We are happy to announce the release of: puppet-tripleo 8.1.0: Puppet module for OpenStack TripleO This release is part of the queens release series. The source is available from: http://git.openstack.org/cgit/openstack/puppet-tripleo Download the package from: https://tarballs.openstack.org/puppet-tripleo/ Please report issues through launchpad: http://bugs.launchpad.net/tripleo (tag: puppet) For more details, please see below. 8.1.0 ^^^^^ New Features ************ * Add tripleo puppet manifest to support the configuration of the cisco VTS controller ml2 plugin. * Added new parameter to tripleo::haproxy: activate_httplog This allows to activate the HTTP full logs in HAProxy. * This change allows to dynamically create new service endpoints, either using hiera in heat, or with some new service profile you can then include in the roles_data.yml * keystone notification topics are now configured via the keystone_notification_topics hiera key. Which aggregates all the keys that match this. It's useful for dynamically configuring the topics and not always sending them. * Enables management of the login.defs file and its values around password functionality (such as max days, min days, warning age, fail retry times) Deprecation Notes ***************** * The keymgr_api_class parameter is deprecated in favor of an equivalent keymgr_backend option. The deprecated keymgr_api_class is still supported for backward compatibility. Security Issues *************** * Operators using this puppet module, can change values that influence password security. Bug Fixes ********* * Added missing haproxy endpoint for the Octavia API. * Fixes OpenDaylight port status to now work correctly via websocket connection. * Fixes bug 1733801 so we can activate haproxy logs. * Allow to add custom backends in HAProxy (1721832) * Include the Swift base class in the proxy class, to ensure Swift hash values are properly set in swift.conf when not applying the storage manifest on the same node. Changes in puppet-tripleo 8.0.0..8.1.0 -------------------------------------- 47fa3f4 Move scenario001 and scenario003 back to the gate fbc089e Revert "Use TLS proxy for Redis' internal TLS" 6c0f8c1 Prepare 8.1.0 release (queens-m2) bc3feec Enables websocket based port status for OpenDaylight 3d54e16 ironic: add support for the ansible deploy method cefbf4a ironic: support enabling staging drivers a362e22 Fix typo in ganesha VIP order constraint c410f60 Add Octavia API endpoint to haproxy 26e0531 Set ProxyPreserveHost in ec2api TLS proxy e9bce74 Set disable:true for oci-machine-register 323cd64 Added new parameter: $activate_httplog 5251ff5 Adding manifest for Cisco VTS ML2 mechanism driver configuration 9d6f569 Introduces puppet module for `/etc/login.defs` 7b35ac0 Add support for cephfs+ganesha backend in manila 834a0ff Make scenario007-container voting 2bac373 Remove scenario003 from the gate d3705e4 Sensu unit tests feca86b Fix ordering when pacemaker with bundles is being used 1dcd10c Drop the old skip-metering-database flag bf6785b Remove Ceilometer Api puppet classes c999f51 Configure libvirt SASL SCRAM-SHA1 when TLS is enabled 07e71e5 include nova::compute::pci in compute.pp bcc8ccc Fix use of deprecated "api_class" key manager option 5cac793 Add kubernetes API to haproxy LB configuration b2dc580 Make sure rabbitmq is fully up before creating any rabbitmq resources 86df825 Include swift base class in the proxy class 5cfae15 Migrate puppet-tripleo to zuul v3 jobs 91472c0 Fix logrotate containers log c0ad8cd Add profile to configure the rsyslog sidecar container f3dd32b Revert "Set ACLs on ceph client keyrings" 0933bc5 Create dedicated "apache" base profile a4d12e0 Set ACLs on ceph client keyrings df9f68f Add TLS for ec2api metadata service 2366b5b Unset MountFlags in docker.service systemd directives 1b4f5d0 Ensure sshd has proper configuration for its HostKey. 9fb617e Galera: add support for encrypted SST b8456e5 Change haproxy check to tcpka for ec2_api 103462e Add capability to configure simple-crypto backend for barbican 9df7f1c Fix bind mounts for cinder-{backup,volume} 186dfb7 Rely on container setup for haproxy's certificate user and group ac09919 certmonger/HAProxy: don't use principal if CA is local abd7a94 Certmonger: Only notify haproxy class if it's defined bbe7d9e Make keystone notification topics configurable 24a3e20 Add TLS for ec2api service 3c58543 Revert "Revert "Set meta container-attribute-target=host attribute"" 07a1a3e Add Puppet package to bindep, for module build 5376750 Switch to Zuul v3 testing 4462260 Make docker network configurable fe70c9e Remove collector classes 5eb571c Add option to disable running mistral-api via wsgi 8b56b27 Fixes license to explicitly be Apache 2.0 7ff4471 Add resource to create haproxy endpoints dynamically 93ae3c9 HAproxy should get full response from ironic-inspector Diffstat (except docs and test files) ------------------------------------- Puppetfile_extras | 4 + README.md | 2 +- bindep.txt | 1 + manifests/certmonger/haproxy.pp | 27 ++- manifests/certmonger/redis.pp | 72 ------- manifests/haproxy.pp | 153 ++++++++++----- manifests/haproxy/service_endpoints.pp | 38 ++++ manifests/profile/base/aodh/api.pp | 2 +- manifests/profile/base/aodh/evaluator.pp | 14 +- manifests/profile/base/apache.pp | 43 +++++ manifests/profile/base/barbican/api.pp | 12 +- manifests/profile/base/barbican/backends.pp | 48 +++++ manifests/profile/base/ceilometer/agent/central.pp | 15 +- manifests/profile/base/ceilometer/agent/polling.pp | 13 +- manifests/profile/base/ceilometer/api.pp | 85 -------- manifests/profile/base/ceilometer/collector.pp | 87 --------- manifests/profile/base/ceilometer/upgrade.pp | 2 +- manifests/profile/base/certmonger_user.pp | 9 - manifests/profile/base/cinder/api.pp | 29 ++- manifests/profile/base/database/redis.pp | 71 +------ manifests/profile/base/docker.pp | 74 ++++++- manifests/profile/base/gnocchi/api.pp | 8 +- manifests/profile/base/heat/api.pp | 2 +- manifests/profile/base/heat/api_cfn.pp | 2 +- manifests/profile/base/heat/api_cloudwatch.pp | 2 +- manifests/profile/base/horizon.pp | 3 +- manifests/profile/base/ironic/api.pp | 2 +- manifests/profile/base/ironic/conductor.pp | 11 +- manifests/profile/base/keystone.pp | 61 +++--- manifests/profile/base/login_defs.pp | 80 ++++++++ manifests/profile/base/manila/api.pp | 2 +- manifests/profile/base/manila/share.pp | 52 +++-- manifests/profile/base/mistral/api.pp | 17 +- manifests/profile/base/neutron/plugins/ml2.pp | 4 + .../base/neutron/plugins/ml2/opendaylight.pp | 2 - manifests/profile/base/neutron/plugins/ml2/vts.pp | 49 +++++ manifests/profile/base/nova/api.pp | 2 +- manifests/profile/base/nova/compute.pp | 26 ++- manifests/profile/base/nova/ec2api.pp | 113 ++++++++++- manifests/profile/base/nova/libvirt.pp | 59 +++++- manifests/profile/base/nova/migration/client.pp | 1 + manifests/profile/base/nova/placement.pp | 2 +- manifests/profile/base/pacemaker.pp | 15 ++ manifests/profile/base/pacemaker_remote.pp | 14 ++ manifests/profile/base/panko/api.pp | 2 +- manifests/profile/base/rsyslog/sidecar.pp | 36 ++++ manifests/profile/base/sshd.pp | 10 + manifests/profile/base/swift/proxy.pp | 1 + manifests/profile/base/zaqar.pp | 6 +- manifests/profile/pacemaker/ceph_nfs.pp | 124 ++++++++++++ .../profile/pacemaker/cinder/backup_bundle.pp | 8 +- .../profile/pacemaker/cinder/volume_bundle.pp | 8 +- manifests/profile/pacemaker/database/mysql.pp | 42 +++- .../profile/pacemaker/database/mysql_bundle.pp | 51 ++++- manifests/profile/pacemaker/database/redis.pp | 65 ------- .../profile/pacemaker/database/redis_bundle.pp | 2 +- manifests/profile/pacemaker/manila/share_bundle.pp | 170 ++++++++++------ manifests/profile/pacemaker/ovn_dbs_bundle.pp | 2 +- manifests/profile/pacemaker/rabbitmq.pp | 17 ++ manifests/profile/pacemaker/rabbitmq_bundle.pp | 20 +- manifests/tls_proxy.pp | 29 +-- metadata.json | 2 +- .../notes/add_cisco_vts_ml2-786d7d8cc6eb7d14.yaml | 4 + ...-octavia-haproxy-endpoint-8d20b5bfd11f8d89.yaml | 4 + ..._opendaylight_port_status-1ee052b299b36b83.yaml | 5 + .../notes/haproxy-logging-13b333a7e9d9558e.yaml | 10 + ...haproxy_dynamic_endpoints-bf618ef45674bea4.yaml | 8 + .../key-manager-backend-e8bd95b728bb0d0e.yaml | 6 + ...stone-notification-topics-5b155e7b5e60b7fd.yaml | 7 + .../notes/login_defs-1d1b32c233a33b2f.yaml | 10 + ...ift-proxy-use-hash-suffix-b04c2ac17a2c8c38.yaml | 6 + setup.cfg | 3 +- spec/classes/tripleo_haproxy_spec.rb | 49 ++++- spec/classes/tripleo_profile_base_apache_spec.rb | 73 +++++++ .../tripleo_profile_base_ceilometer_api_spec.rb | 80 -------- ...ipleo_profile_base_ceilometer_collector_spec.rb | 143 -------------- .../tripleo_profile_base_cinder_api_spec.rb | 18 +- spec/classes/tripleo_profile_base_docker_spec.rb | 7 + .../tripleo_profile_base_login_defs_spec.rb | 56 ++++++ .../tripleo_profile_base_monitoring_sensu_spec.rb | 38 ++++ .../tripleo_profile_base_neutron_ml2_vts_spec.rb | 92 +++++++++ .../tripleo_profile_base_nova_compute_spec.rb | 21 +- .../tripleo_profile_base_nova_libvirt_spec.rb | 59 ++++++ ...pleo_profile_base_nova_migration_client_spec.rb | 4 +- spec/classes/tripleo_profile_base_sshd_spec.rb | 74 +++++-- spec/fixtures/hieradata/step4.yaml | 4 +- templates/logrotate/containers_logrotate.conf.erb | 2 +- templates/rsyslog_sidecar/rsyslog.conf.erb | 7 + zuul.d/layout.yaml | 215 +++++++++++++++++++++ 89 files changed, 2026 insertions(+), 904 deletions(-)