy's stat unix socket path d71efd8 panko: Do db_sync in api manifest 1c15650 Explicitly configure credentials used by ironic to access other services 5508557 Fixes issues with raising mysql file limit cf77c11 Add bindep support 8a53016 Throw warnings for norpm actions 6d204f4 Stop the chronyd service 5d9d1c6 mariadb: Move generation of systemd drop-in to puppet-tripleo 4b3ff75 Default neutron dhcp_agents_per_network to number of agents Diffstat (except docs and test files) ------------------------------------- Gemfile | 1 + Puppetfile_extras | 12 ++ bindep.txt | 2 + lib/puppet/provider/package/norpm.rb | 5 + manifests/haproxy.pp | 8 +- manifests/profile/base/aodh/api.pp | 3 +- manifests/profile/base/barbican/api.pp | 1 + manifests/profile/base/ceilometer/api.pp | 3 +- manifests/profile/base/ceilometer/collector.pp | 8 + manifests/profile/base/cinder/api.pp | 1 + manifests/profile/base/cinder/volume/dellps.pp | 6 +- manifests/profile/base/database/mongodb.pp | 11 ++ manifests/profile/base/database/mysql.pp | 22 ++- manifests/profile/base/gnocchi/api.pp | 14 +- manifests/profile/base/horizon.pp | 2 +- manifests/profile/base/ironic/conductor.pp | 7 + manifests/profile/base/keystone.pp | 27 +++- manifests/profile/base/neutron.pp | 30 +++- manifests/profile/base/neutron/sriov.pp | 2 + manifests/profile/base/nova.pp | 87 +++++++--- manifests/profile/base/nova/api.pp | 1 + manifests/profile/base/nova/compute.pp | 2 + manifests/profile/base/nova/ec2api.pp | 1 + manifests/profile/base/nova/placement.pp | 1 + manifests/profile/base/pacemaker.pp | 25 +++ manifests/profile/base/panko.pp | 18 +-- manifests/profile/base/panko/api.pp | 19 ++- manifests/profile/base/rabbitmq.pp | 5 +- manifests/profile/base/sshd.pp | 74 ++++++--- manifests/profile/base/swift/ringbuilder.pp | 36 +++++ manifests/profile/base/time/ntp.pp | 10 +- manifests/profile/base/zaqar.pp | 1 + manifests/profile/pacemaker/rabbitmq.pp | 8 +- .../rabbitmq-user-check-95da891a2e197d89.yaml | 6 + metadata.json | 2 +- .../notes/add-ldap-backend-48e875e971343e2a.yaml | 5 + ...-octavia-auth-to-keystone-d0353544c0e27b57.yaml | 3 + ...el-timeout-for-haproxy-ui-0705dfd671f9f487.yaml | 6 + ...e-dhcp-agents-per-network-3089c5e7b15f8b7b.yaml | 5 + .../cold_migration_setup-dc4ebd834920c27f.yaml | 4 + ...te-ceilo-user-for-gnocchi-b8a4d5ea2f2375a9.yaml | 5 + .../notes/ensure-ssl-conf-2f32c6ead6f3bb0e.yaml | 10 ++ ...figuration-during-updates-aecfab9a4aa8770b.yaml | 6 + .../fix-sriov-neutron-base-3e32bd667886c474.yaml | 3 + .../re-run-ceilo-upgrade-0d9ba69fe4bfe780.yaml | 5 + .../restrict-mongodb-memory-c19d69638b63feb4.yaml | 6 + releasenotes/notes/sshd-437c531301f458bb.yaml | 4 +- releasenotes/source/conf.py | 4 +- spec/classes/tripleo_profile_base_aodh_api_spec.rb | 8 +- .../tripleo_profile_base_ceilometer_api_spec.rb | 8 +- ...ipleo_profile_base_ceilometer_collector_spec.rb | 26 +++ .../tripleo_profile_base_database_mysql_spec.rb | 75 +++++++++ .../tripleo_profile_base_gnocchi_api_spec.rb | 101 ++++++++++++ spec/classes/tripleo_profile_base_horizon_spec.rb | 57 +++++++ .../tripleo_profile_base_nova_compute_spec.rb | 3 + spec/classes/tripleo_profile_base_nova_spec.rb | 118 +++++++++++++- spec/classes/tripleo_profile_base_sshd_spec.rb | 176 ++++++++++++++++++++- .../tripleo_profile_base_swift_ringbuilder.rb | 65 ++++++++ spec/classes/tripleo_profile_base_time_ntp_spec.rb | 39 +++++ spec/fixtures/hieradata/default.yaml | 3 + 60 files changed, 1105 insertions(+), 101 deletions(-)