We are chuffed to announce the release of: tripleo-heat-templates 10.6.2: Heat templates for deploying OpenStack with OpenStack. This release is part of the stein stable release series. The source is available from: https://opendev.org/openstack/tripleo-heat-templates Download the package from: https://tarballs.openstack.org/null/ Please report issues through: https://bugs.launchpad.net/tripleo/+bugs For more details, please see below. 10.6.2 ^^^^^^ New Features ************ * Added the "connection_logging" parameter for the Octavia service. * Three new parameter options are now added to Octavia service (OctaviaConnectionMaxRetries, OctaviaBuildActiveRetries, OctaviaPortDetachTimeout) * deep_compare is now enabled by default for stonith resources, allowing their properties to be updated via stack update. To disable it set 'tripleo::fencing::deep_compare: false'. * Added NeutronPermittedEthertypes to allow configuring additional ethertypes on neutron security groups for L2 agents that support it. * Added new heat param OVNOpenflowProbeInterval to set ovn_openflow_probe_interval which is inactivity probe interval of the OpenFlow connection to the OpenvSwitch integration bridge, in seconds. If the value is zero, it disables the connection keepalive feature, by default this value is set on 60s. If the value is nonzero, then it will be forced to a value of at least 5s. * On undercloud and standalone, install rsyslog on the host by default. See https://bugs.launchpad.net/tripleo/+bug/1850562 * Under pressure, the default monitor timeout value of 20 seconds is not enough to prevent unnecessary failovers of the ovn-dbs pacemaker resource. While spawning a few VMs in the same time this could lead to unnecessary movements of master DB, then re-connections of ovn- controllers (slaves are read-only), further peaks of load on DBs, and at the end it could lead to snowball effect. Now this value can be configurable by OVNDBSPacemakerTimeout which will configure tripleo::profile::pacemaker::ovn_dbs_bundle (default is set to 60s). Bug Fixes ********* * Restart certmnonger after registering system with IPA. This prevents cert requests not completely correctly when doing a brownfield update. * If nova-api is delayed starting then the nova_wait_for_compute_service can timeout. A deployment using a slow/busy remote container repository is particularly susceptible to this issue. To resolve this nova_compute and nova_wait_for_compute_service have been postponed to step_5 and a task has been added to step_4 to ensure nova_api is active before proceeding. Resolves Bug 1842948 (https://bugs.launchpad.net/tripleo/+bug/1842948). Other Notes *********** * Add "port_forwarding" service plugin and L3 agent extension to be enabled by default when Neutron ML2 plugin with OVS driver is used. New config option "NeutronL3AgentExtensions" is also added. This new option allows to set list of L3 agent's extensions which should be used by agent. * Add "radvd_user" configuration parameter to the Neutron L3 container. This parameter defines the user pased to radvd. The default value is "root". Changes in tripleo-heat-templates 10.6.1..10.6.2 ------------------------------------------------ 886c51549 Make sure we apply all deploy step-0 during update. 2ab5aa36a Enable "port_forwarding" feature in neutron ML2 ovs environment a26b5ce8a Don't fail hard when facter cache doesn't work correctly 07bb11f55 [Stein Only] Fix bad configuration path in nova-placement wait 4d99d7bdd Fix typo in MySQL upgrade tasks. 694ec6d4c Incorrect group name issue on non DPDK compute 436b72550 Add configurable monitor timeouts for ovn dbs fcabffdc1 Add ../network/scripts/ to search path for run-os-net-config.sh fc5ca307b Include ceph-ansible filter_plugins 6e843c594 Correct mysql-pacemaker upgrade task b686e27a4 [Steing Only] Correct ovn_dbs_image heat's parameter. 3ec4d25cb Adds ceph-systemd tag in external_upgrade_tasks for systemd units ad729328d Define ovn_dbs_image fact for upgrades. d54d0d92c Fix typo in OVN upgrade tasks. c2e2706c5 Fix debug hiera keys fec5139e5 Simplify and correct how we provide the undercloud.conf to mistral de92a638f Mode 0750 for /var/log/containers 1919a6961 Fix duplicate mount point in neutron_dhcp f29003fa1 Move bootstrap password to an environment var 0313b9e3c Fix container-puppet tool standalone for podman 03c614653 Disable haproxy when using external LB 98032a162 Add "radvd_user" config parameter to Neutron L3 container 42ba2c65e Install and start Rsyslog on the Undercloud & Standalone fb494f110 Honor Debug for container image prepare 4a8a8ec1d Configure amphora for upload and run tempest 61c40a780 Adapt ContainerImagePrepareDebug to the string pattern 4d32c22fe Added the connection_logging parameter for Octavia 5eb01c517 Restart certmnonger after registering system with IPA 165036cee Normalise all pacemaker resource upgrade tasks for staged upgrades 3d1afbaf9 Derives NovaPCIPassthrough per SR-IOV node 94ea0b622 Add second fact to ensure type safty 9770ed268 HA: ensure TRIPLEO_MINOR_UPDATE is defined for <svc>_restart_bundle 4e0ebeaa3 Less agressive cleanup of docker containers in post_upgrade_tasks ca5f18da1 Add posibilities to set ovn_openflow_probe_interval for controller 6f5c3f944 Set bridge-nf-call-* values to 1 ef325acaf Use update_serial as an ansible variable 1e625554d Add missing step tag in updates/upgrades/ffu tasks 20b485fe8 Ensure nova-api is running before starting nova-compute containers d9c60ab05 Workaround ovn cluster failure during update when schema change. 810fe0676 Podman 1.4.1 drops json-file in favor of k8s-file 8067adc6d Scenario 010 multinode fixups 7ecd756b7 Permit access to Ceph RGW for 'member' role 4eed33755 Add posibilities to configure OVNNorthboundServerPort in split stacks 7e303fdbb Fix double cert mount in haproxy bundle when using tls everywhere 38c695396 Set scenario009 job voting to false 053a5f4fb Remove containers before removing associated storage aaa045ba3 Allow using registry authentication to pull ceph related containers 68a4e125b Fix Manila when run without pacemaker 7f250dae1 Add NeutronPermittedEthertypes on OVS agent 1e26c7875 Fix placement of Octavia services in roles 17c9074b7 nova-libvirt: set 'cpuset_cpus' to 'all' e05f78838 Remove ContainerCLI from ovb-ha default file e90b0d898 Add new parameter options to Octavia service 603ae5d3e Prevent running mysql data transfer twice by accident 8443b339b Resolve missing parenthesis causing variable exception fb431cceb Fix selinux context for glance-api 6a0d99265 Enable deep_compare by default for stonith resources 7db107aa8 Run facts gathering always for upgrades. 7e7d310e1 Fix nova-conductor healthcheck RPC port e95a183da Resolve broken zaqar container caused by logging issues b3432d740 Rename pre/post deployments host vars a077b176b Fix path path in TLS everywhere template c530ba4f5 SELinux: correct type for /var/log/containers Diffstat (except docs and test files) ------------------------------------- ci/environments/ovb-ha.yaml | 2 - .../scenario010-multinode-containers.yaml | 29 +-- ci/environments/scenario010-standalone.yaml | 6 + common/container-puppet.py | 52 +++--- common/deploy-steps-tasks-step-0.j2.yaml | 10 ++ common/deploy-steps-tasks.yaml | 12 +- common/deploy-steps.j2 | 27 ++- .../nova_wait_for_api_service.py | 109 ++++++++++++ .../pacemaker_restart_bundle.sh | 1 + ...nt_service.py => placement_wait_for_service.py} | 0 deployment/ceph-ansible/ceph-base.yaml | 62 ++++++- deployment/ceph-ansible/ceph-rgw.yaml | 2 +- .../cinder/cinder-backup-pacemaker-puppet.yaml | 109 +++++++----- .../cinder/cinder-volume-pacemaker-puppet.yaml | 33 ++-- ...ntainer-image-prepare-baremetal-ansible.j2.yaml | 32 +++- deployment/database/mysql-pacemaker-puppet.yaml | 41 +++-- deployment/database/redis-pacemaker-puppet.yaml | 32 ++-- .../docker/docker-baremetal-ansible.yaml | 15 +- .../nova/nova-placement-container-puppet.yaml | 31 +++- deployment/glance/glance-api-container-puppet.yaml | 6 +- deployment/haproxy/haproxy-container-puppet.yaml | 48 ++--- deployment/haproxy/haproxy-pacemaker-puppet.yaml | 110 +++++++----- deployment/heat/heat-base-puppet.yaml | 2 +- deployment/kernel/kernel-baremetal-puppet.yaml | 19 ++ deployment/keystone/keystone-container-puppet.yaml | 8 +- deployment/logging/rsyslog-baremetal-ansible.yaml | 57 ++++++ deployment/manila/manila-base.yaml | 2 +- .../manila/manila-share-container-puppet.yaml | 5 + .../manila/manila-share-pacemaker-puppet.yaml | 111 ++++++------ deployment/mistral/mistral-base.yaml | 2 +- .../mistral/mistral-executor-container-puppet.yaml | 24 +-- .../neutron/derive_pci_passthrough_whitelist.py | 125 +++++++++++++ .../neutron/neutron-dhcp-container-puppet.yaml | 5 - .../neutron/neutron-l3-container-puppet.yaml | 21 +++ .../neutron-ovs-agent-container-puppet.yaml | 12 ++ .../neutron-ovs-dpdk-agent-container-puppet.yaml | 7 +- .../neutron-sriov-agent-container-puppet.yaml | 14 ++ deployment/nova/nova-api-container-puppet.yaml | 124 ++++++++----- .../nova/nova-compute-common-container-puppet.yaml | 25 +-- deployment/nova/nova-compute-container-puppet.yaml | 23 +-- .../nova/nova-conductor-container-puppet.yaml | 3 +- deployment/nova/nova-ironic-container-puppet.yaml | 4 +- deployment/nova/nova-libvirt-container-puppet.yaml | 1 + deployment/octavia/octavia-base.yaml | 20 +++ .../ovn/ovn-controller-container-puppet.yaml | 7 + deployment/ovn/ovn-dbs-pacemaker-puppet.yaml | 195 +++++++++++++-------- deployment/podman/podman-baremetal-ansible.yaml | 11 +- deployment/sahara/sahara-base.yaml | 2 +- deployment/swift/swift-proxy-container-puppet.yaml | 42 +++-- .../swift/swift-storage-container-puppet.yaml | 44 ++--- .../tripleo-packages-baremetal-puppet.yaml | 49 +++--- deployment/zaqar/zaqar-container-puppet.yaml | 2 +- environments/external-loadbalancer-vip-v6-all.yaml | 2 + environments/external-loadbalancer-vip-v6.yaml | 2 + environments/external-loadbalancer-vip.yaml | 2 + .../services/haproxy-internal-tls-certmonger.yaml | 2 +- environments/services/neutron-ovs.yaml | 4 +- environments/standalone/standalone-tripleo.yaml | 1 + environments/storage-environment.yaml | 2 +- environments/storage/glance-nfs.yaml | 4 +- environments/undercloud.yaml | 3 + extraconfig/services/ipaclient.yaml | 19 +- puppet/role.role.j2.yaml | 1 + puppet/services/neutron-plugin-ml2-ovn.yaml | 5 + puppet/services/pacemaker.yaml | 1 + puppet/services/pacemaker_remote.yaml | 1 + ...nection-logging-parameter-e51f59175c8da204.yaml | 3 + ...three-more-octavia-params-1e4a32f910e5f1fc.yaml | 6 + ...able-deep_compare-fencing-698cec642ecd54a4.yaml | 6 + ...ort-forwarding-in-neutron-956cb21a3310e881.yaml | 8 + releasenotes/notes/fix-bridge-nf-call-defaults.rst | 6 + .../l3_agent_radvd_user-1814df18745101d6.yaml | 6 + ...tron-permitted-ethertypes-80dc7f2154786881.yaml | 5 + ...n_openflow_probe_interval-fd99301d95aac62e.yaml | 8 + .../notes/restart-certmonger-244416f537859bac.yaml | 5 + releasenotes/notes/rsyslog-5dc93db5eb8fc953.yaml | 5 + .../setup_timeouts_ovn_dbs-141be475dd2cd7ae.yaml | 11 ++ .../notes/wait_for_nova_api-7af0c6db1b607216.yaml | 9 + roles/ControllerAllNovaStandalone.yaml | 4 +- roles/ControllerNovaStandalone.yaml | 1 + roles/ControllerOpenstack.yaml | 3 - roles/Networker.yaml | 4 + roles/Undercloud.yaml | 1 + roles_data_undercloud.yaml | 1 + sample-env-generator/standalone.yaml | 2 + tools/yaml-nic-config-2-script.py | 1 + zuul.d/layout.yaml | 15 -- 87 files changed, 1339 insertions(+), 555 deletions(-)