We are delighted to announce the release of: tripleo-heat-templates 10.4.0: Heat templates for deploying OpenStack with OpenStack. This release is part of the stein release series. The source is available from: https://git.openstack.org/cgit/openstack/tripleo-heat-templates Download the package from: https://tarballs.openstack.org/tripleo-heat-templates/ Please report issues through launchpad: https://bugs.launchpad.net/tripleo For more details, please see below. 10.4.0 ^^^^^^ New Features ************ * Adds a specific upgrade hiera file. This is currently used to override variables during upgrade. * Introduce new parameter, ContainerLogStdoutPath. Must be an absolute path to a directory where podman will output all containers stdout. The existence of the directory is ensured directly as a host_prep_task. * Support setting values for "cephfs_volume_mode" manila parameter via the THT parameter ManilaCephFSCephVolumeMode. These control the POSIX rwx mode of the cephfs volumes, snapshots, and groups of these that back corresponding manila resources. Default value for ManilaCephFSCephVolumeMode is '0755', backwards-compatible with the mode for these objects before it was settable. * Adds a new GlobalConfigExtraMapData parameter that can be used to inject global_config_settings hieradata into the deployment. Any values generated in the stack will override those passed in by the parameter value. * Add neutron-plugin-ml2-mlnx-sdn-assist as a containerized Neutron Core service template to support Mellanox SDN ml2 plugin. * Adds functionality wheter to enable/disable KSM on compute nodes. Especially in NFV use case one wants to disable the service. Because ksm has little benefit in overcloud nodes it gets disabled per default but can be set via NovaComputeEnableKsm. * Added a new Barbican option *BarbicanPkcs11AlwaysSetCkaSensitive*. The default value is *true*. * Allow Neutron DHCP agent to use broadcast in DHCP replies * Add the ability to configure the cinder-volume service to run in active-active (A/A) mode using the cluster name specified by the new CinderVolumeCluster parameter. Note that A/A mode requires the backend driver support running A/A. Cinder's RBD driver supports A/A, but most other cinder drivers currently do not. * ContainerImagePrepareDebug is a parameter that allows to run the tripleo container image prepare command with --debug. It is set to 'False' by default for backward compatibility. * Docker is deprecated in Stein and will be removed in Train. It is being replaced by Podman and Buildah. * Deprecated services now live in deployment/deprecated directory. * The "baremetal" ML2 mechanism driver is enabled in the Networking Service (neutron) in the overcloud by default when the Baremtal Service (ironic) is enabled. Previously the user would have to enable this driver manually by overriding the "NeutronMechanismDrivers" parameter. * Add new parameter 'GlanceInjectMetadataProperties', to add metadata properties to be injected in image. Add new parameter 'GlanceIgnoreUserRoles', to specify name of user roles to be ignored for injecting metadata properties in the image. * Add support for native TLS encryption on NBD for disk migration The NBD protocol previously runs in clear text, offering no security protection for the data transferred, unless it is tunnelled over some external transport like SSH. Such tunnelling is inefficient and inconvenient to manage. Support for TLS to the NBD clients & servers provided by QEMU was added. In tls-everywhere use case we want to take advantage of this feature to create the certificates and configure qemu to use nbd tls. * The RabbitMQ management plugin ("rabbitmq_management") is now enabled. By default RabbitMQ managment is available on port 15672 on the localhost ("127.0.0.1") interface. * OVS and neutron now supports endpoint creation on IPv6 networks. New network-*-v6-all.j2.yaml environment files are added to allow tenant network to be created on IPv6 addresses. Note that these files are only to be used for new deployments and not during update or upgrade. network_data*.yaml files are also edited to reflect the same. * Add container for the Swift container sharder service. This service is required for sharding containers. It is disabled by default and can be enabled by setting the SwiftContainerSharderEnabled to true. * The Shared File Systems service (manila) API has been switched to running behind httpd, and it now supports configuring TLS options. * This patch switches the default mechanism driver for neutron from openvswitch to OVN. DVR is now enabled by default which in the case of OVN means that we're distributing FIP N/S traffic as E/W is anyways distributed * When deploying mistral-executor, create a tripleo-admin user on the undercloud for running external deploy tasks with ansible. * Add new CinderNetappPoolNameSearchPattern parameter, which controls which Netapp FlexVol volumes represent pools in Cinder. Known Issues ************ * Add OvnDbInternal to EndpointMap and use it for ovn_db_host OVN controller/metadata use ovn_dbs_vip hiera key to configure the central ovn DB. This key is not available on split control plane or multi cell setup and therefore installation fails. With this change a new entry gets created in the EndpointMap named OvnDbInternal. This can then be exported for an overcloud stack and can be used as an input for the cell stack. The information from the EndpointMap is used for ovn-metadata and ovn-controller as the ovn_db_host information in puppet-tripleo Upgrade Notes ************* * Non-lifecycle stack actions like stack check and cancel update for undercloud are now disabled. Stack check is yet to be migrated to heat convergence architecture and cancel update is not recommended for overcloud. Both are disabled by adding required heat policy for undercloud. 'overcloud update abort' wrapper for stack cancel update had been dropped since few releases. * Installing haproxy services on baremetal is no longer supported. * Installing MySQL Server services on baremetal is no longer supported. * Installing Redis services on baremetal is no longer supported. * Installing sahara services on baremetal is no longer supported. * During upgrade from ml2/ovs please remember to provide similar environment file to environments/updates/update-from-ml2-ovs-from- rocky.yaml. This is good also to remember to provide this file as a first to avoid overwriting custom modification by upgrade environment file. If you will not provide such file during upgrade from ml2/ovs you will see error and notification about problems witch mutually exclusive network drivers. Deprecation Notes ***************** * Duplicate environment files "environments/neutron-sriov.yaml" and "environments/neutron-ovs-dpdk.yaml" file are deprecated. * Xinetd tripleo service is no longer managed. The xinetd service hasn't been managed since the switch to containers. OS::TripleO::Services::Xinetd is disabled by default and dropped from the roles. The OS::TripleO::Services::Xinetd will be removed in Train. * docker_puppet_tasks is deprecated in favor of container_puppet_tasks. docker_puppet_tasks is still working in Stein but will be removed in Train. * The NodeDataLookup parameter type was changed from string to json * Removed 'glance-registry' related changes since it's been deprecated from glance & no longer been used. * The TLS-related environment files in the environments/ directory were deleted. The ones in the environments/ssl/ are preferred instead. Namely, the following files:: enable-internal-tls.yaml, enable-tls.yaml, inject-trust-anchor-hiera.yaml, inject-trust- anchor.yaml, no-tls-endpoints-public-ip.yaml, tls-endpoints-public- dns.yaml tls-endpoints-public-ip.yaml, tls-everywhere-endpoints- dns.yaml. * TripleO UI is deprecated in Stein and will be removed in Train. * The CinderNetappStoragePools parameter is deprecated in favor of the new CinderNetappPoolNameSearchPattern parameter. The previously deprecated CinderNetappEseriesHostType parameter has been removed. * The /var/lib/docker-puppet is deprecated and can now be found under /var/lib/container-puppet. We don't have Docker anymore so we try to avoid confusion in the directories. The directory still exists but a readme file points to the right directory. Bug Fixes ********* * It is now possible for temporary containers inside THT to test if they are being run as part of a minor update by checking if the TRIPLEO_MINOR_UPDATE environment variable is set to 'true' (said containers need to export it to the container explicitely), see <service>_restart_bundles for examples. * When setting up TLS everywhere, some deployers may not have their FreIPA server in the ctlplane, causing the ipaclient registration to fail. We move this registration to host-prep tasks and invoke it using ansible. At this point, all networks should be set up and the FreeIPA server should be accessible. * * Bug 1784967 invalid JSON in NodeDataLookup error message should be more helpful * e0e885b8ca3332e0815c537a32c564cac81f7f7e moved the cellv2 discovery from control plane to compute services. In case the computes won't have access to the external API this task will fail. Switch nova_cell_v2_discover_host.py to use internal api. Other Notes *********** * Paramter "ConfigDebug" now also controls the paunch logs verbosity. * Octavia may be deployed for a standalone cloud, which has yet Nova services available for Amphorae SSH keys management. For that case, the parameter "OctaviaAmphoraSshKeyFile" must be defined by a user. Otherwise, it takes an empty value by usual for overcloud deployments meanings and Nova will be used to create a key-pair for Octavia instead. * The utility script "tools/merge-new-params-nic-config-script.py" previously used the "Controller" role by default if the "--role- name" argument was not specified. The argument ("--role-name") no longer have a default. It is now mandatory to specify the role when merging new parameters into existing network configuration templates. * Remove "NeutronExternalNetworkBridge" Heat parameter. Option "external_network_bridge" is deprecated and should not be used in Neutron. Changes in tripleo-heat-templates 10.3.0..10.4.0 ------------------------------------------------ 30968cedf Remove environments/baremetal-services.yaml 160cddda3 Rename docker_config_scripts to container_config_scripts b1d82e6ac Workaround rhel8,0 iptables bug causing neutron_ovs_agent to restart continuously 4453d1dc3 Flatten and move logrotate-crond service container e6ab4856d Do not restart bundles during a minor update ce23ccf53 CI: force ContainerCli to Docker when needed bb1a9ea62 ci/environments/ovb-ha: force Docker for ContainerCli 5d8e8bd86 image-serve: only uninstall docker-distribution when it was installed 3e62d483f Rename docker_puppet_tasks to container_puppet_tasks 9cb715a5e mistral-executor include host /etc/environment ebc9dd98e flatten the octavia service configurations 5b11bb39d Support cinder-volume running active-active 2325992ae Drop unused deployment services parameters b3fef6678 Fix logging config on misc services e14dfc832 Fix monitoring_subscription on misc services 81c1cae40 Rename /var/lib/docker-puppet to /var/lib/container-puppet 47ec1089a flatten database service Redis d02e80642 Disable SELinux separation for ironic_pxe_http 66a477509 Deprecate TripleO UI c86e81d35 Remove Docker when upgrading to Podman 548f54b39 Added tar option to preserve metadata of existing fetch_dir 7d957ff26 step5: flatten the neutron service configurations f101bbe8c step4: flatten the neutron service configurations 6dbfde9c8 flatten database service MySQL Server 65c62f47f allow to configure broadcast_dhcp in neutron DHCP server fcdef786e step3: flatten the neutron service configurations 1ed3d2002 Make heat yaql limits configurable d2eba382c Fix py3 compat for regex searches in YAML validate 0a9ff03c7 Add Mellanox SDN ML2 template for a containerized service ad5dc5ca6 Remove unused resources of PreNetworkConfig for NFV 127dbb4e8 Support cephfs_volume_mode parameter 13d70f6bf container-image-prepare: redirect all output to logfile 142c944e0 [FFU] Ensure compatibility with ansible 2.6. eab673e9c Fix skydive_vars evaluation ad582c7ae Drop the role service override for ovb badf39735 Add functionality to manage KSM on compute nodes per role 9b1bb23aa flatten the ec2 service configurations 37e1122f8 Add OvnDbInternal to EndpointMap and use it for ovn_db_host f1e6de3f0 Fix typo in get container_id ansible task 37ea33037 Add SSHD composable service to Networker role definition f0977f167 Do not bind mount the ovn_db folder for the ovn pcmk restart bundle b49629f08 Do not ignore Swift ring changes to trigger container restart f48ba5896 Use dedicated container tag per skydive service e3f697df6 Switch scenario00{1,4}-standalone to Ceph bluestore dbf63314d Podman support in haproxy-public-tls-inject 6f262c805 Apply stop period for paunch-managed stateful svcs 95362173c Don't look for primary_role ips in AllNodesValidationConfig 26a3d4336 Deprecate Docker 72aa2dfc0 Create deployment/deprecated directory acb61d2c1 step4: flatten nova service configuration ce0b89291 Change vxlan to geneve for network environment files 7133394c3 Be able to know when we are running inside a minor update workflow 359e72b60 standalone: switch container registry to ImageServce 9b5cb4b3a Enable OVN baremetal by default with Ironic service 5c2e741da Revert "Remove host-config-and-reboot interface" ee6f88213 Switch scenario001-002-003 to use Podman 3836f0ff7 nova_libvirt_init_secret: add net=host e2a8a494c Handle upper and lower case system uuids 2a8719960 Remove host-config-and-reboot interface 3a86fc57d Remove upgrade_tasks added during nova services flattening. 479821f1f Removes all pacemaker from scenario-standalone 1-3 environments 9d9feaf72 flatten collectd service configuration acebe2593 Correct sshd configuration within nova-migration-target f2412dacf Make openshift-ansible working dir owned by tripleo-admin a08daffcc Fix malformed mistal_executor kolla config file f7bc59d4b Fail to live migration if instance has NUMA topology 23e7aee08 Drop step_config from containerized Nova services 276743b5f Redis: fix podman start on reboot 284cfe911 Re-Add mysql configuration for nova host discovery 44245d19d Only request neutron certificate from neutron dhcp service 703bf1c05 Add missing RoleParameters and ServiceNames 8b69c6b58 Add CertmongerUser role to OVB defaults a0c3612db [FFU] Make sure group access work correctly with ansible 2.6. 6090dc667 step2: flatten the designate service configurations 5e46c2a57 flatten the barbican service configurations b99c0ce8a Add specific upgrade hiera data file. 3d07ad432 New parameter: ContainerLogStdoutPath cc05a8d54 Replace docker-distribution with apache image-serve 2e0af5858 Move openstack clients service 479d7f587 flatten qdrouterd service configs d59ac1bd9 Fix rabbitmq restart d6727aff7 Enable rabbitmq_management plugin dc9a76aa2 cell_v2 multi-cell 51a1e981f Translating scenario012 to standalone 9e264ea91 make skydive working with folder created by tripleo-admin 78f1901da Deprecate xinetd service management 5e629cacd Fix keystone opt deprecations in manila manifests 2a8385658 Move ipa enrollment to host_prep_tasks 56ebb309e Add missing parts from step2: flatten nova service configuration 6053eb196 Switch default neutron ML2 mechanism driver to OVN cb4ed31ea Introduce ContainerImagePrepareDebug parameter 1cb6886a2 Switch Manila API to httpd and support TLS 93bc329b0 Don't mount docker.sock in the mistral-executor container 9d2acc284 Revert "mistral-executor: bind-mount /var/lib/containers" b3a8610b9 flatten ceilometer service configuration 3e5488901 env/docker: add ContainerCli 94e307064 Restrict use of become to minimum necessary for Ceph deployment 92ea1131c step3: flatten nova service configuration 98ecf9760 step2: flatten nova service configuration 9689f6ed0 Re-Add the StackUpdateType parameter to the nova-vnc-proxy template 6e1ee4168 Drop Docker service from Undercloud roles f7bf4efee flatten sensu service configuration cab93fd31 flatten tripleo-ui service configuration 5c6dd22b8 Use net=none for gnocchi_init_lib 5ceb3c5ec Make ceph-ansible working dir owned by tripleo-admin c95f315ef Remove RoleConfig 07709c44f Enable glance image cache's cleaner and pruner 17d8c985b FFWD: Introduce workaround for neutron cisco plugin 01a865130 Do not mount ceph-ansible and octavia playbook within mistral container 2634ffaa5 Add GlobalConfigExtraMapData 38fb412ac minor update: move VIP before stopping pacemaker on a node ad803ab71 Sanitize the uuid string for ceph-ansible 2e5de85ce Fix with_items indentation in logs readme ec2-api. a40a4927b Remove upgrade_tasks added during nova services flatten. 1d44eeafb Force host_routes to be a list dca57f51b Remove the use of tests as filters as it will be deprecated. 58b99bf5e Do not pull image while tagging pcmk images in upgrade_tasks. b026b860c Set Ironic default interface when using networking-ansible edfe18063 Inject log-driver for podman containers 2e899f394 Move container-image-prepare.j2.yaml to deployment dir bf111425b flatten the fluentd service configurations b8d2dd3ac step1: flatten the designate service configurations 93f529764 Push some NodeDataLookup in scenario001 707dcf2b7 Disable tacker for scenario007 9d115a359 Add support for transferring MariaDB data between nodes a64fa251e Add support for persistence of MariaDB data during reprovisioning c9adaaeb2 Flatten rabbitmq service - step 2 aa2dc674f Adding dependency for NetworkDeployment in 'server_resource_name'Deployment ec5fbe8de Fix generation of configs that contain password files c01d9d847 Handle case change for dmidecode >= 3.1 in Ceph templates fb7ea6734 Flatten rabbitmq service - step 1 fe2fda491 Change NodeDataLookup type from string to json 2587f4e96 Copy undercloud.conf file during mistral-executor start up. 1814b3032 Remove unneeded iptables mount points 8a0ddc7f0 Export global_config for compute-only stack 18f4e1177 Disable stack check and cancel update for undercloud 95245f6ad Remove incorrect mapped_data key from cisco ml2 hieradata 2bae8cc78 step1: flatten nova service configuration 3238e547a flatten the horizon service configurations dd54e32d1 mysql: sync credentials in running container on password change a2d0899f9 Add ContainerImagePrepare service to ControllerStorageNfs role 65041ed9d Clean unmanaged rules pushed by iptables-services package d1fea280f step2: flatten the neutron service configurations fff1df6ee TLS everywhere: Mount the whole /etc/pki/libvirt/ directory in libvirt 898154857 Catch directories we can not change ownership ce1e7eafe TLS everywhere: Set post-save command for neutron dhcpd a76a0a127 TLS everywhere: Set post-save command for nova-vnc-proxy 25bc2a687 flatten the congress service edf4e9e73 flatten the panko service 8b89ff2f5 flatten the tacker service 27e8bbd2a flatten the manila service configurations dcdb82c50 step1: flatten the neutron service configurations efaf0c3be Run nova_statedir_owner on every run 4cfa7c066 certmonger: Don't restart haproxy on cert renewal 99b87fba1 mysql: do not stop container when upgrade doesn't update mysql image a0a09d29a run docker_puppet_tasks on any role 0d106a261 Create tripleo-admin user on the undercloud 1d3fe8cb2 flatten database service MySQL Client c618b2168 Add stop_grace_period for heat_engine container 05d77c9ed flatten haproxy service configuration ce2ec4af9 Correct *_short_bootstrap_node_name variable. bcd438344 Move the multipathd services into deployment c4242729b flatten the iscsid service f7fb76754 TLS everywhere: Set post-save command for redis 03c54b806 TLS everywhere: Set post-save command for RabbitMQ 514f99c57 TLS everywhere: Set post-save command for httpd 080b22c8b Add PacemakerNetwork definition cb668e6b4 Optional ICMP validation of controllers and gateways df7f43974 Rework nova_cell_v2_discover_host.py to use nova.conf and python novaclient 9164e6adb Move UpgradeInitCommand and UpgradeInitCommonCommand to run by Ansible f0aecdd36 flatten the swift service configurations b807077a2 Enable ML2 baremetal by default with Ironic service f279e6ce6 noop package installation inside docker_puppet_apply.sh cd354bc38 flatten the mistral service configurations 482ed3cab Remove conf.modules.d that doesn't exist 7d3c7b16b deployed-servers: symlink ansible-playbook 822a92a80 Add VLAN as a supported network type for OVN 648dfa2bd Reload haproxy when certificate is renewed ca041e2c4 haproxy: deploy IPtables rules from the host 639285f09 Update parameters for cinder's Netapp backend 096fa8774 Explicitly manage http configs ad81fba15 Mount mysql client configuration in nova cell discovery container 7f5dec079 Don't disable keepalived in nonha-arch.yaml ae2ccb5f4 Remove workflow_tasks f6b934bd6 Remove the scenario standalones from tht zuul layout - just use template d9b311172 container-image-prepare: disable logging on the task 87a869a40 Fix nova_cell_v2_discover_host.py with python3 a619d990c Address python3 string issues with subprocess f77d8e790 Add missing entries for Pure Storage Cinder Backend and fix typos 8a818ab22 Apply changes to cluster using updated inventory ff36d44af Generate post-deployment openshift-ansible inventory 1febc8b7b Store nodes information in a dict cb675a91a Fix openshift playbook import d9a43277e Adding support of glance cinder store settings 85d9cf495 Revert "post_deploy: support python3 for undercloud scripts." 2dcd56041 Remove all glance-registry related changes 416f43c83 Flatten etcd configuration c4f57e28c Move login-defs to deployment directory 213e5121c Move securetty to deployment dir 7fea2d075 Move kernel config to deployment directory a0400c998 Move selinux to deployment folder 1143714b3 post_deploy: support python3 for undercloud scripts. 55188215d Use internal interface for keystone in "wait for placement" script 38ddc4c49 nova-metadata: use keystone internal endpoint instead of admin c980a40e5 Designate: Use keystone v3 internal endpoint instead of admin 166803d05 Include the DB password in a Mistral environment for creating backups and restores 13ec67a3a Avoid dangling firewall rule for ssh access c2e2b6297 Ensure /var/lib/config-data exists before setting selinux context a6479d0b5 use include_tasks instead of include e8a53f56f Remove networks from Undercloud and Standalone roles c1116e59c Add network data for the undercloud 53027484a Skip templating disabled networks cde4134d5 Service check in nova_cell_v2_discover_host.py to use internal API 8dbbf94a6 Adding pyshim.sh to missing python commands 80fb16378 Drop unused puppet/services parameters 397e2b4a3 Remove external_network_bridge Neutron option 25d063197 Remove configuration for cni0 bridge 87bc72a37 Use net=none for *_init_log(s) containers 9b284e74c Create /run/netns if does not exist cb6d81bd9 mistral-executor: bind mount the docker socket only when needed ae7ec1c79 mistral-executor: bind-mount /var/lib/containers 3fa634908 UX - Useful error msg if role is not in roles data ccb242f91 Enable Glance image_conversion plugin when backend is rbd 2b7cb1987 Allow ssh from all for undercloud 6fefd102b Look for parameters in parameter_groups 123f40a56 flatten cinder service configuration fe9372ece Add support for native TLS encryption on NBD for disk migration a72f8d4ae Remove deprecated TLS-related environment files 2a5baa597 Allow Octavia deployments for Standalone 1e318b569 Ensure logs folder is created in prep hosts tasks. 9012fff84 Added Barbican option BarbicanPkcs11AlwaysSetCkaSensitive ae1efdd44 flatten sahara service configuration eb52c794d Add HorizonSecureCookies to environments/ssl/enable-tls.yaml 632a184a9 Fetch scheme/port from hiera instead of hard coding it beb7aa112 Use the tripleo-standalone-scenarios-full template f5fe93b1f Update memcache config in docker-uc-light env 144b74d3b Look for used parameters in conditionals de3576633 Make neutron ovs agent work with python3 c5d1b6fb6 Fix paunch logs verbosity control a3b55888f Drop duplicate keystone logging group parameter 34d0e5b02 nova-libvirt: conditionalize selinux bind-mount 8f297c22e Make ceph-ansible integration respect PythonInterpreter 726f0b0c2 Drop zaqar param duplicates f01318640 Enable memcached debug if Debug param is set 704b6870b Reuse the container in case we have a temporary podman failure 9eeb4518c Remove with_items for 'yum/package' d87efd29e Conditionalize docker socket bind-mount e26ef65e5 Transitioning to HAProxy 1.8 fda5b5ab3 docker-puppet: retry container run command 1bebfdcbd Mount system modules when calling system iptables 35aae8730 Be explicit when passing vars into deploy steps dc46a8684 Assure that updates job is listed in both check and gate 2e36a4cfe Remove unused jinja code in network-isolation environment dfe4f2ddb Remove gluster settings from previous deployments on re-deploy 87358befc Fix deployment of gluster with openshift AllInOne 9ed011efc flatten the heat service configurations 5a8950c70 Run 'Delete Upgrade Flag and Unset it via Rest' only once c740b5421 Remove default role-name from merge network param script 0b6375d69 Remove unused params from ci/environments/network/* templates 2b8ecaa11 Add missing Aodh monitoring_subscription e32663b1f Add missing Ironic monitoring_subscription 2dae0b05e Update Barbican HSM ansible roles 0015cc744 Gracefully shutdown Mysql before upgrade. ef1b85702 Add Swift container sharder service d70d128aa Enable virt_sandbox_use_netlink SELinux boolean for port healthchecks 3df5f8db1 Fall back service_net_map to ctlplane 99f1c1ece Make ODL deployment compatible with podman 4b8c7055c Set keystone bind_host to both public and admin a31585837 Allow container healthchecks to access netlink data f86c89e08 Add scenario002-standalone to gates as we make it voting fe8b808fd Allow overlay tunnel endpoints on IPv6 address ae8998f36 Enable image inject metadata properties & user roles to be ignored 7c070ab11 Fix address for glusterfs container images df8e59249 Restart openshift master services after stack update d59e016cd Fix files: for scenario003 standalone - pointing to wrong env 2d608e07b Move docker into deployment directory 33b5658f0 Deprecate duplicate NFV environment files e7c7f79f9 Snmp - Use net_cidr_map for firewall rules f2ff3eb74 Memcached - Use net_cidr_map for firewall rules 5666a4fe0 Designate - Use net_cidr_map for rndc_allowed_addresses da1de3aaf Apache - Use net_cidr_map for proxy_ips e0e885b8c Move cellv2 discovery from control plane services to compute services a433e05e6 implement default ssh-from-ctlplane rule via hiera 89faf9c02 flatten tripleo-packages service configuration 8cf1a9993 Don't force Horizon's secure cookies to disabled ab6395a64 Set container images for openshift 3.11 3e613f178 Remove openshift-ansible customization e26a5ea3b Rely on osa defaults for enabled services 841e17511 Update manila environment file name in capabilities-map f252778d6 Fix Chinese quotes a693e6f1c Enable ovs-stats by default when using ovs ed46e6e28 Per role Numa aware vswitch configuration 5cb7fee7a Introducing Nuage Neutron VRS resource. 54b78df00 Fix files conditions for scenario 007 and 008 806cbd470 Fix a spelling mistake. Diffstat (except docs and test files) ------------------------------------- README.rst | 2 +- all-nodes-validation.yaml | 12 + capabilities-map.yaml | 9 +- ci/common/ironic_standalone_post.yaml | 17 + ci/environments/multinode-3nodes-registry.yaml | 10 +- ci/environments/multinode-containers.yaml | 8 +- .../multiple-nics-ipv6/network-environment.yaml | 2 +- .../nic-configs/ceph-storage.yaml | 92 --- .../nic-configs/cinder-storage.yaml | 70 -- .../nic-configs/compute-dvr.yaml | 189 +++++ .../multiple-nics-ipv6/nic-configs/compute.yaml | 70 -- .../multiple-nics-ipv6/nic-configs/controller.yaml | 22 - .../nic-configs/swift-storage.yaml | 70 -- .../network/multiple-nics/network-environment.yaml | 2 +- .../multiple-nics/nic-configs/ceph-storage.yaml | 92 --- .../multiple-nics/nic-configs/cinder-storage.yaml | 92 --- .../multiple-nics/nic-configs/compute-dvr.yaml | 188 +++++ .../network/multiple-nics/nic-configs/compute.yaml | 70 -- .../multiple-nics/nic-configs/controller.yaml | 22 - .../multiple-nics/nic-configs/swift-storage.yaml | 70 -- .../public-bond/nic-configs/ceph-storage.yaml | 92 --- .../public-bond/nic-configs/cinder-storage.yaml | 70 -- .../network/public-bond/nic-configs/compute.yaml | 70 -- .../public-bond/nic-configs/controller.yaml | 28 - .../public-bond/nic-configs/swift-storage.yaml | 70 -- ci/environments/ovb-ha.yaml | 57 +- .../scenario000-multinode-containers.yaml | 10 +- .../scenario001-multinode-containers.yaml | 33 +- ci/environments/scenario001-standalone.yaml | 57 +- .../scenario002-multinode-containers.yaml | 33 +- ci/environments/scenario002-standalone.yaml | 40 +- .../scenario003-multinode-containers.yaml | 39 +- ci/environments/scenario003-standalone.yaml | 32 +- .../scenario004-multinode-containers.yaml | 31 +- ci/environments/scenario004-standalone.yaml | 31 +- .../scenario006-multinode-containers.yaml | 11 +- ci/environments/scenario006-multinode.yaml | 1 - .../scenario007-multinode-containers.yaml | 52 +- .../scenario008-multinode-containers.yaml | 4 + ci/environments/scenario009-multinode.yaml | 1 - .../scenario010-multinode-containers.yaml | 23 +- .../scenario012-multinode-containers.yaml | 23 +- ci/environments/scenario012-standalone.yaml | 42 ++ common/deploy-steps-tasks.yaml | 179 +++-- common/deploy-steps.j2 | 314 +++------ common/services.yaml | 54 +- .../__init__.py | 0 .../nova_cell_v2_discover_host.py | 109 +++ .../nova_statedir_ownership.py | 8 +- .../nova_wait_for_placement_service.py | 2 +- .../pyshim.sh | 0 .../deployed-server-bootstrap-centos.sh | 10 + deployed-server/deployed-server-bootstrap-rhel.sh | 10 + deployed-server/deployed-server-roles-data.yaml | 1 + deployed-server/deployed-server.yaml | 21 - deployment/aodh/aodh-api-container-puppet.yaml | 9 +- .../aodh/aodh-evaluator-container-puppet.yaml | 11 +- .../aodh/aodh-listener-container-puppet.yaml | 11 +- .../aodh/aodh-notifier-container-puppet.yaml | 11 +- .../barbican/barbican-api-container-puppet.yaml | 215 +++++- .../barbican/barbican-backend-dogtag-puppet.yaml | 0 .../barbican/barbican-backend-kmip-puppet.yaml | 0 .../barbican-backend-pkcs11-crypto-puppet.yaml | 5 + .../barbican-backend-simple-crypto-puppet.yaml | 0 .../ceilometer-agent-central-container-puppet.yaml | 40 +- .../ceilometer-agent-compute-container-puppet.yaml | 56 +- .../ceilometer-agent-ipmi-container-puppet.yaml | 58 +- ...ometer-agent-notification-container-puppet.yaml | 44 +- .../ceilometer-base-container-puppet.yaml | 0 .../cinder/cinder-api-container-puppet.yaml | 149 +++- .../cinder-backend-dellemc-unity-puppet.yaml | 0 .../cinder-backend-dellemc-vmax-iscsi-puppet.yaml | 0 .../cinder/cinder-backend-dellemc-vnx-puppet.yaml | 0 ...inder-backend-dellemc-xtremio-iscsi-puppet.yaml | 0 .../cinder/cinder-backend-dellps-puppet.yaml | 0 .../cinder/cinder-backend-dellsc-puppet.yaml | 0 .../cinder/cinder-backend-netapp-puppet.yaml | 22 +- .../cinder/cinder-backend-nvmeof-puppet.yaml | 0 .../cinder/cinder-backend-pure-puppet.yaml | 10 +- .../cinder/cinder-backend-scaleio-puppet.yaml | 0 .../cinder-backend-veritas-hyperscale-puppet.yaml | 0 .../cinder/cinder-backup-container-puppet.yaml | 73 +- .../cinder/cinder-backup-pacemaker-puppet.yaml | 20 +- .../cinder}/cinder-base.yaml | 0 .../cinder/cinder-common-container-puppet.yaml | 3 +- .../cinder/cinder-hpelefthand-iscsi-puppet.yaml | 0 .../cinder/cinder-scheduler-container-puppet.yaml | 25 +- .../cinder/cinder-volume-container-puppet.yaml | 244 +++++-- .../cinder/cinder-volume-pacemaker-puppet.yaml | 33 +- .../openstack-clients-baremetal-puppet.yaml | 0 .../congress/congress-container-puppet.yaml | 139 +++- ...ntainer-image-prepare-baremetal-ansible.j2.yaml | 16 +- .../database/mysql-base.yaml | 22 - .../database/mysql-client.yaml | 0 .../database/mysql-container-puppet.yaml | 107 ++- .../database/mysql-pacemaker-puppet.yaml | 110 ++- .../database/redis-base-puppet.yaml | 0 .../database/redis-container-puppet.yaml | 60 +- .../database/redis-pacemaker-puppet.yaml | 30 +- deployment/deprecated/README.rst | 6 + .../docker/docker-baremetal-ansible.yaml | 0 .../docker/docker-registry-baremetal-ansible.yaml | 0 .../deprecated}/logging/fluentd-config.yaml | 0 .../logging/fluentd-container-puppet.yaml | 63 +- .../deprecated}/monitoring/sensu-base.yaml | 0 .../monitoring/sensu-client-container-puppet.yaml | 78 ++- .../panko/panko-api-container-puppet.yaml | 312 +++++++++ .../tripleo-ui/tripleo-ui-container-puppet.yaml | 119 +++- .../designate/designate-api-container-puppet.yaml | 54 +- .../designate}/designate-base.yaml | 0 .../designate-central-container-puppet.yaml | 74 +- .../designate/designate-mdns-container-puppet.yaml | 78 ++- .../designate-producer-container-puppet.yaml | 50 +- .../designate/designate-sink-container-puppet.yaml | 50 +- .../designate-worker-container-puppet.yaml | 100 ++- .../ec2/ec2-api-container-puppet.yaml | 192 +++++- .../etcd/etcd-container-puppet.yaml | 84 ++- deployment/glance/glance-api-container-puppet.yaml | 41 +- .../glance/glance-api-logging-file-container.yaml | 2 + .../glance/glance-registry-disabled-puppet.yaml | 57 -- .../haproxy/haproxy-container-puppet.yaml | 142 ++-- .../haproxy-internal-tls-certmonger.j2.yaml | 1 + .../haproxy/haproxy-pacemaker-puppet.yaml | 73 +- .../haproxy}/haproxy-public-tls-certmonger.yaml | 1 + .../haproxy}/haproxy-public-tls-inject.yaml | 6 +- .../heat/heat-api-cfn-container-puppet.yaml | 100 ++- .../heat/heat-api-cloudwatch-disabled-puppet.yaml | 0 .../heat/heat-api-container-puppet.yaml | 108 ++- .../heat/heat-base-puppet.yaml | 16 +- .../heat/heat-engine-container-puppet.yaml | 171 ++++- .../horizon/horizon-container-puppet.yaml | 182 ++++- .../image-serve/image-serve-baremetal-ansible.yaml | 83 +++ deployment/ironic/ironic-api-container-puppet.yaml | 11 +- .../ironic/ironic-conductor-container-puppet.yaml | 5 +- .../ironic/ironic-inspector-container-puppet.yaml | 14 +- deployment/ironic/ironic-pxe-container-puppet.yaml | 6 + .../iscsid/iscsid-container-puppet.yaml | 21 +- .../keepalived/keepalived-container-puppet.yaml | 11 +- .../kernel/kernel-baremetal-puppet.yaml | 2 +- deployment/keystone/keystone-container-puppet.yaml | 34 +- .../login-defs/login-defs-baremetal-puppet.yaml | 0 .../logrotate-crond-container-puppet.yaml | 3 +- .../manila/manila-api-container-puppet.yaml | 134 +++- .../manila}/manila-base.yaml | 0 .../manila/manila-scheduler-container-puppet.yaml | 55 +- .../manila/manila-share-common.yaml | 2 +- .../manila/manila-share-container-puppet.yaml | 39 +- .../manila/manila-share-pacemaker-puppet.yaml | 27 +- .../memcached/memcached-container-puppet.yaml | 55 +- .../messaging/rpc-qdrouterd-container-puppet.yaml | 80 ++- deployment/metrics/collectd-container-puppet.yaml | 545 +++++++++++++++ .../metrics/qdr-container-puppet.yaml | 3 +- .../mistral/mistral-api-container-puppet.yaml | 94 ++- .../mistral}/mistral-base.yaml | 0 .../mistral/mistral-engine-container-puppet.yaml | 55 +- .../mistral-event-engine-container-puppet.yaml | 34 +- .../mistral/mistral-executor-container-puppet.yaml | 79 ++- .../multipathd/multipathd-container.yaml | 3 +- .../neutron/neutron-api-container-puppet.yaml | 238 ++++++- .../neutron-bgpvpn-api-container-puppet.yaml | 19 +- .../neutron-bgpvpn-bagpipe-baremetal-puppet.yaml | 0 .../neutron/neutron-cleanup | 0 .../neutron/neutron-cleanup.service | 0 .../neutron/neutron-dhcp-container-puppet.yaml | 140 +++- .../neutron-l2gw-agent-baremetal-puppet.yaml | 0 .../neutron/neutron-l2gw-api-container-puppet.yaml | 21 +- .../neutron/neutron-l3-container-puppet.yaml | 100 ++- .../neutron-lbaas-api-container-puppet.yaml | 22 +- .../neutron/neutron-metadata-container-puppet.yaml | 96 ++- .../neutron-ovs-agent-container-puppet.yaml | 169 ++++- .../neutron-ovs-dpdk-agent-container-puppet.yaml | 46 +- ...eutron-plugin-ml2-ansible-container-puppet.yaml | 28 +- ...tron-plugin-ml2-cisco-vts-container-puppet.yaml | 78 ++- .../neutron-plugin-nsx-container-puppet.yaml | 37 +- .../neutron/neutron-sfc-api-container-puppet.yaml | 14 +- .../neutron-sriov-agent-container-puppet.yaml | 89 ++- .../nova/nova-api-container-puppet.yaml | 306 +++++---- .../nova/nova-base-puppet.yaml | 10 +- .../nova/nova-compute-common-container-puppet.yaml | 9 +- deployment/nova/nova-compute-container-puppet.yaml | 765 +++++++++++++++++++++ .../nova/nova-conductor-container-puppet.yaml | 121 +++- .../nova/nova-consoleauth-container-puppet.yaml | 49 +- .../nova/nova-ironic-container-puppet.yaml | 66 +- .../nova/nova-libvirt-container-puppet.yaml | 390 ++++++++++- .../nova/nova-libvirt-guests-container-puppet.yaml | 4 +- .../nova/nova-metadata-container-puppet.yaml | 129 +++- .../nova-migration-target-container-puppet.yaml | 62 +- .../nova/nova-placement-container-puppet.yaml | 118 +++- .../nova/nova-scheduler-container-puppet.yaml | 97 ++- .../nova/nova-vnc-proxy-container-puppet.yaml | 135 +++- .../nova/novajoin-container-puppet.yaml | 7 +- .../octavia/octavia-api-container-puppet.yaml | 142 +++- deployment/octavia/octavia-base.yaml | 215 ++++++ .../octavia/octavia-deployment-config.j2.yaml | 12 + .../octavia-health-manager-container-puppet.yaml | 65 +- .../octavia-housekeeping-container-puppet.yaml | 56 +- .../octavia/octavia-worker-container-puppet.yaml | 89 ++- deployment/podman/podman-baremetal-ansible.yaml | 49 ++ .../qdr/qdrouterd-container-puppet.yaml | 66 +- .../rabbitmq/rabbitmq-container-puppet.yaml | 168 ++++- ...rabbitmq-messaging-notify-container-puppet.yaml | 111 ++- ...rabbitmq-messaging-notify-pacemaker-puppet.yaml | 18 +- .../rabbitmq-messaging-notify-shared-puppet.yaml | 20 +- .../rabbitmq-messaging-pacemaker-puppet.yaml | 23 +- .../rabbitmq-messaging-rpc-container-puppet.yaml | 113 ++- .../rabbitmq-messaging-rpc-pacemaker-puppet.yaml | 16 +- .../sahara/sahara-api-container-puppet.yaml | 99 ++- .../sahara}/sahara-base.yaml | 0 .../sahara/sahara-engine-container-puppet.yaml | 56 +- .../securetty/securetty-baremetal-puppet.yaml | 0 .../selinux/selinux-baremetal-puppet.yaml | 0 deployment/snmp/snmp-baremetal-puppet.yaml | 33 +- deployment/sshd/sshd-baremetal-puppet.yaml | 26 +- .../services => deployment/swift}/swift-base.yaml | 0 .../swift/swift-dispersion-baremetal-puppet.yaml | 0 .../swift/swift-proxy-container-puppet.yaml | 241 ++++++- .../swift/swift-ringbuilder-container-puppet.yaml | 54 +- .../swift/swift-storage-container-puppet.yaml | 144 +++- .../tacker/tacker-container-puppet.yaml | 120 +++- .../tripleo-firewall-baremetal-puppet.yaml | 61 +- .../tripleo-packages-baremetal-puppet.yaml | 44 +- deployment/zaqar/zaqar-container-puppet.yaml | 24 +- .../services/logging/files/opendaylight-api.yaml | 2 +- .../services/messaging/notify-rabbitmq-shared.yaml | 54 -- ...aml => neutron-plugin-ml2-mlnx-sdn-assist.yaml} | 29 +- environments/barbican-backend-dogtag.yaml | 2 +- environments/barbican-backend-kmip.yaml | 2 +- environments/barbican-backend-pkcs11-atos.yaml | 3 +- environments/barbican-backend-pkcs11-thales.yaml | 3 +- environments/barbican-backend-pkcs11.yaml | 5 +- environments/barbican-backend-simple-crypto.yaml | 2 +- environments/baremetal-services.yaml | 63 -- environments/cinder-backup.yaml | 4 +- environments/cinder-dellemc-unity-config.yaml | 2 +- environments/cinder-dellemc-vmax-iscsi-config.yaml | 2 +- environments/cinder-dellemc-vnx-config.yaml | 2 +- .../cinder-dellemc-xtremio-iscsi-config.yaml | 2 +- environments/cinder-dellps-config.yaml | 2 +- environments/cinder-dellsc-config.yaml | 2 +- environments/cinder-hpelefthand-config.yaml | 2 +- environments/cinder-netapp-config.yaml | 4 +- environments/cinder-nvmeof-config.yaml | 2 +- environments/cinder-pure-config.yaml | 3 +- environments/cinder-scaleio-config.yaml | 2 +- environments/cinder-volume-active-active.yaml | 8 + environments/collectd-environment.yaml | 2 +- environments/compute-real-time-example.yaml | 2 +- environments/computealt.yaml | 18 +- environments/config-debug.yaml | 2 +- environments/container-image-prepare-debug.yaml | 5 + .../disable-config-download-environment.yaml | 5 - environments/disable-workflow-tasks.yaml | 6 - environments/docker-ha.yaml | 12 +- environments/docker-uc-light.yaml | 36 +- environments/docker.yaml | 12 +- environments/enable-designate.yaml | 10 +- environments/enable-internal-tls.yaml | 27 - environments/enable-tls.yaml | 19 - environments/enable_congress.yaml | 2 +- environments/enable_tacker.yaml | 2 +- environments/external-loadbalancer-vip-v6-all.yaml | 40 ++ environments/hyperconverged-ceph.yaml | 1 + environments/inject-trust-anchor-hiera.yaml | 12 - environments/inject-trust-anchor.yaml | 10 - environments/kubernetes.yaml | 2 +- environments/logging-environment.yaml | 4 +- environments/login-defs.yaml | 2 +- environments/manila-cephfsganesha-config.yaml | 7 +- environments/manila-cephfsnative-config.yaml | 7 +- environments/manila-isilon-config.yaml | 6 +- environments/manila-netapp-config.yaml | 6 +- environments/manila-unity-config.yaml | 6 +- environments/manila-vmax-config.yaml | 6 +- environments/manila-vnx-config.yaml | 6 +- .../rpc-qdrouterd-notify-rabbitmq-hybrid.yaml | 4 +- .../rpc-rabbitmq-notify-rabbitmq-shared.yaml | 4 +- environments/metrics-collectd-qdr.yaml | 4 +- environments/monitoring-environment.yaml | 4 +- environments/network-environment-v6-all.j2.yaml | 62 ++ environments/network-environment-v6.j2.yaml | 4 +- environments/network-environment.j2.yaml | 4 +- environments/network-isolation-v6-all.j2.yaml | 67 ++ environments/network-isolation-v6.j2.yaml | 9 - environments/network-isolation.j2.yaml | 9 - environments/neutron-bgpvpn-bagpipe.yaml | 5 +- environments/neutron-bgpvpn.yaml | 2 +- environments/neutron-l2gw.yaml | 5 +- environments/neutron-ml2-ansible.yaml | 3 +- environments/neutron-ml2-vpp.yaml | 2 +- environments/neutron-ovs-dpdk.yaml | 6 +- environments/neutron-ovs-dvr.yaml | 29 +- environments/neutron-sfc.yaml | 3 +- environments/neutron-sriov.yaml | 6 +- environments/no-tls-endpoints-public-ip.yaml | 120 ---- environments/nonha-arch.yaml | 12 +- environments/nsx-config.yaml | 2 +- environments/openshift.yaml | 4 +- environments/public-tls-undercloud.yaml | 2 +- environments/securetty.yaml | 2 +- environments/services-baremetal/barbican.yaml | 2 +- environments/services-baremetal/cinder-backup.yaml | 4 +- environments/services-baremetal/collectd.yaml | 2 +- environments/services-baremetal/congress.yaml | 2 +- environments/services-baremetal/ec2-api.yaml | 2 +- environments/services-baremetal/etcd.yaml | 2 +- environments/services-baremetal/fluentd.yaml | 2 +- environments/services-baremetal/manila.yaml | 6 +- environments/services-baremetal/mistral.yaml | 8 +- .../neutron-bgpvpn-opendaylight.yaml | 2 +- .../neutron-l2gw-opendaylight.yaml | 2 +- .../services-baremetal/neutron-lbaasv2.yaml | 2 +- .../services-baremetal/neutron-ml2-cisco-vts.yaml | 2 +- .../neutron-opendaylight-sriov.yaml | 2 +- .../services-baremetal/neutron-ovs-dpdk.yaml | 2 +- environments/services-baremetal/neutron-sriov.yaml | 2 +- environments/services-baremetal/octavia.yaml | 10 +- environments/services-baremetal/sahara.yaml | 3 - environments/services-baremetal/sensu-client.yaml | 2 +- environments/services-baremetal/tacker.yaml | 2 +- .../services-baremetal/undercloud-ceilometer.yaml | 6 +- .../services-baremetal/undercloud-cinder.yaml | 6 +- .../services-baremetal/undercloud-gnocchi.yaml | 2 +- .../services-baremetal/undercloud-haproxy.yaml | 2 +- .../services-baremetal/undercloud-panko.yaml | 2 +- environments/services/barbican.yaml | 2 +- environments/services/cinder-backup.yaml | 4 +- environments/services/collectd.yaml | 2 +- environments/services/congress.yaml | 2 +- environments/services/ec2-api.yaml | 2 +- environments/services/etcd.yaml | 2 +- environments/services/fluentd.yaml | 2 +- .../services/haproxy-public-tls-certmonger.yaml | 2 +- environments/services/ironic-overcloud.yaml | 10 + environments/services/ironic.yaml | 5 +- environments/services/manila.yaml | 6 +- environments/services/mistral.yaml | 8 +- .../services/neutron-bgpvpn-opendaylight.yaml | 2 +- .../services/neutron-l2gw-opendaylight.yaml | 2 +- environments/services/neutron-lbaasv2.yaml | 2 +- environments/services/neutron-ml2-ansible.yaml | 1 + environments/services/neutron-ml2-cisco-vts.yaml | 2 +- environments/services/neutron-nsx-lbaasv2.yaml | 2 +- .../services/neutron-opendaylight-sriov.yaml | 2 +- environments/services/neutron-ovn-sriov.yaml | 4 +- environments/services/neutron-ovs-dpdk.yaml | 2 +- environments/services/neutron-ovs-dvr.yaml | 33 +- environments/services/neutron-ovs.yaml | 35 + .../services/neutron-sfc-opendaylight.yaml | 2 +- environments/services/neutron-sfc-ovn.yaml | 2 +- environments/services/neutron-sriov.yaml | 2 +- environments/services/novajoin.yaml | 2 +- environments/services/octavia.yaml | 10 +- environments/services/qdr.yaml | 2 +- environments/services/sahara.yaml | 4 +- environments/services/sensu-client.yaml | 2 +- environments/services/tacker.yaml | 2 +- environments/services/tripleo-ui.yaml | 3 +- environments/services/undercloud-ceilometer.yaml | 6 +- environments/services/undercloud-cinder.yaml | 6 +- environments/services/undercloud-gnocchi.yaml | 2 +- environments/services/undercloud-haproxy.yaml | 2 +- environments/services/undercloud-panko.yaml | 2 +- environments/services/zaqar.yaml | 2 +- environments/ssl/enable-internal-tls.yaml | 3 +- environments/ssl/enable-tls.yaml | 4 + environments/ssl/no-tls-endpoints-public-ip.yaml | 1 + environments/ssl/tls-endpoints-public-dns.yaml | 1 + environments/ssl/tls-endpoints-public-ip.yaml | 1 + environments/ssl/tls-everywhere-endpoints-dns.yaml | 1 + environments/standalone.yaml | 4 +- environments/standalone/standalone-overcloud.yaml | 4 +- environments/standalone/standalone-tripleo.yaml | 13 +- environments/storage/cinder-netapp-config.yaml | 10 +- environments/tls-endpoints-public-dns.yaml | 109 --- environments/tls-endpoints-public-ip.yaml | 109 --- environments/tls-everywhere-endpoints-dns.yaml | 105 --- environments/undercloud.yaml | 28 +- .../updates/update-from-ml2-ovs-from-rocky.yaml | 8 + .../cinder-veritas-hyperscale-config.yaml | 2 +- extraconfig/post_deploy/undercloud_post.py | 10 +- extraconfig/post_deploy/undercloud_post.yaml | 5 + extraconfig/pre_network/config_then_reboot.yaml | 7 + .../pre_network/host_config_and_reboot.yaml | 184 ----- extraconfig/services/ipaclient.yaml | 147 ++++ extraconfig/services/kubernetes-master.yaml | 4 +- extraconfig/services/openshift-cns.yaml | 53 +- extraconfig/services/openshift-master.yaml | 230 +++++-- extraconfig/services/openshift-node.yaml | 41 +- extraconfig/services/skydive-analyzer.yaml | 9 +- firstboot/os-net-config-mappings.yaml | 5 +- network/endpoints/endpoint_data.yaml | 6 + network/endpoints/endpoint_map.yaml | 82 +++ network/networks.j2.yaml | 4 +- network/ports/net_ip_list_map.j2.yaml | 42 +- network/ports/net_ip_map.j2.yaml | 22 +- network/ports/net_vip_map_external.j2.yaml | 10 +- network/ports/net_vip_map_external_v6.j2.yaml | 10 +- network/service_net_map.j2.yaml | 147 ++-- network_data.yaml | 1 - network_data_ganesha.yaml | 1 - network_data_routed.yaml | 2 - network_data_undercloud.yaml | 3 + overcloud-resource-registry-puppet.j2.yaml | 134 ++-- overcloud.j2.yaml | 312 ++++----- puppet/all-nodes-config.j2.yaml | 21 +- .../all_nodes/neutron-ml2-cisco-nexus-ucsm.j2.yaml | 33 +- puppet/extraconfig/pre_deploy/per_node.yaml | 20 +- puppet/role.role.j2.yaml | 37 +- puppet/services/README.rst | 31 - puppet/services/apache.j2.yaml | 15 +- puppet/services/barbican-api.yaml | 206 ------ puppet/services/ceilometer-agent-central.yaml | 79 --- puppet/services/ceilometer-agent-compute.yaml | 74 -- puppet/services/ceilometer-agent-ipmi.yaml | 76 -- puppet/services/ceilometer-agent-notification.yaml | 71 -- puppet/services/certmonger-user.yaml | 4 + puppet/services/cinder-api.yaml | 197 ------ puppet/services/cinder-backup.yaml | 114 --- puppet/services/cinder-scheduler.yaml | 72 -- puppet/services/database/redis.yaml | 105 --- puppet/services/designate-api.yaml | 117 ---- puppet/services/designate-central.yaml | 101 --- puppet/services/designate-mdns.yaml | 106 --- puppet/services/designate-producer.yaml | 74 -- puppet/services/designate-sink.yaml | 74 -- puppet/services/designate-worker.yaml | 126 ---- puppet/services/ec2-api.yaml | 210 ------ puppet/services/haproxy.yaml | 175 ----- puppet/services/heat-api-cfn.yaml | 147 ---- puppet/services/heat-api.yaml | 154 ----- puppet/services/horizon.yaml | 197 ------ puppet/services/iscsid.yaml | 41 -- puppet/services/logging/fluentd.yaml | 82 --- puppet/services/manila-api.yaml | 104 --- puppet/services/manila-backend-cephfs.yaml | 4 + puppet/services/manila-scheduler.yaml | 75 -- puppet/services/manila-share.yaml | 70 -- puppet/services/messaging/notify-rabbitmq.yaml | 145 ---- puppet/services/messaging/rpc-qdrouterd.yaml | 101 --- puppet/services/messaging/rpc-rabbitmq.yaml | 146 ---- puppet/services/mistral-api.yaml | 135 ---- puppet/services/mistral-engine.yaml | 79 --- puppet/services/mistral-event-engine.yaml | 54 -- puppet/services/mistral-executor.yaml | 60 -- puppet/services/monitoring/sensu-client.yaml | 83 --- puppet/services/neutron-base.yaml | 31 +- puppet/services/neutron-compute-plugin-nuage.yaml | 2 +- .../services/neutron-controller-plugin-nuage.yaml | 81 +++ puppet/services/neutron-dhcp.yaml | 157 ----- puppet/services/neutron-l3-compute-dvr.yaml | 21 - puppet/services/neutron-l3.yaml | 137 ---- puppet/services/neutron-metadata.yaml | 140 ---- puppet/services/neutron-ovs-agent.yaml | 177 ----- puppet/services/neutron-plugin-ml2-ansible.yaml | 62 -- puppet/services/neutron-plugin-ml2-ovn.yaml | 22 +- puppet/services/neutron-plugin-ml2.yaml | 8 +- puppet/services/neutron-sriov-agent.yaml | 119 ---- puppet/services/nova-api.yaml | 338 --------- puppet/services/nova-compute.yaml | 440 ------------ puppet/services/nova-conductor.yaml | 98 --- puppet/services/nova-consoleauth.yaml | 72 -- puppet/services/nova-ironic.yaml | 71 -- puppet/services/nova-libvirt.yaml | 362 ---------- puppet/services/nova-metadata.yaml | 161 ----- puppet/services/nova-migration-target.yaml | 84 --- puppet/services/nova-placement.yaml | 159 ----- puppet/services/nova-scheduler.yaml | 118 ---- puppet/services/nova-vnc-proxy.yaml | 209 ------ puppet/services/octavia-api.yaml | 180 ----- puppet/services/octavia-base.yaml | 164 ----- puppet/services/octavia-controller.yaml | 108 --- puppet/services/octavia-health-manager.yaml | 105 --- puppet/services/octavia-housekeeping.yaml | 97 --- puppet/services/octavia-worker.yaml | 121 ---- puppet/services/opendaylight-api.yaml | 3 - puppet/services/opendaylight-ovs.yaml | 3 - puppet/services/ovn-controller.yaml | 1 + puppet/services/ovn-metadata.yaml | 6 +- puppet/services/pacemaker.yaml | 24 +- puppet/services/pacemaker/cinder-backup.yaml | 77 --- puppet/services/pacemaker/cinder-volume.yaml | 73 -- puppet/services/pacemaker/database/mysql.yaml | 87 --- puppet/services/pacemaker/database/redis.yaml | 94 --- puppet/services/pacemaker/haproxy.yaml | 70 -- puppet/services/pacemaker/manila-share.yaml | 59 -- puppet/services/pacemaker/rabbitmq.yaml | 58 -- puppet/services/panko-api.yaml | 124 ---- puppet/services/panko-base.yaml | 137 ---- puppet/services/qdr.yaml | 77 --- puppet/services/rabbitmq.yaml | 193 ------ puppet/services/sahara-api.yaml | 126 ---- puppet/services/sahara-engine.yaml | 73 -- puppet/services/swift-proxy.yaml | 283 -------- puppet/services/swift-ringbuilder.yaml | 100 --- puppet/services/swift-storage.yaml | 175 ----- releasenotes/notes/6.0.0-b52a14a71fc62788.yaml | 2 +- ...grade-specific-hiera-file-7a41a23017a545b9.yaml | 5 + .../ContainerLogStdoutPath-20cbce05a1710d8a.yaml | 5 + ...eph_volume_mode-parameter-5553a9b39718a749.yaml | 9 + ...-GlobalConfigExtraMapData-793757a2b767abe3.yaml | 5 + ...d-mellanox-sdn-ml2-docker-58d242b5a8c40ade.yaml | 5 + .../add-ovn-db-endpointmap-2f75dea0b3aa4513.yaml | 15 + .../add_compute_manage_ksm-86fcbd1dc9a193ca.yaml | 7 + ...-always-set-cka-sensitive-7a9dc31290899cac.yaml | 5 + ...dhcp-in-neutron-container-1e7835e4e7292492.yaml | 4 + ...nder-volume-active-active-976f2bc33ab52c94.yaml | 8 + ...ainer_image_prepare_debug-52fcb324633d2cf0.yaml | 6 + ...recate-duplicate-nfv-envs-615d5b97bae6f9a9.yaml | 5 + ...ecate-xinetd-service.yaml-d7594bf8a7b714e2.yaml | 7 + .../deprecate_docker_all-40eb568c9234a3d8.yaml | 5 + .../deprecated_services-172a1ae6348e6c52.yaml | 4 + ...eat-non-lifecycle-actions-d551fe4551d71770.yaml | 10 + .../docker_puppet_tasks-e74637224ee66f66.yaml | 5 + .../drop-baremetal-haproxy-5e2f0f3c9b8da664.yaml | 4 + ...op-baremetal-mysql-server-a36a2f39f88c8181.yaml | 4 + .../drop-baremetal-redis-2e2f221b9ee6f9cc.yaml | 4 + .../drop-baremetal-sahara-f2922322511047de.yaml | 4 + ...metal-with-ironic-service-8c2909023e3896a5.yaml | 6 + ...nject-metadata-properties-72cdc946748e9b1b.yaml | 7 + .../notes/logging-paunch-7fa8570b380a7ebd.yaml | 4 + .../notes/minor-update-env-20657417094d4aeb.yaml | 7 + ...enroll-to-host-prep-tasks-934c6e0a9f75f15b.yaml | 8 + ...ata_lookup_string_to_json-69362e93d862bd87.yaml | 7 + ...ver_host_use_internal_api-1bebb3e9c6e69113.yaml | 7 + ...on_nbd_for_disk_migration-2e16003c4764a399.yaml | 12 + .../notes/octavia-standalone-f1f1121ba77981c3.yaml | 8 + ...-enable-management-plugin-94b27747e4f5e685.yaml | 6 + ...-nic-config-params-script-d670279038411978.yaml | 8 + ...-disabled-glance-registry-2738b41a2e200d95.yaml | 5 + ...external-bridge-parameter-a0c7e7ff8d937541.yaml | 6 + .../remove-old-tls-envs-137cf19b55526a81.yaml | 9 + ..._IPv6_for_tenant_networks-30938bfdde547969.yaml | 8 + .../swift-container-sharder-b96c2fa43aa66aac.yaml | 6 + ...-api-to-httpd-support-tls-9b995fe4113b2412.yaml | 6 + ...tch-to-default-ovn-driver-ab4ae9d348158d61.yaml | 16 + .../notes/tripleo_ui-1923e35ee139f777.yaml | 4 + .../undercloud-tripleo-admin-7043cc0b2e4bfb8a.yaml | 5 + ...-cinder-netapp-parameters-cf6da846e72007df.yaml | 11 + .../var_lib_docker_deprec-0c48311c01605228.yaml | 7 + roles/BlockStorage.yaml | 1 + roles/CellController.yaml | 56 ++ roles/CephAll.yaml | 1 + roles/CephFile.yaml | 1 + roles/CephObject.yaml | 1 + roles/CephStorage.yaml | 1 + roles/Compute.yaml | 1 + roles/ComputeAlt.yaml | 1 + roles/ComputeDVR.yaml | 1 + roles/ComputeHCI.yaml | 1 + roles/ComputeInstanceHA.yaml | 1 + roles/ComputeLiquidio.yaml | 1 + roles/ComputeOvsDpdk.yaml | 1 + roles/ComputeOvsDpdkRT.yaml | 1 + roles/ComputeOvsDpdkSriov.yaml | 1 + roles/ComputeOvsDpdkSriovRT.yaml | 1 + roles/ComputePPC64LE.yaml | 1 + roles/ComputeRealTime.yaml | 1 + roles/ComputeSriov.yaml | 1 + roles/ComputeSriovRT.yaml | 1 + roles/Controller.yaml | 4 +- roles/ControllerAllNovaStandalone.yaml | 2 +- roles/ControllerNoCeph.yaml | 4 +- roles/ControllerNovaStandalone.yaml | 2 +- roles/ControllerOpenstack.yaml | 2 +- roles/ControllerStorageNfs.yaml | 4 +- roles/Database.yaml | 1 + roles/DistributedCompute.yaml | 1 + roles/DistributedComputeHCI.yaml | 1 + roles/HciCephAll.yaml | 1 + roles/HciCephFile.yaml | 1 + roles/HciCephMon.yaml | 1 + roles/HciCephObject.yaml | 1 + roles/IronicConductor.yaml | 1 + roles/Messaging.yaml | 1 + roles/Networker.yaml | 2 + roles/Novacontrol.yaml | 1 + roles/ObjectStorage.yaml | 1 + roles/Standalone.yaml | 15 +- roles/Telemetry.yaml | 1 + roles/Undercloud.yaml | 10 - roles_data.yaml | 8 +- roles_data_undercloud.yaml | 10 - sample-env-generator/enable-services.yaml | 14 +- sample-env-generator/messaging.yaml | 14 +- sample-env-generator/networking.yaml | 2 +- sample-env-generator/openidc.yaml | 2 +- sample-env-generator/ssl.yaml | 23 +- sample-env-generator/standalone.yaml | 25 +- sample-env-generator/storage.yaml | 8 +- tools/merge-new-params-nic-config-script.py | 19 +- tools/process-templates.py | 2 + tools/yaml-validate.py | 80 +-- tox.ini | 4 +- validation-scripts/all-nodes.sh | 8 +- zuul.d/layout.yaml | 108 +-- 639 files changed, 12276 insertions(+), 16739 deletions(-)