We are delighted to announce the release of: tripleo-heat-templates 11.2.0: Heat templates for deploying OpenStack with OpenStack. This release is part of the train release series. The source is available from: https://opendev.org/openstack/tripleo-heat-templates Download the package from: https://tarballs.openstack.org/tripleo-heat-templates/ Please report issues through: https://bugs.launchpad.net/tripleo/+bugs For more details, please see below. 11.2.0 ^^^^^^ New Features ************ * Add CinderRbdFlattenVolumeFromSnapshot parameter to control whether cinder RBD volumes created from a snapshot should be flattened in order remove a dependency on the snapshot. The default value is False, which is the same as the cinder RBD driver's default value. * Created a *ExtraKernelPackages* parameter to allow users to install additional kernel related packages prior to loading the kernel modules defined in *ExtraKernelModules*. * Add new role parameters *NovaCPUAllocationRatio*, *NovaRAMAllocationRatio* and *NovaDiskAllocationRatio* which allows to configure *cpu_allocation_ratio*, *ram_allocation_ratio* and *disk_allocation_ratio*. Default value for NovaCPUAllocationRatio is 0.0 Default value for NovaRAMAllocationRatio is 1.0 Default value for NovaDiskAllocationRatio is 0.0 The default values for CPU and Disk allocation ratio are taken 0.0 as mentioned in [1]. [1] https://specs.openstack.org/openstack/nova- specs/specs/stein/implemented/initial-allocation-ratios.html * Named debug ansible tasks have been added to the plays that get generated in deploy_steps_playbook.yaml (from common/deploy- steps.j2). The explicitly named tasks allow for using ansible- playbook's --start-at-task option to resume a deployment from the start of a given play. * Added NeutronPermittedEthertypes to allow configuring additional ethertypes on neutron security groups for L2 agents that support it. * The NetworkConfig resource now passes in ansible vars as the values for the IP parameters to the nic config templates. This enables the nic config template to be rendered generic per role coming out of Heat by config-download. The templates can then be reused by any node of that same role type. * New parameter, NovaCronPurgeShadowTablesMaxDelay, is introduced to configure max delay parameter, which controles randomized sleep before each controller node executes the cron job to purge items in nova shadow tables. * Adds LibvirtLogFilters parameter to define a filter to select a different logging level for a given category log outputs, as specified in https://libvirt.org/logging.html . Default: '1:libvirt 1:qemu 1:conf 1:security 3:event 3:json 3:file 3:object 1:util' * Adds LibvirtLogOutputs parameter to define how log outputs are sent, as described in https://libvirt.org/logging.html . In default, this parameter is set so that log outputs are directly recorded into /var/log/containers/libvirt/libvirtd.log . Default: '3:file:/var/log/libvirt/libvirtd.log' * Adds LibvirtTLSPriority parameter to override the compile time default TLS priority string. Default: 'NORMAL:-VERS-SSL3.0:-VERS- TLS-ALL:+VERS-TLS1.2' * Adds NovaLocalMetadataPerCell cell support, default false. Indicates that the nova-metadata API service has been deployed per- cell, so that we can have better performance and data isolation in a multi- cell deployment. Users should consider the use of this configuration depending on how neutron is setup. If networks span cells, you might need to run nova-metadata API service globally. If your networks are segmented along cell boundaries, then you can run nova-metadata API service per cell. * This parameter sets inactive probe interval of the JSON session from ovn-controller to the OVN SB database. By default this it is 5s which not be sufficient in loaded systems or during high control- plane activity spikes, leading to unnecessary reconnections to OVSDB server. Now it is extended by default to 1 min and it is configurable by param OVNRemoteProbeInterval. * Introduce a PacemakerTLSPriorities parameter (which will set the PCMK_tls_priorities config option in /etc/sysconfig/pacemaker and the PCMK_tls_priorities variable inside the bundle. This, when set, allows an operator to specify what kind of GNUTLS ciphers are desired for the pacemaker control port. Upgrade Notes ************* * During upgrade/update the NeutronSriovNumVFs shall be avoided and instead the sriov_pf object in nic-configs shall be used. The numvfs attribute of sriov_pf type shall will lead to the equivalent configuration. * Removed DeploymentSwiftDataMap parameter that has become unusable with config-download workflow. Deprecation Notes ***************** * The NeutronSriovNumVFs is deprecated and any new or existing deployments using this THT parameter shall perform the equivalent configuration implemented using sriov_pf network object in nic configs. * Support for Cisco N1KV has been removed from TripleO Train, since the N1KV isn't supported by Cisco anymore. Bug Fixes ********* * Enable VFIO module on boot for SR-IOV deployments. Before this change on SR-IOV capable deployments when rebooting a compute node, vfio_iommu_type1 will not be loaded which will cause guest instances with VF/PF fail to start/spawn. Other Notes *********** * OpenShift deployed by TripleO support has been removed in a downstream version of Stein which make the upstream support difficult to maintain. OpenShift can be deployed using OpenShift- Ansible and users who desire to deploy OpenShift 3.11 onto bare metal nodes can still do so using openshift-ansible directly. The provisioning of the Operating System on baremetal can be done with OpenStack Ironic on the Overcloud or also can be done with deployed- servers, achieving the same result. * The DeployedServerEnvironment output has been removed from the stack as they are no longer needed when using config-download with pre- provisioned nodes. Changes in tripleo-heat-templates 11.1.0..11.2.0 ------------------------------------------------ 8c967e180 Fix path path in TLS everywhere template e995142dd Remove forcing docker as container_cli 5b8f37132 Remove NeutronAZConfig service from undercloud minion cf5e13014 Remove unused OVNTunnelEncapType 88647fd3a Remove bootstrap_nodeid group var 67671446e Don't run sensu_client in privileged mode 7064cd8e9 nova: use systemd to check container healthchecks 205ac0f12 Run facts gathering always for upgrades. 785970035 Add named debug tasks to each play 112f485c7 Remove panko f8e596ef7 Revert "Do not forcibly enable Glance multiple locations for RBD backend" e804f7bd8 Remove duplicated ignore list for pep8 check c27b4ed09 Correct SELinux type for host openvswitch logs f47dfe105 Enforce pep8/pyflakes rule on python codes 74a1cd7d1 Replace include_tasks with import_tasks 9e2a9715b container-puppet: run podman rm with --storage 9fc00f14d SELinux: correct type for /var/log/containers bb1b6c071 Configure securetty using tripleo-ansible 10e74c4ab Run sensu-client container with --pid=host f1fa487d5 Revert "Revert "Fixes for deploying nova-less undercloud"" 20a329f87 Rename pre/post deployments host vars 9e5c7cdb0 Add CinderRbdFlattenVolumeFromSnapshot parameter 0376266e3 Add a StorageDashboard network used by CephGrafana service 7f785e875 HA: fix <service>_restart_bundle with minor update workflow b5dec5b67 Revert "Fixes for deploying nova-less undercloud" 9a5f64c71 Disable Pacemaker on scenario000 b5b6e476d Remove deprecated cinder parameters 5ccf8951e Remove fluentd composable service 7710183e4 Restore docker variabes in ceph-base ce1c8d139 Add parameters for dateext in logrotate 474c0ed42 Fix wrong hieradata for glance api authtoken 493d1c62f Use separate plays for Host prep steps 7bd3bbbd0 Ensure container_startup_configs_json_stat is defined 1b9d3566d Remove sorted_bootstrap_node var eb5251ad9 Fix NovaEnableRbdBackend to be role specific b96f83dfa Filter nameservers for undercloud networks 7cfcd698b Remove fluentd from scenarios 5fd7b487f Adds LibvirtLogOutputs to define how log outputs are sent 13ffaf688 Expand scope of collectd address prefix in metrics-qdr e995415d8 Sort bootstrap node check for container_puppet_tasks cd23d2054 Remove pre-upgrade best-effort online data migrations 29614f90a Add ../network/scripts/ to search path for run-os-net-config.sh 92d6d0c0c Use tripleo-validations-package role instead of puppet 22f26d7a9 Fix MariaDB staged upgrade 11737fff1 Adds configure_firewall into Ceph profiles de7ee253e Add the certificate specs in ceph_grafana composable service 070945f27 Move GroupVars to overcloud.j2.yaml 7c9c363c7 Explicitly set notification driver for novajoin 82cd0ad3f Remove deprecated options for keystone eventlet server 24a934de7 Add KOLLA_BOOTSTRAP=True to 2 bootstrap containers 0478cd892 Unescape IPv6 addresses for ceph_nfs_bind_addr 823047019 Use default value for NovaLiveMigrationWaitForVIFPlug 6fcb6eef1 Use the special user role 'service' as service token role 7af154beb Add *_domain_name in authtoken configuration in Sahara 18d452139 Add *_domain_name in authtoken configuration in Octavia e0bb2cc82 Fixes for deploying nova-less undercloud 1a5e97c08 Revert "Point InternalTLSVncCAFile to /etc/ipa/ca.crt" 04b1378ea Move cephfs and cephfs_*_pool ceph-ansible parameters in -base 506673745 Add new role parameters for cpu/ram/disk allocation ratio 13c6dc16a Fix NovaResumeGuestsStateOnHostBoot when using podman a75cc9a95 Use /var/tmp on host to store temporal files for image upload via Horizon c4a0224ed Remove deployed-server related stack output 56ccd717d Add LibvirtTLSPriority to set libvirtd tls_priority 8e00cef6f Fix for enable VFIO module on boot for SR-IOV deployments 182c056fe Convert kernel-baremetal-puppet to ansible 85bb97423 Add ExtraKernelPackages 7788584ae Disable docker template in podman env 71516f281 Adds LibvirtLogFilters to define a libvirtd filter 6c675af9b Add tags always into external update tasks. e8de3ae13 Do not forcibly enable Glance multiple locations for RBD backend 34f3cbde6 Ensure we get at least one ctlplane subnet 253fef996 Fix external resource usage in additional subnets 6745f86f2 Fix vlan id assignment with additional subnets 461ee36dd Also assign default subnets to network segment 86d425601 Set EnablePackageInstall to true by default for in-place OS upgrade 206625d4f Allow combining system_upgrade_prepare and system_upgrade_run into system_upgrade d4db2fa53 Force re-run of pacemaker bundle init containers during upgrade-scaleup eb4b4a548 Revert "Ensure we get a subnet for ctlplane" 7e3ead74f Use hiera config from ansible group_vars 2cd9e44e6 Add NovaLocalMetadataPerCell cell support 2b2216bf6 Add ContainerImagePrepare service to CellController role 70880a5e0 Run Aide service in scenario004 2ae95677f Use login-defs role from tripleo-ansible in sc004 1e33ed836 Remove pingtest from THT b9a3c9bf1 Fix default network in barbican deployment e7c02f9d4 Fix retaging of ovn-dbs container during update. 8242ae60c Revert "Matches updates for ceph-ansible variables name change" e26009fa9 Check for rc instead of |succeeded 9e5efd591 Ensure we get a subnet for ctlplane af2c717e5 Enable ceph dashboard on scenario001 9581614e9 Force "Pre-cache" tasks to run in dry run 83bc4f9de Disable tripleo-ci-fedora-28-standalone job 56ba9e90d Parametrize UpgradeLeappDevelSkip to pass multiple env variables. ddd486fb6 Deprecate NeutronSriovNumVFs and neutron-sriov-host-config 738aa6613 Sync deployed-server-roles-data.yaml with roles_data.yaml fe266d120 Remove glance and nova custom constraints 8529ce60d Stop services for unupgraded controllers 2cd3f2a39 Switch scenario010-multinode-containers to bluestore f20fddaee Prepare container images using tripleo ansible role e29fa2361 Redis HA TLS: do not use the pacemaker image tag for redis_tls_proxy 8dc0cee70 Add inflight validations for compute services c845595ba Removal of OpenShift deployed by TripleO support 6ff7c512c Use ansible group_vars for extraconfig hieradata 5b2d2795a Use ansible group_vars for service_configs hieradata 3b51d705b Remove ContainerCLI from ovb-ha default file 8013f3c96 mysql: remove grep filter workaround for logs 375c25c37 Healthcheck: panko_api_cron 06c8ab8be Fix typo in barbican deployment 8827e4f7f Pacemaker resource upgrade tasks compatible with staged upgrade bdf742d05 Fix pcmk remote podman bundle restarts c5e4348ae Moved to "systemd" module and ensure caches are flushed f4a445aa6 Add a daemon-reload to the tripleo-iptables services a1e580f03 Revert "Fix generating Apache configs by container-puppet" c1269a647 Revert "Wire-in Apache MPM module parameters and switch it" 2501f4747 Allow overrides in non global ceph.conf sections 387f9d984 Fix missing syslog name in libvirt log setting fc914e961 Point InternalTLSVncCAFile to /etc/ipa/ca.crt 4eb6fcdca Clarify the at most once semantics for puppets a06cc5f93 Generate addition drop-in dependencies for podman containers 07b914028 skydive replace default docker probe to runc 09cfcc146 Wire-in Apache MPM module parameters and switch it 80d12514d Fix generating Apache configs by container-puppet 331d1c194 Remove {{role.name}}MergedConfigSettings resource 163fc6d78 Change name of former openshift files in Heat templates 304ffecd8 Ensure persistence for containerized rsyslog state af3208c74 Ensure libnsl dependency is available dbac7cf92 Transport ManilaCephFSDataPoolName to Manila CephFS template 1a194079f Matches updates for ceph-ansible variables name change 65c7f166f Drop HeatApiCfn service from undercloud 3878bd3e4 Enable VFIO module on boot for SR-IOV deployments 3b813d845 Move the Hiera symlink task from post configuration to deployment steps. 1821c0184 Cleanup SoftwareConfigTransport 51624fa82 Updates the cephfs_pools format to match that of openstack_pools dad706daf Move ConfigDatafiles to overcloud.j2.yaml afcd787de Change NeutronMechanismDrivers in ml2-ansible environments cf2e5926e Make sure libvirt-guests get started 68c2d3ae0 Moving NeutronMechanismDrivers value to be list in neutron-ml2-mlnx-sdn.yaml 1d710a3ac Fix {{server_resource_name}}ConfigDatafiles properties 3036ba174 Add ANSIBLE_CONFIG to Octavia Ansible playbook run feee059a4 Support TLS priorities for pacemaker efae2298a Fix misspelling of "errors" in deploy-steps.j2 9e265a209 Remove legacy controller-v6.yaml NIC config templates b61156785 Only generate Octavia certs on stack create 430cb5592 Fix bogus reference to conditional in octavia upgrade tasks 27dbca143 Set selinux type for facter.conf 6d9a9f056 Add ssh configuration for minion 8833c2da2 Correct jinja loop logic for role_networks 70d41af00 Enable mistral_executor to perform backups 1fba084fe Add CephGrafanaNetwork to the list of the services 87e349126 Restore AllNodesExtraMapData 2fb2d1204 Provide multipath.conf to containers that need it 835dcd56c Fix resume_guests_state_on_host_boot_enabled fact f732a8390 Use ansible vars nic config 7816fa0cf Add var for {{network.name_lower}}_cidr b8606bbb2 Restore scenario001 default templates 7c1599a41 Remove DeploymentSwiftDataMap parameter 3ea9dd404 Stop using swift temp url for config transport 8fc71c40c Add ovs-plugins, hugepages and uptime to collectd 81211c114 Remove support for Cisco N1KV 8b0b12e77 Convert THT file to use new role d1035703b Force removal of docker container in tripleo-docker-rm. b214b2c58 Change datatype of revalidator,handler threads 8727ef050 Rsyslog composable service 71b69e865 Set canonical hostname in octavia config inventory 65a132505 Add the ability to configure ovn-remote-probe-interval 1f3088c4a CI should auto-generate server_certs_key_passphrase f4a4af870 Add Python 3 Train unit tests 9dfdc9ef6 Enable service token in nova and cinder 2b427970a Handle edge cases in staged upgrade hiera data 5d2951d72 Add NeutronPermittedEthertypes on OVS agent 92be0c603 Add internal keystone endpoint in octavia variables 5c0e4e735 add support for enabling oauth in keystone openidc integration 5d1a01429 Configure Max Delay for purge job about shadow tables in nova b9876a2b3 Some python improvements in common/container-puppet.py 06c5ab5b3 Record libvirt log using rsyslog running on host 2f69815a1 Sync Sphinx requirement Diffstat (except docs and test files) ------------------------------------- README.rst | 6 - capabilities-map.yaml | 13 +- ci/environments/ovb-ha.yaml | 2 - .../scenario000-multinode-containers.yaml | 17 +- .../scenario001-multinode-containers.yaml | 11 +- ci/environments/scenario001-standalone.yaml | 12 +- .../scenario002-multinode-containers.yaml | 5 - ci/environments/scenario002-standalone.yaml | 3 - ci/environments/scenario004-standalone.yaml | 4 + .../scenario007-multinode-containers.yaml | 2 - ci/environments/scenario009-multinode.yaml | 35 - .../scenario010-multinode-containers.yaml | 14 +- ci/environments/scenario010-standalone.yaml | 1 - common/container-puppet.py | 86 +- common/deploy-steps-tasks.yaml | 93 +- common/deploy-steps.j2 | 174 +- common/services/role.role.j2.yaml | 3 - .../nova_statedir_ownership.py | 3 +- .../nova_wait_for_compute_service.py | 4 +- .../nova_wait_for_placement_service.py | 10 +- .../pacemaker_restart_bundle.sh | 40 + .../deployed-server-environment-output.yaml | 4 - deployed-server/deployed-server-roles-data.yaml | 250 +- deployed-server/deployed-server.yaml | 4 - deployment/README.rst | 36 +- deployment/aodh/aodh-api-container-puppet.yaml | 16 + .../aodh/aodh-evaluator-container-puppet.yaml | 16 + .../aodh/aodh-listener-container-puppet.yaml | 16 + .../aodh/aodh-notifier-container-puppet.yaml | 16 + .../barbican/barbican-api-container-puppet.yaml | 7 +- .../liquidio-compute-config-container-puppet.yaml | 1 + .../ceilometer-agent-central-container-puppet.yaml | 24 +- .../ceilometer-agent-compute-container-puppet.yaml | 1 + .../ceilometer-agent-ipmi-container-puppet.yaml | 9 +- ...ometer-agent-notification-container-puppet.yaml | 43 +- .../ceilometer-base-container-puppet.yaml | 2 +- deployment/ceph-ansible/ceph-base.yaml | 105 +- deployment/ceph-ansible/ceph-grafana.yaml | 58 +- deployment/ceph-ansible/ceph-mds.yaml | 47 +- deployment/ceph-ansible/ceph-nfs.yaml | 2 +- deployment/cinder/cinder-api-container-puppet.yaml | 44 +- .../cinder/cinder-backend-dellsc-puppet.yaml | 6 - .../cinder/cinder-backend-netapp-puppet.yaml | 14 +- .../cinder/cinder-backup-container-puppet.yaml | 9 +- .../cinder/cinder-backup-pacemaker-puppet.yaml | 36 +- deployment/cinder/cinder-base.yaml | 5 + .../cinder/cinder-common-container-puppet.yaml | 1 + .../cinder/cinder-scheduler-container-puppet.yaml | 24 +- .../cinder/cinder-volume-container-puppet.yaml | 17 +- .../cinder/cinder-volume-pacemaker-puppet.yaml | 126 +- .../openstack-clients-baremetal-puppet.yaml | 1 - ...ntainer-image-prepare-baremetal-ansible.j2.yaml | 78 +- deployment/containers-common.yaml | 24 + deployment/database/mysql-container-puppet.yaml | 6 +- deployment/database/mysql-pacemaker-puppet.yaml | 264 +- deployment/database/redis-container-puppet.yaml | 22 + deployment/database/redis-pacemaker-puppet.yaml | 213 +- .../kernel/kernel-baremetal-puppet.yaml | 9 + deployment/deprecated/logging/fluentd-config.yaml | 166 - .../logging/fluentd-container-puppet.yaml | 204 - .../monitoring/sensu-client-container-puppet.yaml | 3 +- .../neutron/neutron-sriov-host-config.yaml | 10 + .../nova/nova-consoleauth-container-puppet.yaml | 9 +- .../opendaylight-api-container-puppet.yaml | 1 + .../panko/panko-api-container-puppet.yaml | 340 - .../securetty/securetty-baremetal-puppet.yaml | 0 deployment/ec2/ec2-api-container-puppet.yaml | 11 +- deployment/etcd/etcd-container-puppet.yaml | 1 + .../designate/designate-api-container-puppet.yaml | 1 + .../designate-central-container-puppet.yaml | 1 + .../designate/designate-mdns-container-puppet.yaml | 1 + .../designate-producer-container-puppet.yaml | 9 +- .../designate/designate-sink-container-puppet.yaml | 1 + .../designate-worker-container-puppet.yaml | 9 +- deployment/glance/glance-api-container-puppet.yaml | 30 +- .../gnocchi/gnocchi-api-container-puppet.yaml | 24 +- .../gnocchi/gnocchi-metricd-container-puppet.yaml | 16 + .../gnocchi/gnocchi-statsd-container-puppet.yaml | 16 + deployment/haproxy/haproxy-container-puppet.yaml | 16 + deployment/haproxy/haproxy-pacemaker-puppet.yaml | 212 +- deployment/heat/heat-api-cfn-container-puppet.yaml | 22 +- deployment/heat/heat-api-container-puppet.yaml | 25 +- deployment/heat/heat-engine-container-puppet.yaml | 25 +- deployment/horizon/horizon-container-puppet.yaml | 18 + deployment/ironic/ironic-api-container-puppet.yaml | 18 +- .../ironic/ironic-conductor-container-puppet.yaml | 1 + .../ironic/ironic-inspector-container-puppet.yaml | 1 + .../ironic-neutron-agent-container-puppet.yaml | 1 + deployment/ironic/ironic-pxe-container-puppet.yaml | 1 + deployment/iscsid/iscsid-container-puppet.yaml | 1 + .../keepalived/keepalived-container-puppet.yaml | 1 + deployment/kernel/kernel-baremetal-ansible.yaml | 146 + deployment/keystone/keystone-container-puppet.yaml | 64 +- deployment/logging/files/panko-api.yaml | 51 - deployment/logging/rsyslog-container-puppet.yaml | 236 + deployment/logging/stdout/panko-api.yaml | 63 - ...metal-puppet.yaml => login-defs-baremetal.yaml} | 17 +- .../logrotate-crond-container-puppet.yaml | 55 +- deployment/manila/manila-api-container-puppet.yaml | 1 + deployment/manila/manila-backend-cephfs.yaml | 4 + .../manila/manila-scheduler-container-puppet.yaml | 1 + .../manila/manila-share-container-puppet.yaml | 1 + .../manila/manila-share-pacemaker-puppet.yaml | 28 +- .../memcached/memcached-container-puppet.yaml | 16 + .../messaging/rpc-qdrouterd-container-puppet.yaml | 1 + deployment/metrics/collectd-container-puppet.yaml | 3 + deployment/metrics/qdr-container-puppet.yaml | 13 +- .../mistral/mistral-api-container-puppet.yaml | 1 + .../mistral/mistral-engine-container-puppet.yaml | 1 + .../mistral-event-engine-container-puppet.yaml | 1 + .../mistral/mistral-executor-container-puppet.yaml | 36 + deployment/multipathd/multipathd-container.yaml | 8 + .../neutron/neutron-api-container-puppet.yaml | 24 +- .../neutron/neutron-dhcp-container-puppet.yaml | 9 +- .../neutron-l2gw-agent-baremetal-puppet.yaml | 6 +- deployment/neutron/neutron-l3-compute-dvr.yaml | 8 +- .../neutron/neutron-l3-container-puppet.yaml | 9 +- .../neutron/neutron-metadata-container-puppet.yaml | 9 +- .../neutron-ovs-agent-container-puppet.yaml | 27 +- .../neutron-sriov-agent-container-puppet.yaml | 13 +- deployment/nova/nova-api-container-puppet.yaml | 59 +- deployment/nova/nova-base-puppet.yaml | 12 +- deployment/nova/nova-compute-container-puppet.yaml | 74 +- .../nova/nova-conductor-container-puppet.yaml | 41 +- deployment/nova/nova-ironic-container-puppet.yaml | 2 + deployment/nova/nova-libvirt-container-puppet.yaml | 37 + .../nova/nova-metadata-container-puppet.yaml | 55 +- .../nova-migration-target-container-puppet.yaml | 18 + .../nova/nova-scheduler-container-puppet.yaml | 41 +- .../nova/nova-vnc-proxy-container-puppet.yaml | 41 +- deployment/nova/novajoin-container-puppet.yaml | 4 + .../octavia/octavia-api-container-puppet.yaml | 26 +- .../octavia/octavia-deployment-config.j2.yaml | 20 +- .../octavia-health-manager-container-puppet.yaml | 9 +- .../octavia-housekeeping-container-puppet.yaml | 9 +- .../octavia/octavia-worker-container-puppet.yaml | 9 +- .../openshift/openshift-cns-baremetal-ansible.yaml | 137 - .../openshift-infra-baremetal-ansible.yaml | 82 - .../openshift-master-baremetal-ansible.yaml | 635 -- .../openshift-node-baremetal-ansible.yaml | 195 - .../openshift-worker-baremetal-ansible.yaml | 61 - .../openvswitch/openvswitch-baremetal-puppet.yaml | 8 +- .../ovn/ovn-controller-container-puppet.yaml | 8 +- deployment/ovn/ovn-dbs-container-puppet.yaml | 3 +- deployment/ovn/ovn-dbs-pacemaker-puppet.yaml | 32 +- deployment/ovn/ovn-metadata-container-puppet.yaml | 9 +- .../pacemaker/clustercheck-container-puppet.yaml | 16 + .../pacemaker/pacemaker-baremetal-puppet.yaml | 127 +- .../pacemaker-remote-baremetal-puppet.yaml | 14 +- .../placement/placement-api-container-puppet.yaml | 17 +- deployment/podman/podman-baremetal-ansible.yaml | 195 +- deployment/qdr/qdrouterd-container-puppet.yaml | 1 + deployment/rabbitmq/rabbitmq-container-puppet.yaml | 1 + ...rabbitmq-messaging-notify-container-puppet.yaml | 1 + ...rabbitmq-messaging-notify-pacemaker-puppet.yaml | 199 +- .../rabbitmq-messaging-pacemaker-puppet.yaml | 222 +- .../rabbitmq-messaging-rpc-container-puppet.yaml | 1 + .../rabbitmq-messaging-rpc-pacemaker-puppet.yaml | 227 +- deployment/sahara/sahara-api-container-puppet.yaml | 9 +- deployment/sahara/sahara-base.yaml | 2 + .../sahara/sahara-engine-container-puppet.yaml | 9 +- .../securetty/securetty-baremetal-ansible.yaml | 50 + .../skydive-analyzer-baremetal-ansible.yaml | 2 +- deployment/swift/swift-proxy-container-puppet.yaml | 1 + .../swift/swift-storage-container-puppet.yaml | 1 + deployment/tacker/tacker-container-puppet.yaml | 1 + .../tripleo-firewall-baremetal-puppet.yaml | 30 +- .../tripleo-packages-baremetal-puppet.yaml | 35 +- ... => tripleo-validations-baremetal-ansible.yaml} | 9 +- deployment/zaqar/zaqar-container-puppet.yaml | 1 + environments/computealt.yaml | 3 - environments/disable-panko.yaml | 11 - environments/disable-telemetry.yaml | 1 - environments/enable-federation-openidc.yaml | 8 + environments/hyperconverged-ceph.yaml | 2 +- environments/lifecycle/ffwd-upgrade-prepare.yaml | 2 - environments/lifecycle/upgrade-converge.yaml | 1 + environments/lifecycle/upgrade-prepare.yaml | 1 + environments/logging-environment-rsyslog.yaml | 5 + environments/logging-environment.yaml | 31 - environments/login-defs.yaml | 2 +- environments/metrics/collectd-standalone.yaml | 33 +- environments/net-bond-with-vlans-v6.j2.yaml | 16 - environments/net-bond-with-vlans.j2.yaml | 7 + environments/net-multiple-nics-v6.j2.yaml | 15 - environments/net-multiple-nics.j2.yaml | 7 + environments/net-single-nic-with-vlans-v6.j2.yaml | 15 - environments/net-single-nic-with-vlans.j2.yaml | 7 + .../network-isolation-no-tunneling.j2.yaml | 6 +- environments/network-isolation-v6.j2.yaml | 6 +- environments/network-isolation.j2.yaml | 6 +- environments/neutron-ml2-ansible.yaml | 4 +- environments/neutron-ml2-cisco-n1kv.yaml | 11 - environments/neutron-ml2-mlnx-sdn.yaml | 2 +- environments/openshift-cns.yaml | 2 - environments/openshift.yaml | 7 - environments/podman.yaml | 1 + environments/securetty.yaml | 2 +- environments/services-baremetal/fluentd.yaml | 2 - .../services-baremetal/neutron-ovn-dvr-ha.yaml | 1 - .../services-baremetal/neutron-ovn-ha.yaml | 1 - environments/services-baremetal/neutron-sriov.yaml | 2 +- .../services-baremetal/undercloud-panko.yaml | 2 - environments/services/fluentd.yaml | 2 - .../services/haproxy-internal-tls-certmonger.yaml | 2 +- environments/services/neutron-ml2-ansible.yaml | 5 +- .../services/neutron-opendaylight-sriov.yaml | 2 +- environments/services/neutron-ovn-dvr-ha.yaml | 1 - environments/services/neutron-ovn-ha.yaml | 1 - environments/services/neutron-ovn-sriov.yaml | 2 +- environments/services/neutron-ovn-standalone.yaml | 1 - environments/services/neutron-sriov.yaml | 2 +- environments/services/undercloud-panko.yaml | 4 - environments/ssl/no-tls-endpoints-public-ip.yaml | 11 +- environments/ssl/tls-endpoints-public-dns.yaml | 11 +- environments/ssl/tls-endpoints-public-ip.yaml | 11 +- environments/ssl/tls-everywhere-endpoints-dns.yaml | 11 +- environments/standalone.yaml | 2 - environments/standalone/standalone-overcloud.yaml | 1 - environments/standalone/standalone-tripleo.yaml | 5 - environments/stdout-logging.yaml | 1 - environments/tripleo-validations.yaml | 2 +- environments/undercloud-disable-nova.yaml | 9 +- environments/undercloud.yaml | 4 +- environments/undercloud/undercloud-minion.yaml | 8 - extraconfig/post_deploy/standalone_post.yaml | 28 - .../post_deploy/undercloud_ctlplane_network.py | 45 +- extraconfig/post_deploy/undercloud_post.py | 27 +- extraconfig/post_deploy/undercloud_post.sh | 2 - extraconfig/post_deploy/undercloud_post.yaml | 1 + extraconfig/pre_network/boot_param_tasks.yaml | 9 + .../config/2-linux-bonds-vlans/role.role.j2.yaml | 6 +- network/config/bond-with-vlans/README.md | 8 + .../config/bond-with-vlans/controller-v6.j2.yaml | 230 - network/config/bond-with-vlans/role.role.j2.yaml | 6 +- network/config/multiple-nics/README.md | 8 + network/config/multiple-nics/controller-v6.j2.yaml | 200 - network/config/multiple-nics/role.role.j2.yaml | 6 +- .../config/single-nic-linux-bridge-vlans/README.md | 8 + .../controller-v6.j2.yaml | 215 - .../role.role.j2.yaml | 6 +- network/config/single-nic-vlans/README.md | 8 + .../config/single-nic-vlans/controller-v6.j2.yaml | 209 - network/config/single-nic-vlans/role.role.j2.yaml | 6 +- network/endpoints/build_endpoint_map.py | 23 +- network/endpoints/endpoint_data.yaml | 37 +- network/endpoints/endpoint_map.yaml | 9958 ++++++++++++++------ network/network.j2 | 10 +- network/service_net_map.j2.yaml | 4 +- ...a_openshift.yaml => network_data_dashboard.yaml | 58 +- overcloud-resource-registry-puppet.j2.yaml | 9 +- overcloud.j2.yaml | 236 +- .../controller/neutron-ml2-cisco-n1kv.yaml | 179 - puppet/role.role.j2.yaml | 178 +- ...der-rbd-flatten-parameter-3951b341262488fe.yaml | 7 + ...-kernel-package-parameter-f3ad68ed4b72b0f5.yaml | 6 + .../notes/allocation_ratio-4a8ecf4cdf5fb7e2.yaml | 13 + ...recate-neutronsriovnumvfs-96c9de5c6f071aeb.yaml | 11 + .../enable-vfio-for-sriov-62b7bd67df250840.yaml | 8 + ...gration_wait_for_vif_plug-6d16da261a138fb8.yaml | 3 +- .../notes/n1kv_removal-5ff92235ee758cb3.yaml | 5 + ...debug-tasks-start-at-task-28e4ff92ceec85d2.yaml | 6 + ...tron-permitted-ethertypes-80dc7f2154786881.yaml | 5 + .../nic-config-ansible-vars-1943a9f2dcab5477.yaml | 8 + .../nova-purge-maxdelay-fadeea1dc59e8086.yaml | 7 + ...nova_libvirtd_log_filters-63e9e6501d779dd9.yaml | 8 + ...nova_libvirtd_log_outputs-bf4091c0c7c5a968.yaml | 9 + ...ova_libvirtd_tls_priority-d0129f804d7ca847.yaml | 5 + ...a_local_metadata_per_cell-c374bd46a825c07e.yaml | 11 + .../notes/openshift-removal-d7efdc1696a1999e.yaml | 11 + ...ovn_remote_probe_interval-023b3fa671f88101.yaml | 9 + .../notes/pcmktlspriorities-4315010185adf45a.yaml | 7 + ...e-deployed-server-outputs-d990bf75c7d8ef05.yaml | 5 + ...ove-deployment-swift-data-11afcb4e9925d7b2.yaml | 5 + roles/BlockStorage.yaml | 2 +- roles/CellController.yaml | 20 +- roles/CephAll.yaml | 2 +- roles/CephFile.yaml | 2 +- roles/CephObject.yaml | 2 +- roles/CephStorage.yaml | 2 +- roles/Compute.yaml | 2 +- roles/ComputeAlt.yaml | 3 +- roles/ComputeDVR.yaml | 2 +- roles/ComputeHCI.yaml | 2 +- roles/ComputeHCIOvsDpdk.yaml | 2 +- roles/ComputeInstanceHA.yaml | 2 +- roles/ComputeLiquidio.yaml | 2 +- roles/ComputeLocalEphemeral.yaml | 2 +- roles/ComputeOvsDpdk.yaml | 2 +- roles/ComputeOvsDpdkRT.yaml | 2 +- roles/ComputeOvsDpdkSriov.yaml | 2 +- roles/ComputeOvsDpdkSriovRT.yaml | 2 +- roles/ComputePPC64LE.yaml | 2 +- roles/ComputeRBDEphemeral.yaml | 2 +- roles/ComputeRealTime.yaml | 2 +- roles/ComputeSriov.yaml | 2 +- roles/ComputeSriovRT.yaml | 2 +- roles/Controller.yaml | 3 +- roles/ControllerAllNovaStandalone.yaml | 3 +- roles/ControllerNoCeph.yaml | 3 +- roles/ControllerNovaStandalone.yaml | 3 +- roles/ControllerOpenstack.yaml | 3 +- roles/ControllerStorageDashboard.yaml | 190 + roles/ControllerStorageNfs.yaml | 4 +- roles/Database.yaml | 2 +- roles/DistributedCompute.yaml | 2 +- roles/DistributedComputeHCI.yaml | 2 +- roles/HciCephAll.yaml | 2 +- roles/HciCephFile.yaml | 2 +- roles/HciCephMon.yaml | 2 +- roles/HciCephObject.yaml | 2 +- roles/IronicConductor.yaml | 2 +- roles/Messaging.yaml | 2 +- roles/Networker.yaml | 2 +- roles/Novacontrol.yaml | 2 +- roles/ObjectStorage.yaml | 2 +- roles/OpenShiftAllInOne.yaml | 42 - roles/OpenShiftInfra.yaml | 31 - roles/OpenShiftMaster.yaml | 38 - roles/OpenShiftWorker.yaml | 31 - roles/README.rst | 4 - roles/Standalone.yaml | 4 +- roles/Telemetry.yaml | 3 +- roles/Undercloud.yaml | 2 - roles/UndercloudMinion.yaml | 4 +- roles_data.yaml | 12 +- roles_data_undercloud.yaml | 3 - sample-env-generator/openidc.yaml | 5 + sample-env-generator/ssl.yaml | 44 +- sample-env-generator/standalone.yaml | 8 - sample-env-generator/undercloud-minion.yaml | 8 - test-requirements.txt | 3 +- tools/merge-new-params-nic-config-script.py | 42 +- tools/process-templates.py | 42 +- tools/roles-data-generate.py | 1 + tools/roles-data-validation.sh | 2 +- tools/yaml-diff.py | 18 +- tools/yaml-nic-config-2-script.py | 104 +- tools/yaml-validate.py | 383 +- tox.ini | 31 +- zuul.d/layout.yaml | 22 +- 345 files changed, 11759 insertions(+), 8720 deletions(-) Requirements updates -------------------- diff --git a/test-requirements.txt b/test-requirements.txt index 68a8676be..c19bd2dc8 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -9 +9,2 @@ six>=1.10.0 # MIT -sphinx!=1.6.6,!=1.6.7,>=1.6.2 # BSD +sphinx!=1.6.6,!=1.6.7,>=1.6.2,<2.0.0;python_version=='2.7' # BSD +sphinx!=1.6.6,!=1.6.7,>=1.6.2;python_version>='3.4' # BSD