We are delighted to announce the release of: puppet-tripleo 10.2.0: Puppet module for OpenStack TripleO This release is part of the stein release series. The source is available from: http://git.openstack.org/cgit/openstack/puppet-tripleo Download the package from: https://tarballs.openstack.org/puppet-tripleo/ Please report issues through launchpad: http://bugs.launchpad.net/tripleo (tag: puppet) For more details, please see below. 10.2.0 ^^^^^^ New Features ************ * Add the ability to configure the nfs_snapshot_support parameter associated with Cinder's NFS backend. * Added Dell EMC SC multipath support This change adds support for cinder::backend::dellsc_iscsi::use_multipath_for_image_xfer. * Add new parameter haproxy_log_facility. * Adds support to configure disjoint address pools for Ironic Inspector. When Inspector is deployed as a HA service disjoint address pools should be served by the DHCP instances to avoid address conflict issues. * Add support for native TLS encryption on NBD for disk migration The NBD protocol previously runs in clear text, offering no security protection for the data transferred, unless it is tunnelled over some external transport like SSH. Such tunnelling is inefficient and inconvenient to manage. Support for TLS to the NBD clients & servers provided by QEMU was added. In tls-everywhere use case we want to take advantage of this feature to create the certificates and configure qemu to use nbd tls. * Neutron L3/DHCP and OVN metadata agent wrapper classes are given the "debug" and "container_cli" parameters. The latter allows 'docker' (deprecated) and 'podman' for Neutron L3/dhcp and OVN metadata rootwrap containers managed by agents. When "debug" enabled, the wrapper containers start writing extended outputs to its stdout, which also may be shown via the "podman logs" CLI. Deprecation Notes ***************** * Parameter "bind_sockets" is deprecated. No sockets are expected to bind mount for podman. So it only works for the docker runtime. Bug Fixes ********* * Masquerading and forwarding rules are now correctly created when using routed networks. (See bug: 1797455 (https://bugs.launchpad.net/tripleo/+bug/1797455).) * Neutron/OVN rootwrap containers are managed by agents and will no longer be deleted, when the parent container restarts. Other Notes *********** * MongoDB hasn't been supported since Pike, it's time to remove the deployment files. Starting in Stein, it's not possible to deploy MongoDB anymore. It already changes the default zaqar management_store to sqlalchemy and the zaqar messaging_store to redis, which is already set by TripleO Heat Templates. Changes in puppet-tripleo 10.1.0..10.2.0 ---------------------------------------- eb68712 Prepare stein-2 73c729c Add scenario002 standalone to gate as well as it is voting 868a030 Replace scenario001-multinode with scenario001-standalone bcf06e0 Configure switchedv while there is no vfs bounded b69a183 Prevent systemd unit files to be created to restart services 2061295 Replace tripleo scenario004-multinode with scenario004-standalone 736d69d Add retries to HA bundles 801b12b Remove MongoDB 784ec76 Replace tripleo-scenario002-multinode with scenario002-standalone 7034cfd Temporary remove selinux label mount option for neutron ce6df58 Make sure we do not match multiple remotes when waiting for them daa4710 Fix linting issues 3ec92d3 Add explicit logging class inclusion 84ba7c3 Fix new mariadb ipv6 issue 0cb8d30 Drop baremetal job template 3c953e8 Allow user to define a custom tuned profile c2d84b4 Ironic Inspector - disjoint ip range(s) for HA 44985bd Remove some of the excessive rabbitmq bundle logging 4413b2c Enable support for openidc federation in keystone 0a49afa Remove tripleo::profile::base::docker and docker_registry cadde08 Add ability to configure Cinder's NFS snapshot support 62861db Add support for native TLS encryption on NBD for disk migration 43ffaed Include octavia::controller be8210f Set balance to source for openshift_master endpoints abf98e1 Increase websocket timeout 01d96ea Allow to set log facility for HAProxy 467c687 mysql: fix root password update for containerized mysql 4f82b2e [ui] Add option to configure apache expires ffcf3a0 Pass variable from puppet-tripleo to puppet-neutron a82b6c8 Switch Puppet 6 jobs to non-voting 177d951 Allow the container backend to be configurable d4c98bd Enable disablereuse option in Zaqar proxy backend ee78d70 Fix designate db instantation ca68894 Include ::cinder::nova in cinder's configuration 8315b01 Add openstacklib to requirements in metadata.json 6bdfeaa Fix cinder's default RBD backend_host 00524bf Make sure that the _member_ role is assigned to admin. 6117cae Fix wrapper containers for podman w/o sockets 86ca1e6 Handle deprecated cinder iSCSI parameters 802cf89 Remove non-voting scenarios from gate 040857a Pin puppet-snmp 4a57629 Update parser functions to 4.x api 8d889af Update functions to fix unit tests bebe7b8 Fix Undercloud masquerading firewall rules 4342ac5 Dell EMC SC: Add use_multipath_for_image_xfer 8fe2697 mysql: use clustercheck credentials to poll galera state 568a01c Add scenario010 to the check queue Diffstat (except docs and test files) ------------------------------------- Puppetfile_extras | 5 +- .../functions/docker_volumes_to_storage_maps.rb | 44 +++ lib/puppet/functions/extract_id.rb | 17 ++ lib/puppet/functions/ip_to_erl_format.rb | 32 +++ lib/puppet/functions/is_ip_addresses.rb | 29 ++ lib/puppet/functions/list_to_hash.rb | 31 +++ lib/puppet/functions/list_to_zookeeper_hash.rb | 24 ++ lib/puppet/functions/netmask_to_cidr.rb | 15 ++ lib/puppet/functions/noop_resource.rb | 54 ++++ lib/puppet/functions/tripleo_swift_devices.rb | 27 ++ .../functions/docker_volumes_to_storage_maps.rb | 52 ---- lib/puppet/parser/functions/extract_id.rb | 14 - lib/puppet/parser/functions/ip_to_erl_format.rb | 31 --- lib/puppet/parser/functions/is_ip_addresses.rb | 25 -- lib/puppet/parser/functions/list_to_hash.rb | 31 --- .../parser/functions/list_to_zookeeper_hash.rb | 24 -- lib/puppet/parser/functions/lookup_hiera_hash.rb | 22 -- lib/puppet/parser/functions/netmask_to_cidr.rb | 14 - lib/puppet/parser/functions/noop_resource.rb | 52 ---- .../parser/functions/tripleo_swift_devices.rb | 39 --- lib/puppet/provider/sriov_vf_config/numvfs.rb | 60 +---- manifests/certmonger/ca/crl.pp | 3 +- manifests/certmonger/ca/qemu.pp | 65 +++++ manifests/certmonger/mongodb.pp | 93 ------- manifests/certmonger/novnc_proxy.pp | 2 +- manifests/certmonger/qemu.pp | 91 +++++++ manifests/certmonger/qemu_dirs.pp | 41 +++ manifests/certmonger/qemu_nbd_dirs.pp | 42 +++ manifests/haproxy.pp | 11 +- manifests/host/sriov/numvfs_persistence.pp | 7 +- manifests/masquerade_networks.pp | 24 +- manifests/profile/base/aodh.pp | 1 + manifests/profile/base/apache.pp | 6 - manifests/profile/base/ceilometer.pp | 1 + manifests/profile/base/certmonger_user.pp | 22 +- manifests/profile/base/cinder.pp | 2 + manifests/profile/base/cinder/volume/dellsc.pp | 33 +-- manifests/profile/base/cinder/volume/iscsi.pp | 6 +- manifests/profile/base/cinder/volume/nfs.pp | 6 + manifests/profile/base/cinder/volume/rbd.pp | 6 +- manifests/profile/base/congress.pp | 1 + manifests/profile/base/database/mongodb.pp | 77 ------ manifests/profile/base/database/mongodbcommon.pp | 50 ---- manifests/profile/base/database/mysql.pp | 2 +- manifests/profile/base/designate.pp | 1 + manifests/profile/base/designate/central.pp | 4 +- manifests/profile/base/docker.pp | 300 --------------------- manifests/profile/base/docker_registry.pp | 74 ----- manifests/profile/base/glance/api.pp | 1 + manifests/profile/base/gnocchi.pp | 1 + manifests/profile/base/heat.pp | 1 + manifests/profile/base/ironic.pp | 1 + manifests/profile/base/ironic_inspector.pp | 52 +++- manifests/profile/base/keystone.pp | 25 +- manifests/profile/base/manila.pp | 1 + manifests/profile/base/memcached.pp | 6 - manifests/profile/base/mistral.pp | 1 + manifests/profile/base/neutron.pp | 15 ++ .../profile/base/neutron/dhcp_agent_wrappers.pp | 40 ++- .../profile/base/neutron/l3_agent_wrappers.pp | 56 ++-- .../base/neutron/ovn_metadata_agent_wrappers.pp | 30 ++- .../base/neutron/plugins/ovs/opendaylight.pp | 3 +- .../base/neutron/wrappers/dibbler_client.pp | 16 +- manifests/profile/base/neutron/wrappers/dnsmasq.pp | 16 +- manifests/profile/base/neutron/wrappers/haproxy.pp | 16 +- .../profile/base/neutron/wrappers/keepalived.pp | 16 +- .../neutron/wrappers/keepalived_state_change.pp | 14 +- manifests/profile/base/neutron/wrappers/radvd.pp | 17 +- manifests/profile/base/nova.pp | 1 + manifests/profile/base/octavia.pp | 1 + manifests/profile/base/octavia/api.pp | 1 + manifests/profile/base/octavia/health_manager.pp | 1 + manifests/profile/base/octavia/housekeeping.pp | 1 + manifests/profile/base/octavia/worker.pp | 1 + manifests/profile/base/pacemaker.pp | 2 +- manifests/profile/base/panko.pp | 1 + manifests/profile/base/sahara.pp | 1 + manifests/profile/base/tacker.pp | 1 + manifests/profile/base/tuned.pp | 21 +- manifests/profile/base/zaqar.pp | 30 +-- .../profile/pacemaker/cinder/backup_bundle.pp | 6 + .../profile/pacemaker/cinder/volume_bundle.pp | 6 + .../profile/pacemaker/database/mongodbvalidator.pp | 37 --- .../profile/pacemaker/database/mysql_bundle.pp | 51 +++- .../profile/pacemaker/database/redis_bundle.pp | 7 + manifests/profile/pacemaker/haproxy_bundle.pp | 7 + manifests/profile/pacemaker/manila/share_bundle.pp | 6 + manifests/profile/pacemaker/ovn_dbs_bundle.pp | 9 +- manifests/profile/pacemaker/rabbitmq_bundle.pp | 23 ++ manifests/ui.pp | 23 +- metadata.json | 3 +- ...nder-nfs-snapshot-support-ac547f24dddf97e8.yaml | 5 + .../notes/dellsc-driver-b7cd300a24a64b01.yaml | 5 + .../fix-masquerade-networks-c9ab4affb17627e1.yaml | 6 + .../notes/haproxy-facility-8196cc8e1299d79b.yaml | 3 + ...joint-inspection-ip-range-f10297dd32f3721b.yaml | 6 + .../notes/mongodb_drop-02daffbfe4975cb9.yaml | 8 + ...on_nbd_for_disk_migration-2e16003c4764a399.yaml | 12 + .../wrapper-containers-debug-f141d964548eb2ea.yaml | 17 ++ spec/classes/tripleo_haproxy_spec.rb | 26 ++ spec/classes/tripleo_keepalive_spec.rb | 6 + spec/classes/tripleo_masquerade_networks_spec.rb | 15 +- spec/classes/tripleo_profile_base_cinder_spec.rb | 6 + ...ripleo_profile_base_cinder_volume_iscsi_spec.rb | 8 +- .../tripleo_profile_base_cinder_volume_nfs_spec.rb | 19 +- .../tripleo_profile_base_cinder_volume_rbd_spec.rb | 1 + spec/classes/tripleo_profile_base_docker_spec.rb | 203 -------------- ...o_profile_base_neutron_ovs_opendaylight_spec.rb | 59 +++- spec/classes/tripleo_profile_base_tuned_spec.rb | 23 +- spec/classes/tripleo_ui_spec.rb | 16 +- .../tripleo_host_sriov_numvfs_persistence_spec.rb | 29 -- ...le_base_neutron_wrappers_dibbler_client_spec.rb | 34 ++- ...o_profile_base_neutron_wrappers_dnsmasq_spec.rb | 35 ++- ...o_profile_base_neutron_wrappers_haproxy_spec.rb | 38 ++- ...rofile_base_neutron_wrappers_keepalived_spec.rb | 35 ++- ...eutron_wrappers_keepalived_state_change_spec.rb | 32 ++- ...leo_profile_base_neutron_wrappers_radvd_spec.rb | 38 ++- spec/fixtures/hieradata/step4.yaml | 1 + .../docker_volumes_to_storage_maps_spec.rb | 19 ++ spec/functions/extract_id_spec.rb | 6 + spec/functions/list_to_hash_spec.rb | 11 + spec/functions/list_to_zookeeper_hash_spec.rb | 15 ++ spec/functions/lookup_hiera_hash_spec.rb | 20 -- spec/functions/noop_resource_spec.rb | 16 ++ spec/functions/tripleo_swift_devices_spec.rb | 13 + templates/neutron/dibbler-client.epp | 41 ++- templates/neutron/dnsmasq.epp | 42 ++- templates/neutron/haproxy.epp | 41 ++- templates/neutron/keepalived.epp | 41 ++- .../neutron/neutron-keepalived-state-change.epp | 24 +- templates/neutron/radvd.epp | 43 ++- templates/switchdev/switchdev.epp | 29 -- zuul.d/layout.yaml | 61 +++-- 133 files changed, 1753 insertions(+), 1536 deletions(-)