We are pumped to announce the release of: puppet-tripleo 8.2.0: Puppet module for OpenStack TripleO This release is part of the queens release series. The source is available from: http://git.openstack.org/cgit/openstack/puppet-tripleo Download the package from: https://tarballs.openstack.org/puppet-tripleo/ Please report issues through launchpad: http://bugs.launchpad.net/tripleo (tag: puppet) For more details, please see below. 8.2.0 ^^^^^ New Features ************ * Added code to select plugin configuration based on tripleo heat template dynamic variables for each backend, depending on if the backend is enabled. Multiple backends can now be configured. * Configuration of Octavia 'service_auth' section is now enabled for configuring service-to-service communication. * Adds support for deploying OpenDaylight with TLS. Open vSwitch is also configured with TLS in this deployment. * Enable configuration of octavia certificate related properties to support secure communication with amphorae. * Adds support for standard puppet separator. The "." separator does not work in puppet-rpsec, so we can't get proper unit tests on the firewall service_rules definition. * Adds Basic Authentication support for HAProxy endpoints. * Adds support for puppet standard separator notation in order to be able to have unit tests. The "." separator notation doesn't work in puppet-rspec, probably because "hiera" isn't called per se. This new feature allows to get two hashes, they are merged in the definition. * Allows to configure SR-IOV NIC to switchdev mode. This feature requires kernel 4.10 and above. * Precision Time Protocol (PTP) is a protocol used to synchronize clocks throughout a network. When used in conjunction with hardware support, PTP is capable of sub-microsecond accuracy which is far better than is normally obtainable with NTP. * The security compliance manifest was included in the keystone profile. This enables us to configure the security compliance options through t-h-t. Deprecation Notes ***************** * The hardcoded parameter names for network vips in hiera have been deprecated and replaced with the network_virtual_ips dict that includes composable networks. Likewise the hardcoded network parameters to class tripleo::keepalived have been deprecated. Bug Fixes ********* * The new network_virtual_ips hiera parameter is used to generate all network VIP resources in haproxy, haproxy_bundle, and keepalived manifests. Since additional custom networks may be added, the virtual_router_ids in keepalived have been reordered. * Partly fixes bug 1737086 in oder to get unit tests on firewall service_rules definition * Fixes bug 1736132 by implementing Basic Authentication in HAProxy endpoint. * Partly fixes bug 1737086 for unit tests on haproxy service_endpoints * Swift added a requirement to ensure that storage directories exist before using them. However, when local directories are used in Tripleo (storing data in /srv/node/d1), these are missing by default and thus Swift won't store any data. This fix creates this directory if needed. Changes in puppet-tripleo 8.1.0..8.2.0 -------------------------------------- 7687333 Split docker mirror and debug configs 487ba1a Remove RH1 OVB jobs from configuration 10468ae Adds TLS support for OpenDaylight 3720568 Prepare Queens milestone 3 7b39100 Remove pinned versions from test-requirements.txt 19ed96e cinder/pacemaker: resolve puppet resource duplications 181cd83 zuul: run scenarios when patching pacemaker profiles dbfc8e1 Use on-marked-down shutdown-sessions for redis haproxy conf 37f0c00 Let haproxy_defaults be overridable ffd524d Create Swift directory d1 if needed e84da28 Enable automatic restart of memcached, apache and mongodb a8fbe2f logging: teach fluentd.pp about fluentd_service_user c1ba5f7 Fluentd: Transform path by service 279e9b7 Configure inline mode transport for Connectx4/LX d6f5bf9 OVN HA: Set the OVN Resource Agent parameter 'inactive_probe_interval' 4f94f07 Remove contrail from haproxy 1cfecc3 Fix rabbitmq-ready check for single node HA deployments 5824044 Configure VIPs for all networks including composable networks 50f6aa1 Include security_compliance manifest in keystone 3aa4499 Add missing ssl ports for ovn_sbdb and ovn_nbdb a02206f Replace colon with a dash. 1ab4bca zuul: cleanup old unused jobs 2753f06 zuul: move tacker / congress from scenario001 to 007 c3f73aa Remove _member_ role from the keystone accepted roles 9fbfc68 Only create veritas rabbitmq users on the bootstrap node 97d5012 Give horizon's stanza in haproxy a per-server cookie a9f059f Do not force provider in rabbitmq base profile 2f33d74 Fix up the rabbitmq-ready check 0aef5a7 Let collectd manage repo and added unit test f2933eb Allow wsrep_max_ws_rows and wsrep_max_ws_size to use defaults 96d608a Fix up spec class for haproxy 5b1a139 gnocchi/ceilometer upgrade workflow fix 65d226a Correct typo in manila/share.pp resource chaining 9d438cd Add Basic Authentication support for HAProxy 2f7d622 correct unit tests b660c83 Update the doc link ecefcff Remove old central and compute agent profiles 58355c9 logging: support service_config_settings configuration mechanism 4430253 Add unit test for tripleo::haproxy::service_endpoints 4b0bdc2 Implements AIDE Intrusion Detection System 1c49fbe gnocchi: ensure upgrade run after swift setup a97cc29 Add neutron base profile to OVN metadata agent 41f9b0d Add unit tests for tripleo::firewall::service_rules f7030a2 Implements: Heat template for integrating Cavium SmartNIC LiquidIO e5c5632 Add support for switchdev mode in SR-IOV 5fb0826 Bind-mount iscsid IQN by its real host path 8247745 In compute IHA make no_shared_storage a class parameter b252174 Remove INSECURE_REGISTRY from docker_registry.pp 896554c HAProxy logging b6f76fa Enable collectd to send metrics to Gnocchi bddbced Enable octavia certificate configuration 43fd153 Enable Octavia service_auth configuration bf00992 Instance HA support 48c4175 Update cephx keys with ACLs for openstack services. 37d6435 Add multiple backends for barbican 361785f Allow vhost socket directory user/group as configurable from template 07eabfd Add PTP service f2abe0c Add support for OVN Metadata Agent Diffstat (except docs and test files) ------------------------------------- Puppetfile_extras | 12 ++ README.md | 2 +- lib/puppet/provider/sriov_vf_config/numvfs.rb | 54 ++++- lib/puppet/type/sriov_vf_config.rb | 4 +- manifests/certmonger/opendaylight.pp | 77 +++++++ manifests/certmonger/openvswitch.pp | 74 +++++++ manifests/fencing.pp | 37 +++- manifests/firewall/service_rules.pp | 12 +- manifests/haproxy.pp | 154 ++++---------- manifests/haproxy/endpoint.pp | 22 +- manifests/haproxy/horizon_endpoint.pp | 17 +- manifests/haproxy/service_endpoints.pp | 20 +- manifests/haproxy/userlist.pp | 54 +++++ manifests/host/sriov.pp | 9 +- manifests/host/sriov/numvfs_persistence.pp | 15 +- manifests/keepalived.pp | 98 ++++----- manifests/network/cavium/liquidio.pp | 99 +++++++++ manifests/profile/base/aide.pp | 79 +++++++ manifests/profile/base/aide/cron.pp | 78 +++++++ manifests/profile/base/aide/installdb.pp | 56 +++++ manifests/profile/base/aide/rules.pp | 61 ++++++ manifests/profile/base/apache.pp | 6 + manifests/profile/base/barbican/api.pp | 10 +- manifests/profile/base/barbican/backends.pp | 54 ++++- manifests/profile/base/ceilometer/agent/central.pp | 38 ---- manifests/profile/base/ceilometer/agent/compute.pp | 36 ---- manifests/profile/base/ceilometer/upgrade.pp | 9 +- manifests/profile/base/ceph/rgw.pp | 4 +- manifests/profile/base/certmonger_user.pp | 18 ++ manifests/profile/base/cinder/volume.pp | 12 ++ manifests/profile/base/database/mongodb.pp | 6 + manifests/profile/base/docker.pp | 23 ++- manifests/profile/base/docker_registry.pp | 26 +-- manifests/profile/base/glance/api.pp | 14 +- manifests/profile/base/gnocchi/api.pp | 37 +++- manifests/profile/base/keystone.pp | 1 + manifests/profile/base/logging/fluentd.pp | 98 +++++++-- .../base/logging/fluentd/fluentd_service.pp | 63 ++++++ manifests/profile/base/manila/share.pp | 7 + manifests/profile/base/memcached.pp | 6 + manifests/profile/base/metrics/collectd.pp | 146 ++++++++++++- manifests/profile/base/metrics/collectd/gnocchi.pp | 152 ++++++++++++++ manifests/profile/base/neutron/opendaylight.pp | 47 ++++- manifests/profile/base/neutron/ovn_metadata.pp | 46 +++++ manifests/profile/base/neutron/ovs.pp | 18 +- .../base/neutron/plugins/ml2/opendaylight.pp | 35 +++- .../base/neutron/plugins/ovs/opendaylight.pp | 57 ++++- .../profile/base/nova/compute_libvirt_shared.pp | 13 +- manifests/profile/base/octavia.pp | 1 + manifests/profile/base/octavia/health_manager.pp | 1 + manifests/profile/base/octavia/worker.pp | 1 + manifests/profile/base/pacemaker.pp | 44 ++-- manifests/profile/base/pacemaker/instance_ha.pp | 126 +++++++++++ manifests/profile/base/rabbitmq.pp | 13 +- manifests/profile/base/swift/storage.pp | 18 ++ manifests/profile/base/time/ptp.pp | 52 +++++ .../profile/pacemaker/cinder/backup_bundle.pp | 4 +- .../profile/pacemaker/cinder/volume_bundle.pp | 4 +- manifests/profile/pacemaker/compute_instanceha.pp | 33 +++ manifests/profile/pacemaker/database/mysql.pp | 2 - .../profile/pacemaker/database/mysql_bundle.pp | 2 - manifests/profile/pacemaker/haproxy.pp | 40 ++-- manifests/profile/pacemaker/haproxy_bundle.pp | 36 +--- manifests/profile/pacemaker/ovn_dbs_bundle.pp | 3 +- manifests/profile/pacemaker/ovn_northd.pp | 3 +- manifests/profile/pacemaker/rabbitmq_bundle.pp | 28 ++- metadata.json | 5 +- .../add-barbican-backends-2412df7eef07038e.yaml | 5 + ...tavia-service-auth-config-acc4adb3e6c4542d.yaml | 5 + .../add-tls-opendaylight-a3f943a0f6012424.yaml | 5 + .../composable-network-vips-a1b9b738561a8214.yaml | 11 + ...certificate-configuration-d8924916efc3054b.yaml | 5 + .../firewall-service-rules-6586a2c138dfe338.yaml | 10 + .../notes/haproxy-basic-auth-e2839941c806c615.yaml | 8 + ...haproxy-service-endpoints-4351bd4666dfe9a7.yaml | 11 + .../notes/ovs-hw-offload-89a49899af3b9892.yaml | 4 + releasenotes/notes/ptp-062b1d1f2d9f2275.yaml | 6 + .../security-compliance-1f5cb3b3be9f7657.yaml | 5 + .../swift-create-local-dir-b00292e623d03044.yaml | 7 + .../tripleo_certmonger_opendaylight_spec.rb | 71 +++++++ .../classes/tripleo_certmonger_openvswitch_spec.rb | 68 ++++++ spec/classes/tripleo_haproxy_spec.rb | 21 +- spec/classes/tripleo_profile_base_aide_spec.rb | 102 +++++++++ .../tripleo_profile_base_barbican_backends_spec.rb | 95 +++++++++ spec/classes/tripleo_profile_base_ceph_rgw_spec.rb | 4 +- .../tripleo_profile_base_cinder_volume_spec.rb | 6 +- spec/classes/tripleo_profile_base_docker_spec.rb | 11 +- .../tripleo_profile_base_gnocchi_api_spec.rb | 8 +- .../tripleo_profile_base_logging_fluentd_spec.rb | 127 ++++++++++++ .../tripleo_profile_base_metrics_collectd_spec.rb | 67 ++++++ ...o_profile_base_neutron_ml2_opendaylight_spec.rb | 97 +++++++++ ...ipleo_profile_base_neutron_opendaylight_spec.rb | 40 ++++ ...o_profile_base_neutron_ovs_opendaylight_spec.rb | 118 +++++++++++ .../tripleo_profile_base_neutron_ovs_spec.rb | 20 ++ .../classes/tripleo_profile_base_pacemaker_spec.rb | 71 +++++++ .../defines/tripleo_firewall_service_rules_spec.rb | 37 ++++ spec/defines/tripleo_haproxy_endpoint_spec.rb | 44 ++-- .../tripleo_haproxy_service_endpoints_spec.rb | 49 +++++ spec/defines/tripleo_haproxy_userlist_spec.rb | 56 +++++ .../tripleo_host_sriov_numvfs_persistence_spec.rb | 73 +++++++ spec/fixtures/hieradata/default.yaml | 54 +++++ spec/fixtures/hieradata/step1.yaml | 3 + spec/fixtures/hieradata/step4.yaml | 19 ++ spec/unit/provider/sriov_vf_config/numvfs_spec.rb | 77 +++++++ spec/unit/type/sriov_vf_config_spec.rb | 25 +++ templates/aide/aide.conf.erb | 3 + templates/collectd/collectd-gnocchi.conf.erb | 62 ++++++ templates/fluentd/fluentd_user.conf.erb | 3 + templates/switchdev/switchdev.epp | 27 +++ test-requirements.txt | 6 +- zuul.d/layout.yaml | 230 ++++++--------------- 111 files changed, 3537 insertions(+), 671 deletions(-) Requirements updates -------------------- diff --git a/test-requirements.txt b/test-requirements.txt index 8db5c0d..aa9dd6b 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -2,2 +2,2 @@ -sphinx>=1.6.2 # BSD -openstackdocstheme>=1.17.0 # Apache-2.0 +sphinx # BSD +openstackdocstheme # Apache-2.0 @@ -6 +6 @@ openstackdocstheme>=1.17.0 # Apache-2.0 -reno>=2.5.0 # Apache-2.0 +reno # Apache-2.0