We are psyched to announce the release of: tripleo-heat-templates 8.3.0: Heat templates for deploying OpenStack with OpenStack. This release is part of the queens stable release series. The source is available from: http://git.openstack.org/cgit/openstack/tripleo-heat-templates Download the package from: https://tarballs.openstack.org/tripleo-heat-templates/ Please report issues through launchpad: https://bugs.launchpad.net/tripleo For more details, please see below. 8.3.0 ^^^^^ New Features ************ * Added support for containerized networking-ansible Ml2 plugin. * Added support for networking-ansible ML2 plugin. * Add *OctaviaEventStreamDriver* parameter to specify which driver to use for syncing Octavia and Neutron LBaaS databases. * Add new TunedCustomProfile parameter which may contain a string in INI format describing a custom tuned profile. Also provide a new environment file for users of hypercoverged Ceph deployments using the Ceph filestore storage backened. The tuned profile is based on heavy I/O load testing. The provided environment file creates /etc/tuned/ceph-filestore-osd-hci/tuned.conf and sets this tuned profile to be active. Not intended for use with Ceph bluestore. Known Issues ************ * Fix misnaming of service in firewall rule for Octavia Health Manager service. Upgrade Notes ************* * Deployers that used "resource_registry" override in their environment to add networks to roles without also using a custom roles data file must create a custom roles data file and add the additional network(s) and use this when upgrading. Previously it was possible to add additional networks to a role without using a custom role by overriding the resource registry, for example: OS::TripleO::Compute::Ports::ExternalPort: ../network/ports/external.yaml Warning: Since resources are no longer added to the plan unless the network is specified in the role, the "resource_registry" override alone is no longer sufficient. * The default Octavia event_streamer_driver has changed from *queue_event_streamer* to *noop_event_streamer*. See https://bugs.launchpad.net/tripleo/+bug/1787608 Critical Issues *************** * Networks not specified for roles in roles data ("roles_data.yaml") no longer have Heat resources created. It is now mandatory that custom roles are used when non-default networks is used for a role. Previously it was possible to add additional networks to a role without using a custom role by overriding the resource registry, for example: OS::TripleO::Compute::Ports::ExternalPort: ../network/ports/external.yaml Note: The "resource_registry" override was the only requirement prior to the introduction of *Composable Networks* in the Pike release.Since Pike a custom role would ideally be used when adding networks to roles, but documentation and other guides may not have been properly updated and only mention the "resource_registry" override. Bug Fixes ********* * Fixed an issue where if Octavia API or Glance API were deployed away from the controller node with internal TLS, the service principals wouldn't be created. * In other sections we already use the internal endpoints for authentication urls. With this change the auth_uri in the neutron section gets moved from KeystoneV3Admin to KeystoneV3Internal. * With tls-everywhere enabled connecting to keystone endpoint fails to retrieve the URL for the placement endpoint as the certificate can not be verified. While verification is disabled to check the placement endpoint later, it is not to communicate with keystone. This disables certificate verification for communication with keystone. * CephOSD/Compute nodes crash under memory pressure unless custom tuned profile is used (bug 1800232). Changes in tripleo-heat-templates 8.2.0..8.3.0 ---------------------------------------------- 6323aa3 Adding dependency for NetworkDeployment in 'server_resource_name'Deployment f32321d [Queens-Only] Remove Glance's nfs hardcoded version 851b1e9 Catch directories we can not change ownership 52be3ef Move UpgradeInitCommand and UpgradeInitCommonCommand to run by Ansible 4b52a67 Run nova_statedir_owner on every run 22f8389 In process-templates script write output files to provided dir when using base path 2e38cba [Queens only] Include new parameter RHELRegistrationUpgrade to rhel-registration. cb981c7 Set virt queue size as 1024 for all OVS-DPDK roles f7a00ac Ensure logs folder is created in prep hosts tasks. faa179f Add HorizonSecureCookies to environments/ssl/enable-tls.yaml 51fc8a6 Bind mount /var/lib/iscsi in containers using iSCSI bd2da9b Fix typo in octavia upgrade_tasks c2f9d77 Reno only - Check for available networks for a role c39b37f Update auth parameters a9d3373 puppet_config for rabbitmq_bundle needs file_line b6cfecb Ensure unique containers names in docker-puppet 86074ef Move [neutron] auth_url to KeystoneV3Internal 18084f3 Remove unused nova packages from host during upgrade and update 1baecc6 Revert "[Ocata/Pike/Queens] Make rhel-registration scripts location absolute." 56b1509 Add Storage network to IronicConductor role c61281b Update kolla_config to deal with keystone fernet key rotation cbbf43b Spliting compact services in multiples lines 0d696a2 Add config files/templates to integrate nsx plugin with container cd0b38e Upload amphora image in RAW format if RBD backend 6b65f0f Mount config-data/puppet-generated/nova for nova_api_ensure_default_cell 3f8ce6f Fix horizon's iptables rules for haproxy when split off a separate role 605d58b nova_compute fails to start in tls-everywhere configuration a68197b Fix misnaming of service in firewall rule c6f8bb1 Update tuned profile variable configuration file if it exists 8b2912d Add TunedCustomProfile parameter and HCI Ceph filestore environment 113fa47 Remove invalid comment in ips-from-pool-ctlplane d54a6f7 ceilometer: --skip-metering-database is gone 719d009 Check for available networks for a role 3498a24 Remove nic for storage_mgt network fde169a Move set of database_connection to OctaviaBase f88dfe5 Change step to start nova placement and make compute wait for it 621b9d9 Allow to run docker-puppet.py with SELinux enabled 73d6f99 Add networking-ansible ML2 plugin support 23ecac6 neutron-cleanup skips ports marked skip_cleanup=true e60a19a Fix Octavia hieradata keys 81144a7 Fix ServiceData in docker/services/aodh-api.yaml dd41a9f Add more NSX config parameters f9c02c6 Rename tripleo scenario00{6,9}-multinode-oooq (queens branch) 8f658fd Exposing NeutronDhcpOvsIntegrationBridge d56ac4e Sharing hypervisor /var/lib/ironic with ironic-conductor container 4669ae0 Add metadata_settings to Octavia and Glance APIs a81971e Add role definition for ComputeOvsDpdkSriov role 416ab20 Pass parameters for TLS proxy in front of Octavia-API 4acc955 Add reflection of RpcPort to health checks aa8e6c0 Add NeutronSriovHostConfig mapping to neutron-sriov.yaml file 023dc2e Add OctaviaEventStreamerDriver and change default Diffstat (except docs and test files) ------------------------------------- capabilities-map.yaml | 5 + .../network/multiple-nics/nic-configs/compute.yaml | 6 -- deployed-server/deployed-server.yaml | 21 ---- .../octavia/octavia-deployment-config.yaml | 5 + .../nova_wait_for_placement_service.py | 111 +++++++++++++++++++++ environments/ips-from-pool-ctlplane.yaml | 4 +- environments/lifecycle/upgrade-converge.yaml | 2 +- environments/lifecycle/upgrade-prepare.yaml | 2 +- environments/neutron-ml2-ansible.yaml | 8 ++ environments/neutron-nsx.yaml | 2 + environments/neutron-sriov.yaml | 1 + environments/nsx-config.yaml | 22 ++++ environments/services/neutron-ml2-ansible.yaml | 7 ++ environments/services/neutron-nsx-lbaasv2.yaml | 6 ++ environments/ssl/enable-tls.yaml | 4 + environments/tuned-ceph-filestore-hci.yaml | 13 +++ .../nova_metadata/krb-service-principals.j2.yaml | 4 +- .../rhel-registration/rhel-registration.yaml | 14 ++- extraconfig/pre_network/ansible_host_config.yaml | 6 +- overcloud-resource-registry-puppet.j2.yaml | 3 +- overcloud.j2.yaml | 12 ++- puppet/role.role.j2.yaml | 51 +++++----- puppet/services/glance-api.yaml | 2 + puppet/services/horizon.yaml | 2 +- puppet/services/manila-scheduler.yaml | 11 +- puppet/services/neutron-dhcp.yaml | 9 ++ puppet/services/neutron-plugin-ml2-ansible.yaml | 62 ++++++++++++ puppet/services/neutron-plugin-nsx.yaml | 36 +++++-- puppet/services/nova-base.yaml | 2 +- puppet/services/octavia-api.yaml | 68 +++++++++++-- puppet/services/octavia-base.yaml | 10 ++ puppet/services/octavia-controller.yaml | 88 ++++++++++++++++ puppet/services/octavia-health-manager.yaml | 22 +++- puppet/services/octavia-housekeeping.yaml | 13 ++- puppet/services/octavia-worker.yaml | 47 +++------ puppet/services/tripleo-packages.yaml | 44 ++++++-- puppet/services/tuned.yaml | 15 ++- ...a-and-glance-tls-internal-5d8e46650b174626.yaml | 6 ++ ...ing-ansible-containerized-de68f6c2fd6e05fc.yaml | 3 + ...-availble-network-in-role-7860d8d5cd1df4b0.yaml | 34 +++++++ ...lth-manager-firewall-rule-cdffe31d580ecf4b.yaml | 4 + .../ml2-networking-ansible-0330b1203f0fc75c.yaml | 3 + ..._url_to_internal_endpoint-aaf0e550750335eb.yaml | 7 ++ ...rvice_disable_cert_verify-45f532d7a924df86.yaml | 9 ++ ...t_streamer_driver-default-e5152c28713e7707.yaml | 8 ++ .../tuned_custom_profile-25d1f4a2bc217216.yaml | 15 +++ requirements.txt | 1 + roles/ComputeOvsDpdk.yaml | 2 + roles/ComputeOvsDpdkRT.yaml | 2 + roles/ComputeOvsDpdkSriov.yaml | 61 +++++++++++ roles/ComputeOvsDpdkSriovRT.yaml | 62 ++++++++++++ roles/IronicConductor.yaml | 1 + roles/Undercloud.yaml | 6 ++ roles_data_undercloud.yaml | 6 ++ sample-env-generator/ssl.yaml | 4 + tools/process-templates.py | 6 +- zuul.d/layout.yaml | 4 +- 150 files changed, 1689 insertions(+), 409 deletions(-) Requirements updates -------------------- diff --git a/requirements.txt b/requirements.txt index ff25bfe..aaa5d7f 100644 --- a/requirements.txt +++ b/requirements.txt @@ -7,0 +8 @@ tripleo-common>=7.1.0 # Apache-2.0 +paunch>=1.0.0 # Apache-2.0