We are gleeful to announce the release of: tripleo-heat-templates 12.3.0: Heat templates for deploying OpenStack with OpenStack. This release is part of the ussuri stable release series. The source is available from: https://opendev.org/openstack/tripleo-heat-templates Download the package from: https://tarballs.openstack.org/tripleo-heat-templates/ Please report issues through: https://bugs.launchpad.net/tripleo/+bugs For more details, please see below. 12.3.0 ^^^^^^ New Features ************ * Adds support for IGMP snooping (Multicast) in the Neutron ML2/OVS driver. * Added enhancements to Octavia's OVN driver configuration, so it can connect to OVN_Northbound DB using SSL/TLS. * The new "EnableCache" parameter is added to enable/disable chacing using memcached services. The parameter is true by default, but should be false when memcached service is disabled in the deployment. * Add boolean parameter *NovaSchedulerEnableIsolatedAggregateFiltering* which allows to set *scheduler/enable_isolated_aggregate_filtering* parameter. This configures scheduler to restrict hosts in aggregates based on matching required traits in the aggregate metadata and the instance flavor/image. If an aggregate is configured with a property with key trait:$TRAIT_NAME and value required, the instance flavor extra_specs and/or image metadata must also contain trait:$TRAIT_NAME=required to be eligible to be scheduled to hosts in that aggregate. Default value for NovaSchedulerEnableIsolatedAggregateFiltering is False. * For baremetal operations on DHCPv6-stateful networks multiple IPv6 addresses can now be allocated for neutron ports created for provisioning, cleaning, rescue or inspection. The new parameter "IronicDhcpv6StatefulAddressCount" controls the number of addresses to allocate. * Add Heat parameter "EnableMysqlAuthEd25519", which when set to true, configures MySQL user credentials to require ed25519-based authentication to the mariadb server, instead of the default SHA1-based native authentication. * Adding two parameters to manage vPMEM [0] configuration parameters. *NovaPMEMMappings* parameter set Nova's configuration option *pmem_namespaces* that reflects mappings between vPMEM and physical PMEM namespaces. *NovaPMEMNamespaces* creates and manages physical backend PMEM namespaces which win be used as backend for vPMEM. *NovaPMEMMappings* example: 6GB:ns0|ns1|ns2,LARGE:ns3 will expose namespaces ns0, ns1, ns2 using label *6GB* and namespace ns3 using label *LARGE*. *NovaPMEMNamespaces* example: 100G:ns0|14096M:ns1 will create two namespaces: ns0 - size 100G, ns1 - size 14096M. * Added the parameter "PortPhysnetCidrMap" in the ironic inspector service template. The parameter takes a mapping of IP subnet CIDR to physical network. When the "physnet_cidr_map" processing hook is enabled the physical_network property of baremetal ports is populated based on this mapping. See Bug: 1870529 (https://launchpad.net/bugs/1870529). * Support for Dell EMC SC backend cinder driver. Supports both iSCSI and FC volume drivers and support deploying one or multiple cinder SC storage backends. * Support for Dell EMC Xtremio backend cinder driver. Supports both iSCSI and FC volume drivers and support deploying one or multiple cinder Xtremio storage backends. Upgrade Notes ************* * Exclude /var/lib/ironic/* from container-puppet.sh rsync, this is a leftover from the initial containerization of TripleO; now we have host prep tasks, the ironic conductor and inspector bind mount /var/lib/ironic and generate the data that they need. But this data should not be in the config volume or it can conflict from each other when rsync runs at the same time. Check launchpad bug 1868934 (https://bugs.launchpad.net/tripleo/+bug/1868934). TripleO upgrade tasks and host prep tasks will take care of removing the var directory from the config volumes and the containers will just use the bind mount, like it should be doing now. These tasks will run during a minor update, major upgrade, and fast forward upgrade. Deprecation Notes ***************** * Support for Dell EMC PS Series aka Eqlx was removed, because the driver was deprecated in Train release and has been removed from cinder. * Resource OS::TripleO::Services::CinderBackendDellSc is no longer supported. Use the new resource OS::TripleO::Services::CinderBackendDellEMCSc. * Support for Sahara services is now deprecated, and will be removd in a future release. * The following parameters has been deprecated and are no longer used: ´´CephIPv6``, "CorosyncIPv6", "RabbitIPv6", "MemcachedIPv6", "MysqlIPv6", "RedisIPv6" and "NeutronOverlayIPVersion". The IP version is now detected by looking at the CIDR of network subnets instead. * KeepalivedRestart is deprecated and has no effect. The workaround isn't needed anymore since we now deploy keepalived-2.0.10-4. This version has support for 'dynamic_interfaces' which is required when the network config was changed and os-net-config restarts the network interface. * Keepalived service is deprecated in Train and will be removed in the next cycle. The VIPs are now created by os-net-config for both the Undercloud and Standalone. If you need HA VIPs, please deploy Pacemaker. * Resource OS::TripleO::Services::CinderBackendDellEMCVMAXISCSI is no longer supported. Use the new resource OS::TripleO::Services::CinderBackendDellEMCPowermax. * Resource OS::TripleO::Services::CinderBackendDellEMCXTREMIOIscsi is no longer supported. Use the new resource OS::TripleO::Services::CinderBackendDellEMCXtremio. Other Notes *********** * Pacemaker is now deployed by default on the Overcloud and Standalone deployments. It has become the de-facto service to handle services in HA and also Virtual IPs. Changes in tripleo-heat-templates 12.2.0..12.3.0 ------------------------------------------------ d6b2cfce6 Remove deprecated UsePrivilegeSeparation option 4d70846a7 Revert "Add shared volume for side-car wrapper locks" 91f94980f Expose grafana, dashboard and mgr port parameters 2c85bde00 Add common_deploy_steps to post_upgrade_steps. 3cc2374a0 Simplify the puppet invocation a bit 42cfbbc8b Add cacert to clouds.yaml c071d14d3 Add retries to initial image fetch 1ebf115f8 Use /32 netmask for VIPs bd132e20d Add option to not install ipa client packages 3873d3607 Execute kvm-setup inside nova_libvirt container a03f33a7d Deprecate service ipv6 params 61f2bd017 Change Schedule to Scheduler for consistent naming 21d1f773c healthchecks: check if fact is defined before checking its value d96edb06a Trigger a job to run a standalone deploy with IPA on multinode a046de852 Make per_node.yaml py3 safe 0b1390544 Enable collectd-ceph plugin only where needed dac08c4f0 Fix typo in setting octavia wsgi server name 04c20f118 Neutron ML2/OVS: add support to enable of IGMP snooping b3127ac3f Add a 600s timeout when creating enable-ssh-admin workflow 84e016edb Fix vbmc_setup.yaml for c8 standalone c712355e4 Deprecate Keepalived service 7170a5d52 Make /var/lib/mistral traversable by all users 9405639e5 Skip operating system upgrade tasks via UpgradeLeappEnabled param. e0a634bf5 Fix IHA with ansible 2.9 9001136dd Add parameters for vPMEM features 593d3c8ce Make sure IdMServer is optional 67bcc3fc9 Add ci environment file for standalone IPA parameters 6a504c03f Add EnableCache option to enable/disable usage of memcache 1472d971a Add support for lunasa hsm in barbican b8b4e5fd1 Set cache parameter for openidc in tht 1cb82e26f Use memcache for keystone caching ddd2385e0 Support for SC Cinder Backend c53e9568e Support for Xtremio Cinder Backend 62e529ce3 Revert systemd sidecars 7b258ee0b Fixing powermax config errors 2fc1290c1 Fix cinder and etcd running with internal TLS enabled 9566df9f5 Add an option to disable the DNS record modification in FreeIPA d3a5decd5 Changes in env files due to new SRIOV roles e38287c9d Update container certificate 79e7950a4 Allow supplying command options to leapp 1517df0fc Add shared volume for side-car wrapper locks a73c2281e Use python3 in tools scripts 4ba1c013a Re-validate healthcheck work on nova/keystone containers 122eccbe2 Default to stack name inventory group for deployment_target_hosts param ab02fbe75 Fix validation script e92958932 Replace outdated cinder parameters in Manila 9511dd969 Add missing region_name parameter in Manila ddcd9257c Remove deprecated designate::worker::worker_notify 1816a5cc5 Remove deprecated nova::metadata::enable_proxy_headers_parsing d1bf6c6f2 Move /etc/ssh/ssh_known_hosts bind mount where it's needed 21773792c Deprecating Old Dell SC Iscsi Volume Config b93a16fb6 Deprecating Old Dell EMC Xtremio Iscsi Volume Config 4407c54f6 Add ansible hieradata file 2c2f8c4c7 Ironic inspector port_physnet_cidr_map support 77480a3ca scenario010 - show logs when no_log is specificied in ci 022c8f842 Fix missing OctaviaClientCert* parameters 07106c501 Split out selinux management 7c423296a Enable HA in minor updates job (scenario000) 690124682 Ensure <service>_restart_bundle do not run concurrently d9152a601 [cinder-lvm] Resolve issue when there are multiple loop devices a126db00b Revert "Disable Redis in environments/docker-ha.yaml" cce1f7111 Remove tenant_name parameter from neutron::server::notifications 324fcc36b Check for InternalApi in role for HostnameResolveNetwork d78ce138f Remove healthcheck from ceilometer_gnocchi_upgrade container 2d2cd02c0 Make neutron ml2/ansible's base plugin variable f8eb0a8fa Exclude /etc/puppet from config generation c53f747b1 Set Neutron's l3_ha flag to True in standalone ML2/OVS job 67729aa0a Add hook to run RHOSP policies enforcement. 219e6142d Use puppet parameter to set swift_catalog_info in cinder e0bf4579e Change Collectd ports type to numbers. e6e535524 Fix NovaCrossAzAttach hiera key 580aca40e Improve the cinder LVM loopback device setup f5bcd0acf Add NovaCrossAZAttach parameter 5eeadb211 Enable sensitive logs for OVB HA 4d8eb3511 Drop bootstrap_host_exec from pacemaker_restart_bundle cabed543f Introduce new HideSensitiveLogs parameter 94bc02339 Add mode option when creating persistent directories. dace9fba0 Remove usage of deprecated aodh::auth::auth_tenant_name 7526f4291 Set region_name and domain_name for neutron::server::notifications 4130d9fee Set region_name for service authentication in ironic 61201d1a7 Cleanup remaining iteams for removed Tacker service b2b2208ad Remove useless nova::ironic::common::api_endpoint b37bed6c1 deploy-steps-tasks-step-1: update startup-configs with latest hashes c614d19bb Disable Redis in environments/docker-ha.yaml 0c88c8898 Use exec for ovn metadata agent 436ebad75 Add IronicDhcpv6StatefulAddressCount parameter 502947b4b Remove hardcoded reference to cinder LVM loopback device 6464efdc4 Migrate inflight validations to native podman healthchecks 6ca476842 Add support for resource provider bandwidth in Neutron config f85caaf41 Rename loopback creates file cec4048d1 Remove all hieradata overriding for undercloud memcache 8e67b55d2 Remove the usage of cinder::ceilometer f1d9b15c8 Deprecate Sahara support 7e661362d Fix indentation 2890064fd Remove remaining hieradata for OpenDaylight e32a8261c Disable Redis by default again ce44fd8a4 Unset cinder::api::os_region_name fffdcf0f3 Use absolute name to include puppet classes b009c9c23 Rename ApacheMaxMaxClients property to ApacheMaxRequestWorkers 411af9123 Add new parameter NovaSchedulerEnableIsolatedAggregateFiltering b0e700819 standalone/overcloud: enable the HA deployment by default 35ca5b438 nova-compute: disable scale_tasks when docker is used 71e9b806b Use kolla tools for memcached configuration d8a649569 Add Octavia OVN Provider configuration 6220fe1bd Move the haproxy iptables rules creation to host_prep_tasks d073adf63 Cleanup remaining items for Trove 3bb9cb3a6 Added scale_tasks to handle cleanup on scale down of nodes 6c234a73b Support for PowerMax Cinder Backend f3d4eaef2 Deprecate KeepalivedRestart 58790161d Add missing region_name for ironic access from nova a22c04c57 Skip both tenant and management networks when generating certs ccacc6ce3 Support for mariadb's ed25519 authentication a07e278e5 Add placement to testing matric c9945c799 Remove hieradata for TripleO UI e806c0285 Add tripleo_delegate_to var for ceph health validation b4ff60f0a Exclude /var/lib/ironic/* from container-puppet.sh rsync fff8cf73c Properly place undercloud hosts record upgrade task 1de0294ba Remove deprecated puppet-keystone modules related to admin auth 378447e3e Remove deprecated keystone::admin_port 7342b6a62 Remove duplicated keystone::roles::admin::password b0ec5296c Enable caching in heat 336e9d39a Remove Dell EMC PS Series Driver support 0a8c5697d Move ceph-rgw and config overrides variables 679ecaada Set dns_name propery on ports and networks 713f20344 Remove duplicate key 60b2d3ef3 Add missing memcached_servers for undercloud placement a8f18cbbb Deprecating VMax Volume Config ec9b2753e Add parameter to manage horizon's keystone_domain_choices 815665849 Create octavia project/user based on given values 0d9cc4ca8 [OVN] SRIOV with native OVN DHCP server Diffstat (except docs and test files) ------------------------------------- README.rst | 4 +- ci/common/vbmc_setup.yaml | 23 +-- ci/environments/multinode-containers.yaml | 6 +- .../network-isolation-absolute.yaml | 4 - .../multiple-nics-ipv6/network-isolation.yaml | 4 - ci/environments/ovb-ha.yaml | 1 + .../scenario000-multinode-containers.yaml | 7 +- ci/environments/scenario000-standalone.yaml | 1 - .../scenario001-multinode-containers.yaml | 2 - ci/environments/scenario001-standalone.yaml | 12 +- ci/environments/scenario002-standalone.yaml | 8 +- ci/environments/scenario003-standalone.yaml | 6 +- ci/environments/scenario004-standalone.yaml | 5 +- .../scenario007-multinode-containers.yaml | 1 - ci/environments/scenario007-standalone.yaml | 1 + .../scenario010-multinode-containers.yaml | 6 +- ci/environments/scenario010-standalone.yaml | 4 +- ci/environments/standalone-ipa.yaml | 23 +++ common/container-puppet.py | 2 +- common/container-puppet.sh | 4 +- common/deploy-steps-tasks-step-1.yaml | 6 + common/deploy-steps.j2 | 38 ++++- common/hiera-steps-tasks.yaml | 4 + .../pacemaker_restart_bundle.sh | 11 +- deployed-server/ctlplane-port.yaml | 3 + deployed-server/deployed-neutron-port.yaml | 3 + deployed-server/scripts/enable-ssh-admin.sh | 30 +++- deployment/aodh/aodh-api-container-puppet.yaml | 1 + deployment/aodh/aodh-base.yaml | 2 +- .../aodh/aodh-evaluator-container-puppet.yaml | 1 + .../aodh/aodh-listener-container-puppet.yaml | 1 + .../aodh/aodh-notifier-container-puppet.yaml | 1 + deployment/apache/apache-baremetal-puppet.j2.yaml | 10 +- deployment/auditd/auditd-baremetal-puppet.yaml | 2 +- .../barbican/barbican-api-container-puppet.yaml | 63 ++++++- .../liquidio-compute-config-container-puppet.yaml | 2 +- .../ceilometer-agent-central-container-puppet.yaml | 5 +- .../ceilometer-agent-compute-container-puppet.yaml | 3 +- .../ceilometer-agent-ipmi-container-puppet.yaml | 3 +- ...ometer-agent-notification-container-puppet.yaml | 10 +- deployment/ceph-ansible/ceph-base.yaml | 52 ++---- deployment/ceph-ansible/ceph-grafana.yaml | 8 +- deployment/ceph-ansible/ceph-mgr.yaml | 8 +- deployment/ceph-ansible/ceph-mon.yaml | 5 + deployment/ceph-ansible/ceph-nfs.yaml | 2 +- deployment/ceph-ansible/ceph-osd.yaml | 5 + deployment/ceph-ansible/ceph-rgw.yaml | 23 +++ deployment/certs/ca-certs-baremetal-puppet.yaml | 2 +- .../certs/certmonger-user-baremetal-puppet.yaml | 2 +- deployment/cinder/cinder-api-container-puppet.yaml | 27 ++- .../cinder-backend-dellemc-powermax-puppet.yaml | 110 ++++++++++++ .../cinder/cinder-backend-dellemc-sc-puppet.yaml | 149 +++++++++++++++++ .../cinder-backend-dellemc-vmax-iscsi-puppet.yaml | 14 +- ...inder-backend-dellemc-xtremio-iscsi-puppet.yaml | 19 ++- .../cinder-backend-dellemc-xtremio-puppet.yaml | 118 +++++++++++++ .../cinder/cinder-backend-dellps-puppet.yaml | 111 ------------- .../cinder/cinder-backend-dellsc-puppet.yaml | 27 ++- .../cinder/cinder-backup-container-puppet.yaml | 3 +- .../cinder/cinder-backup-pacemaker-puppet.yaml | 22 ++- .../cinder/cinder-common-container-puppet.yaml | 94 ++++++++--- .../cinder/cinder-scheduler-container-puppet.yaml | 10 +- .../cinder/cinder-volume-container-puppet.yaml | 43 ++++- .../cinder/cinder-volume-pacemaker-puppet.yaml | 26 ++- ...ntainer-image-prepare-baremetal-ansible.j2.yaml | 9 - deployment/containers-common.yaml | 5 +- deployment/database/mysql-base.yaml | 23 ++- deployment/database/mysql-client.yaml | 2 +- deployment/database/mysql-container-puppet.yaml | 3 +- deployment/database/mysql-pacemaker-puppet.yaml | 43 ++++- deployment/database/redis-base-puppet.yaml | 21 ++- deployment/database/redis-container-puppet.yaml | 4 +- deployment/database/redis-pacemaker-puppet.yaml | 43 ++++- .../docker/docker-baremetal-ansible.yaml | 2 + .../keepalived/keepalived-container-puppet.yaml | 36 ++-- .../neutron/neutron-sriov-host-config.yaml | 2 +- .../sahara/sahara-api-container-puppet.yaml | 7 +- .../{ => deprecated}/sahara/sahara-base.yaml | 0 .../sahara/sahara-engine-container-puppet.yaml | 7 +- .../tripleo-firewall-baremetal-puppet.yaml | 2 +- deployment/etcd/etcd-container-puppet.yaml | 69 ++++++-- .../designate/designate-api-container-puppet.yaml | 1 + .../designate-central-container-puppet.yaml | 1 + .../designate/designate-mdns-container-puppet.yaml | 1 + .../designate-producer-container-puppet.yaml | 1 + .../designate/designate-sink-container-puppet.yaml | 1 + .../designate-worker-container-puppet.yaml | 4 +- deployment/glance/glance-api-container-puppet.yaml | 4 +- .../gnocchi/gnocchi-api-container-puppet.yaml | 3 +- .../gnocchi/gnocchi-metricd-container-puppet.yaml | 3 +- .../gnocchi/gnocchi-statsd-container-puppet.yaml | 3 +- deployment/haproxy/haproxy-container-puppet.yaml | 5 +- .../haproxy/haproxy-edge-container-puppet.yaml | 4 - deployment/haproxy/haproxy-pacemaker-puppet.yaml | 57 ++++--- deployment/haproxy/haproxy-public-tls-inject.yaml | 45 +---- deployment/heat/heat-api-cfn-container-puppet.yaml | 2 +- deployment/heat/heat-api-container-puppet.yaml | 2 +- deployment/heat/heat-base-puppet.yaml | 12 ++ deployment/heat/heat-engine-container-puppet.yaml | 2 +- deployment/horizon/horizon-container-puppet.yaml | 34 +++- deployment/ipa/ipaservices-baremetal-ansible.yaml | 97 +++++++---- deployment/ipsec/ipsec-baremetal-ansible.yaml | 4 +- deployment/ironic/ironic-api-container-puppet.yaml | 3 +- deployment/ironic/ironic-base-puppet.yaml | 2 +- .../ironic/ironic-conductor-container-puppet.yaml | 38 ++++- .../ironic/ironic-inspector-container-puppet.yaml | 32 +++- deployment/ironic/ironic-pxe-container-puppet.yaml | 1 + deployment/iscsid/iscsid-container-puppet.yaml | 2 +- deployment/keystone/keystone-container-puppet.yaml | 139 ++++++++++------ deployment/logging/files/barbican-api.yaml | 1 + deployment/logging/files/glance-api.yaml | 1 + deployment/logging/files/heat-api-cfn.yaml | 1 + deployment/logging/files/heat-api.yaml | 1 + deployment/logging/files/heat-engine.yaml | 1 + deployment/logging/files/keystone.yaml | 1 + deployment/logging/files/neutron-api.yaml | 1 + deployment/logging/files/neutron-common.yaml | 1 + deployment/logging/files/nova-api.yaml | 1 + deployment/logging/files/nova-common.yaml | 1 + deployment/logging/files/nova-libvirt.yaml | 1 + deployment/logging/files/nova-metadata.yaml | 1 + deployment/logging/files/placement-api.yaml | 1 + deployment/logging/rsyslog-container-puppet.yaml | 2 +- .../logging/rsyslog-sidecar-container-puppet.yaml | 2 +- .../logrotate-crond-container-puppet.yaml | 2 +- deployment/manila/manila-api-container-puppet.yaml | 3 +- .../manila/manila-scheduler-container-puppet.yaml | 3 +- .../manila/manila-share-container-puppet.yaml | 23 ++- .../manila/manila-share-pacemaker-puppet.yaml | 10 +- .../memcached/memcached-container-puppet.yaml | 32 +++- .../messaging/rpc-qdrouterd-container-puppet.yaml | 3 +- deployment/metrics/collectd-container-puppet.yaml | 14 +- deployment/metrics/qdr-container-puppet.yaml | 10 +- .../mistral/mistral-api-container-puppet.yaml | 3 +- .../mistral/mistral-engine-container-puppet.yaml | 3 +- .../mistral-event-engine-container-puppet.yaml | 3 +- .../mistral/mistral-executor-container-puppet.yaml | 5 +- deployment/neutron/kill-script | 71 ++++++++ .../neutron/neutron-api-container-puppet.yaml | 4 +- .../neutron-bgpvpn-api-container-puppet.yaml | 2 +- .../neutron-bgpvpn-bagpipe-baremetal-puppet.yaml | 2 +- .../neutron-bigswitch-agent-baremetal-puppet.yaml | 2 +- .../neutron/neutron-compute-plugin-nuage.yaml | 2 +- .../neutron/neutron-controller-plugin-nuage.yaml | 2 +- .../neutron/neutron-dhcp-container-puppet.yaml | 82 +++++---- .../neutron/neutron-l3-container-puppet.yaml | 110 ++++++++---- ...neutron-linuxbridge-agent-baremetal-puppet.yaml | 2 +- .../neutron-mlnx-agent-container-puppet.yaml | 2 +- .../neutron-ovs-agent-container-puppet.yaml | 19 ++- ...eutron-plugin-ml2-ansible-container-puppet.yaml | 4 +- ...tron-plugin-ml2-cisco-vts-container-puppet.yaml | 2 +- .../neutron/neutron-plugin-ml2-fujitsu-cfab.yaml | 2 +- .../neutron/neutron-plugin-ml2-fujitsu-fossw.yaml | 2 +- ...lugin-ml2-mlnx-sdn-assist-container-puppet.yaml | 2 +- deployment/neutron/neutron-plugin-ml2-ovn.yaml | 2 +- deployment/neutron/neutron-plugin-ml2.yaml | 32 +++- .../neutron/neutron-sfc-api-container-puppet.yaml | 2 +- .../neutron-sriov-agent-container-puppet.yaml | 15 +- .../neutron-vpp-agent-baremetal-puppet.yaml | 2 +- deployment/nova/nova-api-container-puppet.yaml | 44 ++--- deployment/nova/nova-base-puppet.yaml | 17 ++ deployment/nova/nova-compute-container-puppet.yaml | 73 +++++--- .../nova/nova-conductor-container-puppet.yaml | 30 ++-- deployment/nova/nova-ironic-container-puppet.yaml | 7 +- deployment/nova/nova-libvirt-container-puppet.yaml | 54 +++--- .../nova/nova-libvirt-guests-container-puppet.yaml | 2 +- .../nova/nova-metadata-container-puppet.yaml | 31 ++-- .../nova-migration-target-container-puppet.yaml | 30 ++-- .../nova/nova-scheduler-container-puppet.yaml | 47 +++--- .../nova/nova-vnc-proxy-container-puppet.yaml | 28 ++-- deployment/nova/novajoin-container-puppet.yaml | 5 +- .../octavia/octavia-api-container-puppet.yaml | 67 +++++--- deployment/octavia/octavia-base.yaml | 17 ++ .../octavia/octavia-deployment-config.j2.yaml | 2 +- .../octavia-health-manager-container-puppet.yaml | 1 + .../octavia-housekeeping-container-puppet.yaml | 1 + .../octavia/octavia-worker-container-puppet.yaml | 1 + .../octavia/providers/ovn-provider-config.yaml | 134 +++++++++++++++ .../ovn/ovn-controller-container-puppet.yaml | 3 +- deployment/ovn/ovn-dbs-container-puppet.yaml | 3 +- deployment/ovn/ovn-dbs-pacemaker-puppet.yaml | 26 ++- deployment/ovn/ovn-metadata-container-puppet.yaml | 70 +++++--- .../pacemaker/clustercheck-container-puppet.yaml | 2 +- .../compute-instanceha-baremetal-puppet.yaml | 2 +- deployment/pacemaker/ovn-dbs-baremetal-puppet.yaml | 2 +- .../pacemaker/pacemaker-baremetal-puppet.yaml | 34 ++-- .../pacemaker-remote-baremetal-puppet.yaml | 2 +- deployment/podman/podman-baremetal-ansible.yaml | 9 + deployment/qdr/qdrouterd-container-puppet.yaml | 3 +- deployment/rabbitmq/rabbitmq-container-puppet.yaml | 21 ++- ...rabbitmq-messaging-notify-container-puppet.yaml | 5 +- ...rabbitmq-messaging-notify-pacemaker-puppet.yaml | 25 ++- .../rabbitmq-messaging-pacemaker-puppet.yaml | 25 ++- .../rabbitmq-messaging-rpc-container-puppet.yaml | 5 +- .../rabbitmq-messaging-rpc-pacemaker-puppet.yaml | 25 ++- deployment/snmp/snmp-baremetal-puppet.yaml | 2 +- deployment/sshd/sshd-baremetal-puppet.yaml | 3 +- .../swift/swift-dispersion-baremetal-puppet.yaml | 2 +- deployment/swift/swift-proxy-container-puppet.yaml | 3 +- .../swift/swift-ringbuilder-container-puppet.yaml | 2 +- .../swift/swift-storage-container-puppet.yaml | 3 +- .../tripleo-packages-baremetal-puppet.yaml | 29 +++- .../undercloud/tempest-container-puppet.yaml | 1 + deployment/undercloud/undercloud-upgrade.yaml | 15 ++ deployment/vpp/vpp-baremetal-puppet.yaml | 2 +- deployment/zaqar/zaqar-container-puppet.yaml | 3 +- environments/barbican-backend-pkcs11-lunasa.yaml | 41 +++++ environments/cinder-dellemc-powermax-config.yaml | 29 ++++ environments/cinder-dellemc-sc-config.yaml | 39 +++++ environments/cinder-dellemc-vmax-iscsi-config.yaml | 3 + environments/cinder-dellemc-xtremio-config.yaml | 28 ++++ .../cinder-dellemc-xtremio-iscsi-config.yaml | 3 + environments/cinder-dellps-config.yaml | 32 ---- environments/cinder-dellsc-config.yaml | 4 + environments/dcn-hci.yaml | 4 + environments/dcn.yaml | 4 + environments/docker-ha.yaml | 3 - environments/network-environment-v6-all.j2.yaml | 2 - environments/network-isolation-v6-all.j2.yaml | 16 -- environments/network-isolation-v6.j2.yaml | 12 -- environments/nonha-arch.yaml | 1 - .../services-baremetal/neutron-ovn-dvr-ha.yaml | 2 + .../services-baremetal/neutron-ovn-ha.yaml | 4 + environments/services/neutron-ovn-dvr-ha.yaml | 2 + environments/services/neutron-ovn-ha.yaml | 4 + environments/services/neutron-ovn-sriov.yaml | 1 - environments/services/neutron-ovn-standalone.yaml | 2 + environments/services/sahara.yaml | 4 +- environments/services/undercloud-keepalived.yaml | 4 +- environments/standalone/standalone-tripleo.yaml | 4 +- environments/undercloud.yaml | 26 +-- environments/undercloud/undercloud-minion.yaml | 1 - .../post_deploy/undercloud_ctlplane_network.py | 9 +- extraconfig/post_deploy/undercloud_post.yaml | 7 + lower-constraints.txt | 1 - net-config-standalone.j2.yaml | 26 ++- net-config-undercloud.j2.yaml | 26 ++- network/network.j2 | 53 ++++-- network/networks.j2.yaml | 6 + network/ports/ctlplane_vip.yaml | 5 + network/ports/from_service.yaml | 4 + network/ports/from_service_v6.yaml | 4 + network/ports/noop.yaml | 4 + network/ports/port.j2 | 5 + network/ports/port_from_pool.j2 | 4 + network/ports/vip.yaml | 4 + network/ports/vip_v6.yaml | 4 + network/service_net_map.j2.yaml | 4 + overcloud-resource-registry-puppet.j2.yaml | 24 +-- overcloud.j2.yaml | 52 ++++-- puppet/extraconfig/pre_deploy/per_node.yaml | 4 +- puppet/role.role.j2.yaml | 1 + .../IGMP-snooping-for-ml2ovs-d794ed4eab7c098c.yaml | 3 + .../add-octavia-provider-ovn-e3780665300e7c58.yaml | 5 + .../cinder-remove-dell-ps-fce96d05f529d0da.yaml | 5 + ...llsc-deprecate-old-driver-f428e372280c44e6.yaml | 5 + .../notes/deprecate-sahara-8f0bc905e3d21af2.yaml | 5 + ...recate-sevice-ipv6-params-e301590647a0c8f5.yaml | 7 + .../notes/enable-cache-293c39b3b6f55c80.yaml | 6 + ...lated_aggregate_filtering-2aec5a693bf79852.yaml | 12 ++ ...v6-stateful-address-count-ca568a32f07aec53.yaml | 7 + ...ronic_cleanup_config_data-1d4ae909c0869a90.yaml | 15 ++ .../keepalived_depcrecated-12ac4e1d59d29e1d.yaml | 8 + .../keepalived_deprecated-e0b20da2d51714b7.yaml | 6 + .../notes/mysql-auth-ed25519-28aaea4e69fbfdf7.yaml | 7 + .../notes/new-pmem-params-18fb9c25808a7fe6.yaml | 14 ++ ...gate_required_for_tenants-6c7d90fd01bcc88d.yaml | 4 +- .../pacemaker-by-default-c5d28ee8dc897c62.yaml | 6 + .../port-physnet-cidr-map-7032fec5a1905314.yaml | 8 + .../notes/powermax-driver-d428e372280c44e6.yaml | 6 + releasenotes/notes/sc-driver-a428e372280c44e6.yaml | 6 + .../vmx-deprecate-driver-e428e372280c44e6.yaml | 5 + ...emio-deprecate-old-config-d428e372280c44e6.yaml | 5 + .../notes/xtremio-driver-a428f372280c44e6.yaml | 7 + roles/CellController.yaml | 1 - roles/Controller.yaml | 5 +- roles/ControllerAllNovaStandalone.yaml | 1 - roles/ControllerNoCeph.yaml | 5 +- roles/ControllerNovaStandalone.yaml | 5 +- roles/ControllerOpenstack.yaml | 1 - roles/ControllerSriov.yaml | 184 +++++++++++++++++++++ roles/ControllerStorageDashboard.yaml | 5 +- roles/ControllerStorageNfs.yaml | 5 +- roles/NetworkerSriov.yaml | 56 +++++++ roles/Standalone.yaml | 5 +- roles/Undercloud.yaml | 1 - roles_data.yaml | 5 +- roles_data_undercloud.yaml | 1 - sample-env-generator/dcn.yaml | 4 + sample-env-generator/standalone.yaml | 6 +- sample-env-generator/undercloud-minion.yaml | 4 - tools/make_ceph_disk_list.py | 2 +- tools/process-templates.py | 2 +- tools/render-ansible-tasks.py | 2 +- tools/roles-data-generate.py | 2 +- tools/yaml-diff.py | 2 +- tools/yaml-nic-config-2-script.py | 2 +- tools/yaml-validate.py | 7 +- validation-scripts/all-nodes.sh | 2 +- zuul.d/layout.yaml | 8 +- 301 files changed, 3274 insertions(+), 1132 deletions(-)