We eagerly announce the release of: tripleo-heat-templates 12.2.0: Heat templates for deploying OpenStack with OpenStack. This release is part of the ussuri release series. The source is available from: https://opendev.org/openstack/tripleo-heat-templates Download the package from: https://tarballs.openstack.org/tripleo-heat-templates/ Please report issues through: https://bugs.launchpad.net/tripleo/+bugs For more details, please see below. 12.2.0 ^^^^^^ New Features ************ * Added parameters NovaVNCProxySSLCiphers and NovaVNCProxySSLMinimumVersion to manage the allowed TLS ciphers and minimum protocol version to enforce for incoming client connections to the VNC proxy service. * Adds *NovaMaxDiskDevicesToAttach* parameter that controls *compute/max_disk_devices_to_attach* parameter in Nova. This parameter sets maximum number of disk devices allowed to attach to a single server. * Introduce "{{role.name}}ExtraGroupVars" which allows to define a dictionary of Ansible group vars per role. These extra group vars will override any pre-defined group var from a service. * Add parameters for configuring multiple glance-api backends. The existing "GlanceBackend" parameter represents the default backend, and a new "GlanceMultistoreConfig" parameter is a hash representing the configuration of additional backends. A new "GlanceStoreDescription" parameter provides a means of describing each backend. The configuration can specify any combination of supported backend types. Multiple rbd backends can be specified, but cinder, file and swift backends are limited to one each. * Now virtlogd will output its logs into an independent log file, /var/log/containers/libvirt/virtlogd.log, instead of host journal. * LibvirtVirtlogdLogLevel and LibvirtVirtlogdLogFilters were added to set logging parameters in virtlogd. * Add boolean parameter "NeutronDhcpAgentDnsmasqEnableAddr6List" to support the "dnsmasq_enable_addr6_list" option in dhcp agent settings. (See bug: #1861032 (https://bugs.launchpad.net/neutron/+bug/1861032)) * Add boolean parameter *NovaSchedulePlacementAggregateRequiredForTenants* which allows to set *scheduler/placement_aggregate_required_for_tenants* parameter. It controls whether or not a tenant with no aggregate affinity will be allowed to schedule to any available node. If aggregates are used to limit some tenants but not all, then this should be False. If all tenants should be confined via aggregate, then this should be True. Default value for NovaSchedulePlacementAggregateRequiredForTenants is false. * Adds support for IGMP snooping (Multicast) in the OVN driver. Defaults to False. IGMP snooping requires OVN version 2.12 or above. * Add posibilities to configure replication_probe_interval for ovsdb- server by OVNDBSReplicationInterval. It configure probe interval for connection for ovsdb-server when it is in backup mode and connects to the active ovsdb-server for replication Upgrade Notes ************* * Adds a new parameter "NeutronMetadataWorkers" for OVN. This parameters allows users to configure the number of OVN metadata workers separately from the value of "NeutronWorkers". The OVN metadata workers are deployed onto the compute nodes and not on the controllers/gateways as the OVS ones. * Removed the *environments/standalone.yaml*. This file should not be used and the *environments/standalone/standalone-tripleo.yaml* should be used instead. Bug Fixes ********* * The parameter "ControlPlaneSubnetCidr" was missing in the "network/ports/net_vip_map_external.j2.yaml" and "network/ports/net_vip_map_external_v6.j2.yaml" template files. This caused deployment failure since the "VipMap" resource pass this property. (See Bug: #1864912 (https://bugs.launchpad.net/tripleo/+bug/1864912)) * Fixed an issue where disabling one or more networks in "network_data.yaml" caused deployment failure. (See bug: #1842001 (https://bugs.launchpad.net/tripleo/+bug/1842001)) * Fixes an issue where the parameter "CloudNameStorageManagement" was used for all custom networks with service_net_map_replace defined. (See bug: 1862679 (https://bugs.launchpad.net/tripleo/+bug/1862679).) * Fixed an issue where containers octavia_api and octavia_driver_agent would fail to start on node reboot. Changes in tripleo-heat-templates 12.1.0..12.2.0 ------------------------------------------------ 230844010 Switch to docker pull e5cc47f9e Introduce {{role.name}}ExtraGroupVars 2945ed784 Define nova::cache parameters in tht fe3f38d3a Create DNS entries in IPA for openstack services bbee30c90 Switch to podman_image module 6db0ac085 Include {{step}} when setting facts f9ea09ad3 Enable ceph-dashboard on multinode jobs 676643ed7 Fix regression in container-puppet.py cb8898053 Fix selinux denial on centos8/rhel8 when relabelling /var/lib/nova 7bc4670f1 remove py27 in tox.ini from tripleo-heat-templates 24fb2e3f5 Fetch containers early 5b799136f Use exec when spawning any neutron sidecar container 9fa134b23 ovn_dbs_virtual_ip created even though ovn is disabled aa019cdd5 Do not fail if /usr/sbin/nft is not present ae68c90b9 Add new composable service for IpaClient 148185cad Add new parameter NovaSchedulePlacementAggregateRequiredForTenants e621ff801 Workaround for cinder A/A and etcd with TLS-everywhere f54a22a83 remove centos-7-standalone-upgrade for master e41a3e65c Use /usr/libexec/platform-python in undercloud post 65fad9ee1 Have 1 dhcp agent per undercloud network e236ff0cf Ensure consistency with hostname comparison 6ff119dda Revert "Stop using swift temp url for config transport" e5f51815c Create a new parameter for the HAProxy external network ebfe7897a Remove Nova parameters that are no longer used 8e6899a25 Remove unnecessary references to optional cinder templates bef793e50 Switch scenario001-multinode-containers to LVM-based bluestore 3b8e6f78e Use lists for storing host entries in Heat 5f9cbb019 Remove duplicate RabbitCookie parameter 5b04f5f7d Cleanup hieradata for unused services in undercloud. 8312bf3c9 Remove duplicated cinder-backup.yaml d44df735e Prevent nftables to interfere with tripleo firewall be1dfc950 Use multipath in nova when multipathd is enabled 022d24aa4 Use --allow-overlap-zone when setting up freeipa 45dd4e18a Tolerate NFS exports in /var/lib/nova when selinux relabelling 47ff0843d Remove unused hiera parameters e16b4e522 Remove most of the mistral related undercloud post config e9938bf49 Refactorize test_tht_ansible_syntax to welcome new roles/modules 6feca7e12 Remove CephAnsibleSkipTags override 3370d7b1d remove py27 tox env for tht 682f14f49 Only set haproxy::crl_file once 341ec7b9c Drop unused remnants of the hosts-config bits 6a9e6b5c4 Introduce environments/disable-swift.yaml 95b017180 DCN/Edge: Handle ipv6 address for local glance endpoint d5be566b3 Neutron ML2/OVN: Add support to enable IGMP Snooping 4d21bab8f HA: check before restarting resource on stack update 47ca83280 Replace all the bridge_name variables in templates f4f3045c4 Remove neutron wrappers usage 160e85e51 Allow disabling the ovn provider a6ff7e2ea Fix dashboard_frontend_vip parameter 62fbe15d0 Rename roles that we have missed ebe1a40fb Move ceph-ansible required variables in the main group ac2711c72 Switch to Podman by default a7566ecc7 Add NeutronSecurityGroupQuota to allow setting quota_security_group 216854420 Remove unused config dir for OVN metadata-agent 4178d7afc Add OS::TripleO::Services::Podman to sc 1 and sc 7 c155ea701 Fix the mounting issues for the TLS everywhere deployment e8a2dcbb8 Add always tags for hieradata render in external upgrade. d3b7a3f0d Enable port_forwarding by default in ML2/OVS+DVR environment e423bcf38 Fixed libvirt volume path for nova-migration-target-container 3790c804a Add STF environment a4130b7ec Re-add scenario001-multinode-containers with heat 42059a103 Use jinja raw tag instead of quoted concatenation 26e4a0ab5 Fix TenantInterfaceDefaultRoute in net-env-v6 3dcc92966 ci: remove unused multinode scenarios bac746b25 Remove skydive 3ca7e8f03 Use exec when spawning dnsmasq inside sidecar container 59ce59304 Drop resource registry override in ip-from-pool a67cfd0ba HA: drop spurious mysql user on stack deploy 9666a7e64 Use exists filter instead of stat where possible 4b4783e73 Add parameters for VNC console proxy SSL/TLS settings a2bc2e10b rabbitmq: Open ports 25673-25683 for CLI tools cbad55a59 Remove superfluous comment from deploy-steps-tasks 5238c9ac2 Create ResellerAdmin role when deploying Ceph RGW f222681a4 Don't add IpList for disabled networks 8e1171d01 Use a common playbook import for common plays c80fc5cf3 Remove unneccessary indentation from common tasks 2f47252b8 Remove duplicated topic parts from default value 0184d9d65 Trigger ceph-ansible on ceph_systemd tag too 232079894 Optionally configure Ceph RGW listener with SSL 8c728bde8 Update the number of keystone workers b33d9c537 update containers-multinode, minion to centos-8 cab2abf91 update tht standalone scenario jobs for centos-8 38bad5283 Remove all ignore_errors to avoid confusion when debugging a9b8087db Add CephBasePoolVars and CephKeyVars structures d3d66f618 Add the certificate specs in ceph_mgr service 4ebcdc444 Add NeutronDhcpAgentDnsmasqEnableAddr6List param 0e80f600a Fixed package names for CentOS-8 octavia deployment 369396d7c Use command to set pythonintepreter 0b2441cdc Add j2 per-role MetricsQdrNetwork 96e600576 nova-compute-container: add missing condition for ksmdisabled 5ed00b687 libvirt: remove unused cpuset_cpus bfb8b2b7f Cleanup tasks for container-puppet.py 967d2eb40 Restart ovn-dbs resource to take new VIP property. 242d8fb30 Remove LocalCephAnsibleFetchDirectoryBackup from standalone 001,004,010 a999923f3 Remove wsgi_enabled parameters in nova d1d296fa5 Disable Mistral dashboard 4da031300 Remove outdated comment about enabled dashboard bafd0a74f Add posibilities to configure replication_probe_interval 71dd43814 Fix mapping of KeystoneOpenIdcEnableOAuth 1572a975d Run the swift_rsync container unprivileged 2468c23c9 Sync neutron-ml2-ansible.yaml files 616727936 ControlPlaneSubnetCidr in net_vip_map_external db724e423 Use ipc:host for cinder-backup b656f523c Remove support for ceph-ansible fetch directory 6bc38da3e Add DNS related settings bb1c56885 Rename tripleo-hieradata to tripleo_hieradata a13d04af5 Move glance logging templates to logging directory 55b0bfed1 Set logging parameters for virtlogd 0940dfd95 Check Ceph*Key value format and halt on error dda2030a6 Use a jinja block to reduce str_replace repetition 3040a6141 [update/upgrade] Use include_tasks instead of import_tasks b7ee70396 Use short prameter names for nova::network::neutron c0e37c4a3 Fix listen_on_master_ip_only 82483cc77 Remove OpenShift resources completely. defae45da Remove hieradata related to OpenShift deployment 9018e4e42 Disable Paunch by default Standalone/Overcloud 52dd869d0 Remove old standalone.yaml 5e3719d21 Improve the ability to enable swap ea9508b2f Fix dcn-hci resource mapping path 107efc1f5 Add setfacl statements for neutron metadata proxy a67981d1e NodeDataLookup utility should rely on python env e4afb3e90 Add `NovaMaxDiskDevicesToAttach` parameter 59ad36f25 Make yaml-validate.py work with new t-h-t layout 83e56a4bb Remove comment about tripleo_container_manage being experimental 17250ab56 Adding Rear check to CI ddb47c23a tripleo_container_manage: set tripleo_container_manage_check_puppet_config e81a3f8d3 Remove BlockStorageCinderVolume service from certain DCN roles cda3c9b34 Override nova's glance endpoint only when necessary 3e9b66877 Remove deprecated aide puppet service 548c6e3e9 Remove deprecated tuned-baremetal-puppet 64c11ac77 Remove deprecated time services 18a9d8240 Remove deprecated securetty 80a8ec48b Remove deprecated kubernetes services 0f3020404 Remove capabilities-map.yaml 495c5c9de Configure Undercloud hostname in the overcloud during upgrade. 33843c49f [OVN] Split NeutronWorkers and NeutronMetadataWorkers for OVN 8298f4569 Fix permission issue when removing octavia temp dirs 3549c7eb8 Add missing region_name for Octavia service_auth 3653d972c Remove the duplucated hieradata in Octavia service_auth bee30f751 Add missing region_name for nova auth in cinder d739e9a4b Add DCN Scale Out Roles 1121a6c8e Ensures rsync is present on the overcloud nodes 25c21dddf Remove useless auth_uri from ceilometer middleware d334e5853 Add missing keystone region for swift user auth b3538251d keystone/ldap: add missing cloud name cfb00c9cf Add dependency for enable KSM for RHEL/CentOS8 be8aca8a2 Add missing region for service user in cinder c717faf88 Remove deprecated kernel-baremetal-puppet 9821be95c Ensure /var/run/octavia is present upon reboot 536230b32 [update] Ensure we get fresh hiera data before running update_steps. 0af021bc5 Fix krb-service-principals with service_net_map_replace f17e06a77 Fail NetworkConfig task on timeout 48a1effb1 Remove unnecessary hieradata for ceilometer::keystone::authtoken ed7d68739 Always set hieradata for certmonger_ca a828e86c4 Enable sudo rule creation 96c40f89b Generate /etc/hosts early on both under and overcloud 7dd4ed097 Parse healthchecks.log instead fetching systemd data 598cf6977 Force facts cache refreshing after OS upgrade. 7359ddc98 add tht/common to trigger path d493845b1 Add global groupvar to set the ansible async dir 96937674a Add support for glance multistore d1e84cc4b placement: Remove Nova to Placement extraction step 6b0a6516e Enable external LB support with ovn Diffstat (except docs and test files) ------------------------------------- README.rst | 2 + bindep.txt | 6 + capabilities-map.yaml | 630 ------------------- ci/environments/disable-unbound.yaml | 2 +- ci/environments/multinode-3nodes-registry.yaml | 24 - ci/environments/multinode-3nodes.yaml | 87 --- ci/environments/multinode-containers.yaml | 1 - .../network-isolation-absolute.yaml | 1 - .../multiple-nics-ipv6/network-isolation.yaml | 1 - ci/environments/neutron_sec_group_quota.yaml | 2 + ci/environments/scenario000-standalone.yaml | 20 - .../scenario001-multinode-containers.yaml | 26 +- ci/environments/scenario001-standalone.yaml | 34 +- .../scenario002-multinode-containers.yaml | 110 ---- ci/environments/scenario002-standalone.yaml | 2 + .../scenario003-multinode-containers.yaml | 137 ----- .../scenario004-multinode-containers.yaml | 140 ----- ci/environments/scenario004-standalone.yaml | 6 +- .../scenario006-multinode-containers.yaml | 64 -- ci/environments/scenario006-multinode.yaml | 61 -- .../scenario007-multinode-containers.yaml | 3 +- ci/environments/scenario007-standalone.yaml | 1 - .../scenario010-multinode-containers.yaml | 1 - ci/environments/scenario010-standalone.yaml | 3 +- .../scenario012-multinode-containers.yaml | 86 --- ci/scripts/freeipa_setup.sh | 1 + common/container-puppet.py | 3 +- common/deploy-steps-playbooks-common.yaml | 68 ++ common/deploy-steps-tasks-step-0.j2.yaml | 24 +- common/deploy-steps-tasks-step-1.yaml | 4 +- common/deploy-steps-tasks.yaml | 329 +++++----- common/deploy-steps.j2 | 681 +++++---------------- common/generate-config-tasks.yaml | 13 +- common/hiera-steps-tasks.yaml | 25 + common/host-container-puppet-tasks.yaml | 8 +- common/services/role.role.j2.yaml | 5 +- .../nova_statedir_ownership.py | 48 +- .../pacemaker_restart_bundle.sh | 26 +- deployment/README.rst | 7 +- deployment/aodh/aodh-api-container-puppet.yaml | 7 +- .../aodh/aodh-evaluator-container-puppet.yaml | 2 +- .../aodh/aodh-listener-container-puppet.yaml | 2 +- .../aodh/aodh-notifier-container-puppet.yaml | 2 +- .../barbican/barbican-api-container-puppet.yaml | 4 +- .../ceilometer-agent-central-container-puppet.yaml | 2 +- .../ceilometer-agent-compute-container-puppet.yaml | 2 +- .../ceilometer-agent-ipmi-container-puppet.yaml | 2 +- ...ometer-agent-notification-container-puppet.yaml | 14 +- .../ceilometer-base-container-puppet.yaml | 7 - deployment/ceph-ansible/ceph-base.yaml | 283 +++++---- deployment/ceph-ansible/ceph-grafana.yaml | 5 - deployment/ceph-ansible/ceph-mds.yaml | 2 + deployment/ceph-ansible/ceph-mgr.yaml | 64 +- deployment/ceph-ansible/ceph-mon.yaml | 4 + deployment/ceph-ansible/ceph-rgw.yaml | 43 +- .../certs/certmonger-user-baremetal-puppet.yaml | 15 +- deployment/cinder/cinder-api-container-puppet.yaml | 2 +- .../cinder/cinder-backup-container-puppet.yaml | 1 + .../cinder/cinder-backup-pacemaker-puppet.yaml | 8 +- deployment/cinder/cinder-base.yaml | 6 + .../cinder/cinder-scheduler-container-puppet.yaml | 2 +- .../cinder/cinder-volume-container-puppet.yaml | 2 +- .../cinder/cinder-volume-pacemaker-puppet.yaml | 10 +- .../openstack-clients-baremetal-ansible.yaml | 2 +- ...ntainer-image-prepare-baremetal-ansible.j2.yaml | 9 + deployment/database/mysql-pacemaker-puppet.yaml | 5 +- deployment/database/redis-pacemaker-puppet.yaml | 6 +- .../deprecated/aide/aide-baremetal-puppet.yaml | 96 --- .../docker/docker-baremetal-ansible.yaml | 10 + .../deprecated/kernel/kernel-baremetal-puppet.yaml | 231 ------- .../kubernetes-master-baremetal-ansible.yaml | 182 ------ .../kubernetes-worker-baremetal-ansible.yaml | 62 -- .../securetty/securetty-baremetal-puppet.yaml | 48 -- .../deprecated/time/ptp-baremetal-puppet.yaml | 110 ---- .../deprecated/time/timezone-baremetal-puppet.yaml | 60 -- .../deprecated/tuned/tuned-baremetal-puppet.yml | 65 -- deployment/etcd/etcd-container-puppet.yaml | 16 +- deployment/glance/glance-api-container-puppet.yaml | 103 +++- .../glance/glance-api-edge-container-puppet.yaml | 4 +- .../gnocchi/gnocchi-api-container-puppet.yaml | 19 +- .../gnocchi/gnocchi-metricd-container-puppet.yaml | 2 +- .../gnocchi/gnocchi-statsd-container-puppet.yaml | 2 +- deployment/haproxy/haproxy-container-puppet.yaml | 16 +- .../haproxy/haproxy-edge-container-puppet.yaml | 26 +- deployment/haproxy/haproxy-pacemaker-puppet.yaml | 8 +- .../haproxy/haproxy-public-tls-certmonger.yaml | 14 +- deployment/haproxy/haproxy-public-tls-inject.yaml | 2 +- deployment/heat/heat-api-cfn-container-puppet.yaml | 2 +- .../heat/heat-api-cloudwatch-disabled-puppet.yaml | 4 +- deployment/heat/heat-api-container-puppet.yaml | 2 +- deployment/heat/heat-engine-container-puppet.yaml | 2 +- deployment/horizon/horizon-container-puppet.yaml | 4 +- deployment/ipa/ipaclient-baremetal-ansible.yaml | 2 +- deployment/ipa/ipaservices-baremetal-ansible.yaml | 134 ++++ deployment/ipsec/ipsec-baremetal-ansible.yaml | 4 +- deployment/ironic/ironic-api-container-puppet.yaml | 2 +- .../ironic/ironic-conductor-container-puppet.yaml | 2 +- deployment/ironic/ironic-pxe-container-puppet.yaml | 2 +- deployment/iscsid/iscsid-container-puppet.yaml | 2 +- .../keepalived/keepalived-container-puppet.yaml | 2 +- deployment/keystone/keystone-container-puppet.yaml | 9 +- .../files/glance-api.yaml} | 0 deployment/logging/files/nova-libvirt.yaml | 13 + .../stdout/glance-api.yaml} | 0 deployment/logging/stdout/nova-libvirt.yaml | 13 + deployment/manila/manila-api-container-puppet.yaml | 2 +- deployment/manila/manila-backend-cephfs.yaml | 2 + .../manila/manila-scheduler-container-puppet.yaml | 2 +- .../manila/manila-share-container-puppet.yaml | 2 +- .../manila/manila-share-pacemaker-puppet.yaml | 10 +- .../memcached/memcached-container-puppet.yaml | 2 +- deployment/metrics/collectd-container-puppet.yaml | 166 +++-- deployment/metrics/qdr-container-puppet.yaml | 53 +- deployment/multipathd/multipathd-container.yaml | 2 +- .../neutron/neutron-api-container-puppet.yaml | 14 +- .../neutron/neutron-dhcp-container-puppet.yaml | 39 +- .../neutron/neutron-l3-container-puppet.yaml | 40 +- .../neutron/neutron-metadata-container-puppet.yaml | 33 +- .../neutron-ovs-agent-container-puppet.yaml | 4 +- deployment/neutron/neutron-plugin-ml2-ovn.yaml | 5 + deployment/nova/nova-api-container-puppet.yaml | 5 +- deployment/nova/nova-base-puppet.yaml | 22 +- deployment/nova/nova-compute-container-puppet.yaml | 99 +-- .../nova/nova-conductor-container-puppet.yaml | 4 +- deployment/nova/nova-ironic-container-puppet.yaml | 23 +- deployment/nova/nova-libvirt-container-puppet.yaml | 37 +- .../nova/nova-metadata-container-puppet.yaml | 3 +- .../nova-migration-target-container-puppet.yaml | 27 +- .../nova/nova-scheduler-container-puppet.yaml | 14 +- .../nova/nova-vnc-proxy-container-puppet.yaml | 21 +- .../octavia/octavia-api-container-puppet.yaml | 34 +- deployment/octavia/octavia-base.yaml | 6 +- .../octavia/octavia-deployment-config.j2.yaml | 11 +- .../octavia/octavia-worker-container-puppet.yaml | 25 +- deployment/ovn/ovn-dbs-pacemaker-puppet.yaml | 36 +- deployment/ovn/ovn-metadata-container-puppet.yaml | 29 +- .../placement/placement-api-container-puppet.yaml | 34 +- deployment/podman/podman-baremetal-ansible.yaml | 48 +- deployment/rabbitmq/rabbitmq-container-puppet.yaml | 12 +- ...rabbitmq-messaging-notify-container-puppet.yaml | 11 +- ...rabbitmq-messaging-notify-pacemaker-puppet.yaml | 7 +- .../rabbitmq-messaging-pacemaker-puppet.yaml | 7 +- .../rabbitmq-messaging-rpc-container-puppet.yaml | 6 +- .../rabbitmq-messaging-rpc-pacemaker-puppet.yaml | 7 +- deployment/sahara/sahara-api-container-puppet.yaml | 2 +- .../sahara/sahara-engine-container-puppet.yaml | 2 +- .../skydive/skydive-agent-baremetal-ansible.yaml | 40 -- .../skydive-analyzer-baremetal-ansible.yaml | 174 ------ deployment/snmp/snmp-baremetal-puppet.yaml | 2 +- deployment/swift/swift-proxy-container-puppet.yaml | 6 +- .../swift/swift-storage-container-puppet.yaml | 6 +- .../tripleo-firewall-baremetal-ansible.yaml | 35 +- .../tripleo-packages-baremetal-puppet.yaml | 20 +- deployment/undercloud/undercloud-upgrade.yaml | 8 +- deployment/vpp/vpp-baremetal-puppet.yaml | 2 +- environments/dcn-hci.yaml | 2 +- environments/disable-swift.yaml | 6 + environments/docker-ha.yaml | 3 +- environments/enable-stf.yaml | 39 ++ environments/hyperconverged-ceph.yaml | 2 - environments/ips-from-pool-all.yaml | 36 -- environments/ips-from-pool.yaml | 7 - environments/kubernetes.yaml | 4 - environments/low-memory-usage.yaml | 3 +- environments/metrics/ceilometer-write-qdr.yaml | 1 + environments/metrics/collectd-write-qdr.yaml | 6 - environments/metrics/qdr-edge-only.yaml | 6 - environments/metrics/qdr-form-controller-mesh.yaml | 6 - environments/multipathd.yaml | 1 + environments/network-environment-v6.j2.yaml | 10 +- environments/network-isolation-v6-all.j2.yaml | 2 - environments/network-isolation-v6.j2.yaml | 2 - environments/neutron-ml2-ansible.yaml | 3 +- environments/nova-nuage-config.yaml | 1 - environments/services/cinder-backup.yaml | 4 - environments/services/neutron-ovs-dvr.yaml | 4 +- environments/services/neutron-ovs.yaml | 1 + environments/services/skydive-environment.yaml | 12 - environments/ssl/enable-internal-tls.j2.yaml | 2 + environments/ssl/no-tls-endpoints-public-ip.yaml | 1 + environments/ssl/tls-endpoints-public-dns.yaml | 1 + environments/ssl/tls-endpoints-public-ip.yaml | 1 + environments/ssl/tls-everywhere-endpoints-dns.yaml | 1 + environments/standalone.yaml | 91 --- environments/standalone/standalone-overcloud.yaml | 3 +- environments/standalone/standalone-tripleo.yaml | 7 +- environments/stdout-logging.yaml | 2 +- environments/undercloud.yaml | 9 +- environments/undercloud/undercloud-minion.yaml | 24 +- extraconfig/all_nodes/swap-partition.j2.yaml | 17 +- .../krb-service-principals/role.role.j2.yaml | 2 +- .../post_deploy/undercloud_ctlplane_network.py | 2 +- extraconfig/post_deploy/undercloud_post.py | 56 +- hosts-config.yaml | 38 -- net-config-bridge.j2.yaml | 8 + net-config-linux-bridge.j2.yaml | 9 + ...config-static-bridge-with-external-dhcp.j2.yaml | 8 + network/endpoints/endpoint_data.yaml | 5 + network/endpoints/endpoint_map.yaml | 131 ++++ network/ports/net_ip_list_map.j2.yaml | 12 +- network/ports/net_vip_map_external.j2.yaml | 6 + network/ports/net_vip_map_external_v6.j2.yaml | 6 + network/scripts/run-os-net-config.sh | 4 +- network/service_net_map.j2.yaml | 10 +- overcloud-resource-registry-puppet.j2.yaml | 17 +- overcloud.j2.yaml | 72 +-- puppet/role.role.j2.yaml | 40 +- ...r-to-net_vip_map_external-c2c83431feaf7f35.yaml | 10 + ...sl-cipher-protocol-params-d1f50f2c540c3f2b.yaml | 6 + ...ax_disk_devices_to_attach-e219429d61a64bb0.yaml | 7 + .../notes/extra_group_vars-aafa71945882442f.yaml | 7 + ...ure-when-network-disabled-156190243ff239ea.yaml | 6 + ...h-service-net-map-replace-463dd1296766cc47.yaml | 6 + ...er-agent-failed-on-reboot-373a31d28ea72587.yaml | 5 + .../notes/glance-multistore-82d4fc260acfb355.yaml | 12 + .../libvirt-virtlogd-logs-377ff4083a58cde4.yaml | 8 + ...dnsmasq_enable_addr6_list-ead32a7739431607.yaml | 6 + ...gate_required_for_tenants-6c7d90fd01bcc88d.yaml | 11 + ...-neutron-metadata-workers-7623588cca0a6948.yaml | 9 + ...ovn_igmp_snooping_support-eccdecde74f4b9c8.yaml | 5 + ...andalone-environment-file-ee8b07d913b4fcca.yaml | 5 + ...on_probe_interval_ovn_dbs-4aab423180fb6847.yaml | 7 + roles/BlockStorage.yaml | 1 - roles/CellController.yaml | 2 - roles/CephAll.yaml | 1 - roles/CephFile.yaml | 1 - roles/CephObject.yaml | 1 - roles/CephStorage.yaml | 1 - roles/Compute.yaml | 2 - roles/ComputeAlt.yaml | 1 - roles/ComputeDVR.yaml | 2 - roles/ComputeHCI.yaml | 2 - roles/ComputeHCIOvsDpdk.yaml | 2 - roles/ComputeHCISriov.yaml | 2 - roles/ComputeInstanceHA.yaml | 2 - roles/ComputeLiquidio.yaml | 2 - roles/ComputeLocalEphemeral.yaml | 2 - roles/ComputeOvsDpdk.yaml | 2 - roles/ComputeOvsDpdkRT.yaml | 2 - roles/ComputeOvsDpdkSriov.yaml | 2 - roles/ComputeOvsDpdkSriovRT.yaml | 2 - roles/ComputePPC64LE.yaml | 2 - roles/ComputeRBDEphemeral.yaml | 2 - roles/ComputeRealTime.yaml | 2 - roles/ComputeSriov.yaml | 2 - roles/ComputeSriovIB.yaml | 2 - roles/ComputeSriovRT.yaml | 2 - roles/Controller.yaml | 3 - roles/ControllerAllNovaStandalone.yaml | 3 - roles/ControllerNoCeph.yaml | 3 - roles/ControllerNovaStandalone.yaml | 3 - roles/ControllerOpenstack.yaml | 3 - roles/ControllerStorageDashboard.yaml | 3 - roles/ControllerStorageNfs.yaml | 3 - roles/Database.yaml | 1 - roles/DistributedCompute.yaml | 10 +- roles/DistributedComputeHCI.yaml | 9 +- roles/DistributedComputeHCIScaleOut.yaml | 68 ++ roles/DistributedComputeScaleOut.yaml | 65 ++ roles/HciCephAll.yaml | 2 - roles/HciCephFile.yaml | 2 - roles/HciCephMon.yaml | 2 - roles/HciCephObject.yaml | 2 - roles/IronicConductor.yaml | 1 - roles/Messaging.yaml | 1 - roles/Networker.yaml | 2 - roles/Novacontrol.yaml | 2 - roles/ObjectStorage.yaml | 1 - roles/README.rst | 1 - roles/Standalone.yaml | 3 - roles/Telemetry.yaml | 1 - roles_data.yaml | 8 - sample-env-generator/dcn.yaml | 2 +- sample-env-generator/ssl.yaml | 6 + sample-env-generator/standalone.yaml | 14 +- sample-env-generator/undercloud-minion.yaml | 24 +- scripts/hosts-config.sh | 47 -- tools/make_ceph_disk_list.py | 2 +- tools/yaml-validate.py | 103 +++- tox.ini | 21 +- zuul.d/layout.yaml | 31 +- 285 files changed, 2709 insertions(+), 4529 deletions(-)