We enthusiastically announce the release of: puppet-tripleo 7.3.0: Puppet module for OpenStack TripleO This release is part of the pike stable release series. The source is available from: http://git.openstack.org/cgit/openstack/puppet-tripleo Download the package from: https://tarballs.openstack.org/puppet-tripleo/ Please report issues through launchpad: http://bugs.launchpad.net/tripleo (tag: puppet) For more details, please see below. 7.3.0 ^^^^^ New Features * When TLS everywhere is enabled, the HAProxy stats interface will also use TLS. This requires the user to access the interface through the ctlplane FQDN (which is configured by the CloudNameCtlplane parameter in tripleo-heat-templates). Note that one can still use the haproxy_stats_certificate parameter from the haproxy class, and that one will take precedence if set. * Encryption is used for pacemaker traffic by default. This is achieved by using a pre shared key for all the pacemaker cluster nodes (same as the one that was used for the pacemaker remote communication). * Enable innodb_buffer_pool_size configuration for all MySQL databases. * Add support to configure Dell EMC VMAX Manila backend Changes in puppet-tripleo 7.2.0..7.3.0 -------------------------------------- 347aa4a TLS-everywhere/libvirt: Make postsave command configurable 17396dc Use resource collector for the fencing -> stonith ordering ab48d3a Add -s (silent) to curl command for CRL refresh 095d130 Certmonger: Make postsave command configurable 264f228 Add TLS for nova metadata service 8c39646 Allow configuring multiple insecure registries 5696986 Enable TLS in the internal network for horizon 3959f24 Create separate resource for HAProxy horizon endpoint 6c1aaa0 Release Pike rc1 - 7.3.0 6b0c04a Move barbican's database creation to mysql profile a91f554 Add OVN DBs bundle support for pacemaker HA 70987c8 Add logrotate-crond configuration 5222b8d Remove extra keystone admin haproxy listen and allow TLS 3a5eb08 Use rabbitmq ipv6 flag 1500676 Support for Dell EMC VMAX Manila Driver fd36351 Support for Dell EMC VMAX ISCSI Cinder Driver 897d594 Do not create fs and server side key from manila c7b87f0 HAProxy: Set listen options for internal services too 040411c Modify resource dependencies of certmonger_user resources 4b25338 Do not include manila ceph key resource twice 1f695f1 Enable TLS configuration for containerized HAProxy 86a3261 Enable TLS configuration for containerized RabbitMQ 7586c58 Run online_data_migrations for Ironic on upgrade d8cc010 Update swift-proxy unit tests for puppet5 07f9fa6 Enable TLS configuration for containerized Galera 5453263 Enable innodb_buffer_pool_size configuration 7d13151 Configure dockerd with --iptables=false c292d93 Update link addresses in README.md 1b82fe4 Use normal socket file permissions instead of polkit a9695bd Ensure directory exists for certificates for haproxy c5dc851 Enable encryption of pacemaker traffic by default 5caebe8 Use clustercheck credentials to poll galera state in container e51e796 Enable TLS for the HAProxy stats interface f736f54 Update openstackdocstheme>=1.16.0 5ae3fab Fix legacy nova/cinder encryption key manager configuration fab85e5 Support for Dell EMC Unity Cinder Driver b59d7e7 Replace enabled languages with excluded languages in UI 01ae503 Handle SSL options for Zaqar 50f160a Prevent haproxy to run iptables during docker-puppet configuration 237e613 Fix nova and selinux unit tests ea79aff Move gnocchi::api resource to run with wsgi setup bf5eaa2 Pass 'false' docroot to vhost for tls_proxy d90abf4 Configure redis as incoming storage driver in gnocchi Diffstat (except docs and test files) ------------------------------------- README.md | 6 +- manifests/certmonger/ca/crl.pp | 2 +- manifests/certmonger/haproxy.pp | 29 ++-- manifests/certmonger/haproxy_dirs.pp | 55 ++++++ manifests/certmonger/httpd.pp | 10 +- manifests/certmonger/libvirt.pp | 10 +- manifests/certmonger/mongodb.pp | 10 +- manifests/certmonger/mysql.pp | 10 +- manifests/certmonger/rabbitmq.pp | 10 +- manifests/haproxy.pp | 137 +++++---------- manifests/haproxy/endpoint.pp | 34 +++- manifests/haproxy/horizon_endpoint.pp | 154 +++++++++++++++++ manifests/haproxy/stats.pp | 74 ++++++++ manifests/profile/base/barbican/api.pp | 4 - manifests/profile/base/ceph/mds.pp | 5 + manifests/profile/base/certmonger_user.pp | 33 +++- manifests/profile/base/cinder/api.pp | 11 +- manifests/profile/base/cinder/volume.pp | 51 ++++-- .../profile/base/cinder/volume/dellemc_unity.pp | 47 +++++ .../base/cinder/volume/dellemc_vmax_iscsi.pp | 42 +++++ manifests/profile/base/database/mysql.pp | 25 ++- manifests/profile/base/docker.pp | 86 +++------ manifests/profile/base/gnocchi/api.pp | 7 +- manifests/profile/base/haproxy.pp | 7 + manifests/profile/base/horizon.pp | 45 ++++- manifests/profile/base/ironic.pp | 5 +- manifests/profile/base/logging/logrotate.pp | 112 ++++++++++++ manifests/profile/base/manila/api.pp | 7 +- manifests/profile/base/nova/api.pp | 40 +++++ manifests/profile/base/nova/compute.pp | 11 +- manifests/profile/base/nova/libvirt.pp | 21 ++- manifests/profile/base/pacemaker.pp | 22 ++- manifests/profile/base/rabbitmq.pp | 15 +- manifests/profile/base/zaqar.pp | 48 +++++- manifests/profile/pacemaker/clustercheck.pp | 11 +- .../profile/pacemaker/database/mysql_bundle.pp | 192 +++++++++++++-------- manifests/profile/pacemaker/haproxy.pp | 10 +- manifests/profile/pacemaker/haproxy_bundle.pp | 115 ++++++++++-- manifests/profile/pacemaker/manila.pp | 52 +++--- manifests/profile/pacemaker/ovn_dbs_bundle.pp | 159 +++++++++++++++++ manifests/profile/pacemaker/rabbitmq_bundle.pp | 128 ++++++++------ manifests/tls_proxy.pp | 2 +- manifests/ui.pp | 34 +--- metadata.json | 2 +- .../TLS-for-haproxy-stats-3ce3b7780f0ef5b7.yaml | 8 + ...-for-pacemaker-by-default-ca887dca02a21705.yaml | 6 + .../innodb_buffer_pool_size-6fa946cf008a4606.yaml | 4 + .../notes/unity_driver_aaa347d073cd11e7.yaml | 4 + releasenotes/source/conf.py | 4 +- spec/classes/tripleo_certmonger_ca_crl_spec.rb | 4 +- spec/classes/tripleo_haproxy_stats_spec.rb | 104 +++++++++++ .../tripleo_profile_base_barbican_api_spec.rb | 3 - .../tripleo_profile_base_cinder_api_spec.rb | 14 +- .../tripleo_profile_base_cinder_unity_spec.rb | 57 ++++++ .../tripleo_profile_base_cinder_vmax_spec.rb | 57 ++++++ spec/classes/tripleo_profile_base_docker_spec.rb | 94 ++-------- .../tripleo_profile_base_gnocchi_api_spec.rb | 6 + .../tripleo_profile_base_logging_logrotate_spec.rb | 59 +++++++ ...ipleo_profile_base_nova_compute_libvirt_spec.rb | 21 ++- .../tripleo_profile_base_nova_compute_spec.rb | 14 +- .../tripleo_profile_base_nova_libvirt_spec.rb | 59 ++++++- .../tripleo_profile_base_swift_proxy_spec.rb | 4 +- spec/classes/tripleo_selinux_spec.rb | 2 +- spec/fixtures/hieradata/step4.yaml | 3 +- templates/logrotate/containers_logrotate.conf.erb | 14 ++ templates/ui/tripleo_ui_config.js.erb | 10 +- test-requirements.txt | 2 +- 67 files changed, 1888 insertions(+), 555 deletions(-) Requirements updates -------------------- diff --git a/test-requirements.txt b/test-requirements.txt index a23c7e7..629ab00 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -3 +3 @@ sphinx>=1.6.2 # BSD -openstackdocstheme>=1.11.0 # Apache-2.0 +openstackdocstheme>=1.16.0 # Apache-2.0