We are chuffed to announce the release of: tripleo-heat-templates 14.2.0: Heat templates for deploying OpenStack with OpenStack. This release is part of the wallaby stable release series. The source is available from: https://opendev.org/openstack/tripleo-heat-templates Download the package from: https://tarballs.openstack.org/tripleo-heat-templates/ Please report issues through: https://bugs.launchpad.net/tripleo/+bugs For more details, please see below. 14.2.0 ^^^^^^ Prelude ******* Enablement of data collection and transportation to an STF instance is now handled via existing templates. New Features ************ * The following parameters add support for mounting Cinder's image conversion directory on an external NFS share. * CinderImageConversionNfsShare * CinderImageConversionNfsOptions * The "glance_api_cron" container has been introduced, which executes db purge job for Glance service. Use GlanceCronDbPurge* parameters to override cron parameters. * The new "MemcacheUseAdvancedPool" parameter is added which enables usage of advanced poll for memcached connections in keystone middleware. This parameter is set to "true" by default to avoind bursting connections in some services like neutron. * When nova_virtlogd container gets restarted the instance console auth files will not be reopened again by virtlogd. As a result either instances need to be restarted or live migrated to a different compute node to get new console logs messages logged again. Usually on receipt of SIGUSR1, virtlogd will re-exec() its binary, while maintaining all current logs and clients. This allows for live upgrades of the virtlogd service on non containerized environments where updates just by doing an RPM update. To reduce the likelihood in a containerized environment virtlogd should only be restarted on manual request, or on compute node reboot. It should not be restarted on a minor update without migration off instances. This introduces a nova_virtlogd_wrapper container and virtlogd wrapper script, to only restart virtlogd on either manual or compute node restart. * Add support for OVS DPDK pmd auto balance parameters. This feature adds 3 new role specific THT parameters to set pmd-auto-lb-load- threshold, pmd-auto-lb-improvement-threshold, and pmd-auto-lb-rebal- interval in OVS through OvsPmdLoadThreshold, OvsPmdImprovementThreshold and OvsPmdRebalInterval respectively. * Introduce new parameter to configure OVS PMD Auto Load Balance for OVS DPDK * New parameter *RbdDiskCachemodes* allows to override the disk cache modes for RBD. Defaults to ['network=writeback']. * A new service, OS::TripleO::Services::UndercloudUpgradeEphemeralHeat is added to the Undercloud role. The service is mapped to OS::Heat::None by default, but when environments/lifecycle /undercloud-upgrade- prepare.yaml is included, the service will be enabled and will migrate any already deployed stacks in the undercloud's Heat instance to be able to be used with the ephemeral Heat deployment option from tripleoclient. Upgrade Notes ************* * When upgrading a deployment with the use of enable-stf.yaml, add the following files to your overcloud deployment command in order to maintain the existing services defined in enable-stf.yaml. * environments/metrics/collectd-write-qdr.yaml * environments/metrics/ceilometer-write-qdr.yaml * environments/metrics/qdr-edge-only.yaml Bug Fixes ********* * On the compute nodes, right now ssl certificates got created for libvirt, qemu-default, qemu-vnc and qemu-nbd. This is not required because the all services use the same NovaLibvirtNetwork network and therefore multiple certificates for the same hostname get created. Also from qemu point of view, if default_tls_x509_cert_dir and default_tls_x509_verify parameters get set for all certificates, there is no need to specify any of the other **_tls** config options. From Secure live migration with QEMU-native TLS (https://docs.openstack.org/nova/latest/admin/secure-live-migration- with-qemu-native-tls.html) The intention (of libvirt) is that you can just use the default_tls_x509_* config attributes so that you don’t need to set any other **_tls** parameters, unless you need different certificates for some services. The rationale for that is that some services (e.g. migration / NBD) are only exposed to internal infrastructure; while some sevices (VNC, Spice) might be exposed publically, so might need different certificates. For OpenStack this does not matter, though, we will stick with the defaults. Therefore with this change InternalTLSNbdCAFile, InternalTLSVncCAFile and InternalTLSQemuCAFile get removed (which defaulted to /etc/ipa/ca.crt anyways) and just use InternalTLSCAFile. Also all cerfificates get created when EnableInternalTLS is true to and mount all SSL certificates from the host. This is to prevent certificate information is not available in a qemu's process container environment if features get switched later, which has shown to be problematic. Other Notes *********** * Using enable-stf.yaml now defines the expected configuration in OpenStack for use with Service Telemetry Framework. Removal of the defined resource_registry now requires passing additional environment files to enable the preferred data collectors and transport architecture, providing better flexibility to support additional architectures in the future. * These parameters can now be set per-role - DnfStreams, UpgradeInitCommand, UpgradeLeappCommandOptions, UpgradeLeappDevelSkip, UpgradeLeappToRemove, UpgradeLeappToInstall Changes in tripleo-heat-templates 14.1.2..14.2.0 ------------------------------------------------ be2c8e62c Make default of NeutronDefaultAvailabilityZones empty array f972c3710 FFU: change transfer parameters for database resync 7335bc1a5 Wire up the tripleo-upgrades-wallaby-pipeline 81373cb67 Moves undercloud upgrade introspection data migration to step 1 59a235340 Simplify libvirt/qemu ssl certificates 8c2862d23 Neutron: Use the pids subsystem to look up container id 2d407a8f5 Adjust enable-stf.yaml for latest recommendations d5b8ced54 Support cinder image conversion on an NFS share ddcb24798 Get roles data from stack output on UC upgrade 12156c09c Add THT Jinja2 data sources as stack output ba7d5b627 Enable DPDK OVS PMD Auto Load Balance 2f0689d8d Remove NovaVncProxyNetwork from ServiceNetMap 37811641f Move designate from experimental 497582342 Support additional IP so bind and unbound can collocate 7d602ed90 Extend UC ephemeral heat to export network 94d994946 Pass scripts list for download for sensubility 476e444b8 Simplify nova service templates 443498e69 Support for OVS DPDK pmd auto balance parameters. fdfd4e992 Do not run Swift rsync container in single replica mode 18b544723 Add Ephemeral Heat service a15452998 Add network-v2 default files + vip data examples f1d4c29d5 Move scenario004 to cephadm d098242f7 Always run network config for undercloud e38ea651e Fix NetworkDeploymentActionValue format ef18f2515 Add support for keystone_authtoken/memcache_use_advanced_pool 3737ec8fd Set tripleo_cephadm rbd mirror vars e987a2340 Limit collectds memory usage 0a690e519 Introduce nova virtlogd wrapper e2ff0b446 Set OS_CLOUD instead in stackrc 2d095f314 Revert "Always run network config for undercloud" a15698b7f Revert "Always run network config for undercloud" 5e941e4ef Remove heat::heat_keystone_clients_url definition 17de50a8d Add post_upgrade_task and remove puppet-ceph pkg c2966ca0f Always run network config for undercloud cb8f13027 Ignore puppet_config is an empty dict ad010c084 Switch barbican actions to use kolla_config 4758c3e7c Fix typo that breaks Octavia db sync step fd0a1aca1 Use kolla_config for other actions 733f3ecbe Add glance db purge job 61575a7d7 Make UpgradeLeappDevelSkip per-role e91fabbcd Use community.general ansible collection instead of modules 8100f86e8 Refactor OVN bridge MAC addresses 713533207 Bump ovs and ovn versions to 2.15 for FFWD. 1ff7e9be9 Fix broken restart of ovndb_server during minor update 76b5cf4d6 Set ganesha idmap.conf file path and overrides 00884af21 Add alertmanager port parameter d03517b61 HA minor update: fix bad pcs invocation 63c3afa8c Cleanup optional flag for conf.modules.d 7dea661f6 Fix container security_opts type 20840a7a5 Update rhsm repo examples for RHEL8 deployments 71223f9ee Add OS::TripleO::UndercloudUpgradeEphemeralHeat 7e3e0c0f2 Fix typo in ceilometer-write-qdr environment file 808f66e7a Add param for RBD disk cache modes a76bd1a69 Add option for enabling rsyslog reopenOnTruncate 0c97152f2 Update TOX_CONSTRAINTS_FILE for stable/wallaby Diffstat (except docs and test files) ------------------------------------- ci/environments/scenario003-standalone.yaml | 13 +- ci/environments/scenario004-standalone.yaml | 58 +-- common/common-container-config-scripts.yaml | 2 +- common/deploy-steps-playbooks-common.yaml | 7 +- common/deploy-steps-tasks-step-0.j2.yaml | 2 +- .../pacemaker_restart_bundle.sh | 2 +- deployed-server/deployed-server.yaml | 2 + deployment/aodh/aodh-api-container-puppet.yaml | 28 +- .../barbican/barbican-api-container-puppet.yaml | 209 +++++--- .../ceilometer-agent-central-container-puppet.yaml | 14 +- deployment/ceph-ansible/ceph-base.yaml | 5 +- deployment/ceph-ansible/ceph-client.yaml | 5 +- deployment/ceph-ansible/ceph-external.yaml | 5 +- deployment/ceph-ansible/ceph-grafana.yaml | 5 +- deployment/ceph-ansible/ceph-mds.yaml | 5 +- deployment/ceph-ansible/ceph-mgr.yaml | 5 +- deployment/ceph-ansible/ceph-mon.yaml | 5 +- deployment/ceph-ansible/ceph-nfs.yaml | 5 +- deployment/ceph-ansible/ceph-osd.yaml | 5 +- deployment/ceph-ansible/ceph-rbdmirror.yaml | 5 +- deployment/ceph-ansible/ceph-rgw.yaml | 5 +- deployment/cephadm/ceph-base.yaml | 12 +- deployment/cephadm/ceph-client.yaml | 5 +- deployment/cephadm/ceph-external.yaml | 5 +- deployment/cephadm/ceph-grafana.yaml | 6 +- deployment/cephadm/ceph-mds.yaml | 5 +- deployment/cephadm/ceph-mgr.yaml | 5 +- deployment/cephadm/ceph-mon.yaml | 5 +- deployment/cephadm/ceph-nfs.yaml | 7 +- deployment/cephadm/ceph-osd.yaml | 5 +- deployment/cephadm/ceph-rbdmirror.yaml | 30 +- deployment/cephadm/ceph-rgw.yaml | 5 +- deployment/cinder/cinder-api-container-puppet.yaml | 39 +- .../cinder/cinder-common-container-puppet.yaml | 64 ++- .../cinder/cinder-volume-container-puppet.yaml | 3 +- deployment/database/mysql-container-puppet.yaml | 2 +- deployment/database/mysql-pacemaker-puppet.yaml | 16 + deployment/database/redis-container-puppet.yaml | 2 +- .../mistral/mistral-api-container-puppet.yaml | 30 +- deployment/deprecated/mistral/mistral-base.yaml | 6 + .../novajoin/novajoin-container-puppet.yaml | 6 + .../deprecated/zaqar/zaqar-container-puppet.yaml | 20 +- .../designate/designate-api-container-puppet.yaml | 8 +- .../designate/designate-base.yaml | 0 .../designate/designate-bind-container.yaml | 2 +- .../designate-central-container-puppet.yaml | 30 +- .../designate/designate-mdns-container-puppet.yaml | 4 +- .../designate-producer-container-puppet.yaml | 2 +- .../designate/designate-sink-container-puppet.yaml | 2 +- .../designate-worker-container-puppet.yaml | 2 +- deployment/etcd/etcd-container-puppet.yaml | 3 +- deployment/glance/glance-api-container-puppet.yaml | 99 +++- .../gnocchi/gnocchi-api-container-puppet.yaml | 9 +- deployment/haproxy/haproxy-container-puppet.yaml | 3 +- deployment/heat/heat-api-cfn-container-puppet.yaml | 3 - deployment/heat/heat-api-container-puppet.yaml | 3 - deployment/heat/heat-base-puppet.yaml | 7 +- deployment/heat/heat-engine-container-puppet.yaml | 19 +- .../heat/heat-ephemeral-container-ansible.yaml | 74 +++ deployment/horizon/horizon-container-puppet.yaml | 3 - .../image-serve/image-serve-baremetal-ansible.yaml | 2 +- deployment/ironic/ironic-api-container-puppet.yaml | 24 +- .../ironic/ironic-conductor-container-puppet.yaml | 2 +- .../ironic/ironic-inspector-container-puppet.yaml | 16 +- deployment/ironic/ironic-pxe-container-puppet.yaml | 6 +- deployment/iscsid/iscsid-container-puppet.yaml | 2 +- deployment/keystone/keystone-container-puppet.yaml | 3 - deployment/logging/rsyslog-baremetal-ansible.yaml | 5 +- deployment/logging/rsyslog-container-puppet.yaml | 13 +- deployment/manila/manila-api-container-puppet.yaml | 25 +- .../manila/manila-share-container-puppet.yaml | 2 +- .../messaging/rpc-qdrouterd-container-puppet.yaml | 2 +- deployment/metrics/collectd-container-puppet.yaml | 10 + deployment/neutron/kill-script | 2 +- .../neutron-agents-ib-config-container-puppet.yaml | 3 +- .../neutron/neutron-api-container-puppet.yaml | 35 +- .../neutron/neutron-dhcp-container-puppet.yaml | 3 +- .../neutron-mlnx-agent-container-puppet.yaml | 3 +- .../neutron-ovs-agent-container-puppet.yaml | 6 +- deployment/nova/nova-api-container-puppet.yaml | 148 +++--- deployment/nova/nova-apidb-client-puppet.yaml | 21 +- deployment/nova/nova-az-config.yaml | 23 +- deployment/nova/nova-base-puppet.yaml | 25 +- .../nova/nova-compute-common-container-puppet.yaml | 1 - deployment/nova/nova-compute-container-puppet.yaml | 224 ++++---- .../nova/nova-conductor-container-puppet.yaml | 49 +- deployment/nova/nova-db-client-puppet.yaml | 23 +- deployment/nova/nova-ironic-container-puppet.yaml | 46 +- deployment/nova/nova-libvirt-container-puppet.yaml | 563 +++++++++------------ deployment/nova/nova-manager-container-puppet.yaml | 4 +- .../nova/nova-metadata-container-puppet.yaml | 52 +- .../nova-migration-target-container-puppet.yaml | 4 +- .../nova/nova-scheduler-container-puppet.yaml | 17 +- .../nova/nova-vnc-proxy-container-puppet.yaml | 71 +-- .../octavia/octavia-api-container-puppet.yaml | 26 +- .../octavia/octavia-deployment-config.j2.yaml | 5 +- .../openvswitch-dpdk-baremetal-ansible.yaml | 56 ++ ...vswitch-dpdk-netcontrold-container-ansible.yaml | 3 +- .../ovn/ovn-controller-container-puppet.yaml | 55 ++ deployment/ovn/ovn-dbs-container-puppet.yaml | 6 +- deployment/ovn/ovn-dbs-pacemaker-puppet.yaml | 2 +- .../pacemaker/pacemaker-baremetal-puppet.yaml | 12 +- .../placement/placement-api-container-puppet.yaml | 35 +- deployment/podman/podman-baremetal-ansible.yaml | 2 +- deployment/qdr/qdrouterd-container-puppet.yaml | 2 +- deployment/rabbitmq/rabbitmq-container-puppet.yaml | 4 +- ...rabbitmq-messaging-notify-container-puppet.yaml | 4 +- .../rabbitmq-messaging-pacemaker-puppet.yaml | 2 +- .../rabbitmq-messaging-rpc-container-puppet.yaml | 4 +- .../rabbitmq-messaging-rpc-pacemaker-puppet.yaml | 2 +- deployment/swift/swift-proxy-container-puppet.yaml | 3 - .../swift/swift-ringbuilder-container-puppet.yaml | 2 +- .../swift/swift-storage-container-puppet.yaml | 44 +- .../tripleo-packages-baremetal-puppet.yaml | 16 +- deployment/unbound/unbound-container-ansible.yaml | 75 ++- .../undercloud-upgrade-ephemeral-heat.yaml | 69 +++ deployment/undercloud/undercloud-upgrade.yaml | 29 +- environments/enable-designate.yaml | 15 +- environments/enable-stf.yaml | 99 ++-- .../lifecycle/undercloud-upgrade-prepare.yaml | 4 +- environments/lifecycle/upgrade-prepare.yaml | 2 +- environments/metrics/ceilometer-write-qdr.yaml | 2 +- environments/rhsm.yaml | 35 +- environments/standalone/standalone-overcloud.yaml | 2 - environments/standalone/standalone-tripleo.yaml | 2 - environments/undercloud.yaml | 7 +- environments/undercloud/undercloud-minion.yaml | 2 - extraconfig/post_deploy/undercloud_post.sh | 23 +- extraconfig/post_deploy/undercloud_post.yaml | 16 +- .../vip-data-default-network-isolation.yaml | 39 ++ network-data-samples/vip-data-fixed-ip.yaml | 35 ++ network-data-samples/vip-data-routed-networks.yaml | 40 ++ network/service_net_map.j2.yaml | 7 +- network_data_default.yaml | 7 + overcloud-resource-registry-puppet.j2.yaml | 6 +- overcloud.j2.yaml | 20 +- puppet/role.role.j2.yaml | 33 +- ...cinder-nfs-conversion-dir-ba9b8dce515808ce.yaml | 8 + ...-stf-no-resource-registry-db6ee6319964ab7f.yaml | 20 + .../notes/glance-db-purge-bb185353a45880c7.yaml | 6 + ...emcache_use_advanced_pool-41ca18221e60c05a.yaml | 7 + ...t_ssl_cert_simplification-dbee541be9f55ce5.yaml | 30 ++ .../nova_virtlogd_wrapper-120fcfcfa0787b2b.yaml | 17 + .../ovs-dpdk-pmd-params-55df11e67acb6736.yaml | 7 + .../notes/ovs_dpdk_pmd-74f4cfa0ef280cc0.yaml | 5 + .../rbd-disk-cache-modes-284a73271741ea62.yaml | 5 + ...ud-upgrade-ephemeral-heat-c838a9c61fc742a3.yaml | 8 + .../upgradeleapp-per-role-ad2e84e317ec1291.yaml | 6 + roles/Undercloud.yaml | 2 + roles_data_undercloud.yaml | 2 + sample-env-generator/enable-services.yaml | 12 +- sample-env-generator/standalone.yaml | 7 - sample-env-generator/undercloud-minion.yaml | 4 - scripts/undercloud-upgrade-ephemeral-heat.py | 406 +++++++++++++++ tools/yaml-validate.py | 6 +- tox.ini | 4 +- vip_data_default.yaml | 8 + zuul.d/layout.yaml | 2 +- 158 files changed, 2475 insertions(+), 1329 deletions(-)