[release-announce] puppet-tripleo 11.3.0 (train)

no-reply at openstack.org no-reply at openstack.org
Mon Oct 21 14:42:00 UTC 2019

We enthusiastically announce the release of:

puppet-tripleo 11.3.0: Puppet module for OpenStack TripleO

This release is part of the train stable release series.

The source is available from:


Download the package from:


Please report issues through:


For more details, please see below.


New Features

* The "ipversion" parameter was added to tripleo::firewall:rule.
  Allowing the user to provide the IP version ("ipv4" or "ipv6") for
  firewall rules. With the default ("undef") the rule will be created
  in both *iptables* and *ip6tables*. Bug: 1845153

* This patch introduces parameters which support SSL to connect to
  OVN_Northbound DB and OVN_Southbound DB. This can be set by: *
  'ovn_nb_private_key': The PEM file with private key for SSL
  connection to OVN-NB-DB * 'ovn_nb_certificate': The PEM file with
  certificate that certifies the private key specified in
  ovn_nb_private_key * 'ovn_nb_ca_cert': The PEM file with CA
  certificate that OVN should use to verify certificates presented to
  it by SSL peers * 'ovn_sb_private_key': The PEM file with private
  key for SSL connection to OVN-SB-DB, * 'ovn_sb_certificate': The PEM
  file with certificate that certifies the private key specified in
  ovn_sb_private_key' * 'ovn_sb_ca_cert': The PEM file with CA
  certificate that OVN should use to verify certificates presented to
  it by SSL peers * 'protocol': Protocol use in communication with dbs

Changes in puppet-tripleo 11.2.0..11.3.0

c97dbd19 Prepare RC + stable/train
63dd90aa Revert "Add support to configure token caching in keystone"
7e78ebdc Deep merge hiera keys for mysqld_options
f8d9dfb4 pacemaker: add support for Hash vs List in container environment
066a360e Allow the IHA OCF and fencing resource to be moved to the nova service user
2c241e39 Workaround for /etc/pki/CA/certs/vnc.crt not present
2f69faf6 Fix missing PXE directories for Conductor
8753a47f remove tripleo-ci-centos-7-scenario010-multinode-oooq-container
4cb50d58 Configuration changes to support Qdr-mesh topology.
72487d80 Add a configurable delay to Nova Evacuate calls
dfe3c077 Be able to set pcs resource op defaults
7264c75c Add 'ipversion' to firewall/rule.pp
ad7d818e Use correct paths to configure ovn dbs certs
0976e4ee Update log-driver value for podman
877e92da Add unit tests for manila manifests
781165b8 Use memcached for token caching in manila authtoken
469d4321 Add support to configure token caching in keystone
e78c4f30 Add collectd-sensubility configuration
6b05849a Add support for separate VIP in ovn_dbs
f907b0ec Disable keystone token_flush by default
44f42324 Correct wrong name in certmonger_certificate for ovn_controller
6080f929 Add basic unit tests for tripleo::profile::base::keystone
4fa490f0 Remove Tacker service
99080946 Fix wrong comment about heat_enable_db_purge
a22d1b58 Correct ovn_controller_certificate_specs hiera variable name
b09d1cb1 Support deploying multiple Cinder Pure Storage backends
35964d29 Enable deep_compare for fencing resource
a77d6324 Support networking-ansible-ml2 coordination
f2a38f6a Improve unit test coverage for neutron manifests
f5bbc3ff Support connecting OVN DB over SSL
44cedb08 Imporve unit test coverage for cinder manifects
fb602da5 Add missing response to Redis tcp-check in HAProxy
652a7801 Use memcached for token caching in barbican authtoken
ce42b4b0 Use memcached for token caching in authtoken for telemetry services
40e01f28 Add unit tests for tripleo::profile::base::glance::api
1b1de7c9 Use memcached for token caching in octavia authtoken

Diffstat (except docs and test files)

manifests/certmonger/libvirt_vnc.pp                |  15 +-
manifests/certmonger/neutron_ovn.pp                |  70 +++++++
manifests/certmonger/ovn_controller.pp             |  70 +++++++
manifests/certmonger/ovn_dbs.pp                    |  69 +++++++
manifests/certmonger/ovn_metadata.pp               |  70 +++++++
manifests/fencing.pp                               |  24 ++-
manifests/firewall/rule.pp                         |  57 ++++--
manifests/haproxy.pp                               |  28 +--
manifests/profile/base/aodh/api.pp                 |   1 +
manifests/profile/base/aodh/authtoken.pp           |  44 +++++
manifests/profile/base/barbican/api.pp             |   1 +
manifests/profile/base/barbican/authtoken.pp       |  44 +++++
manifests/profile/base/certmonger_user.pp          |  82 +++++---
manifests/profile/base/cinder/volume/pure.pp       |  64 +++---
manifests/profile/base/database/mysql.pp           |   3 -
manifests/profile/base/gnocchi/api.pp              |   1 +
manifests/profile/base/gnocchi/authtoken.pp        |  44 +++++
manifests/profile/base/heat.pp                     |   4 +-
manifests/profile/base/ironic/conductor.pp         |  20 +-
manifests/profile/base/keystone.pp                 |   7 +-
manifests/profile/base/manila/api.pp               |   1 +
manifests/profile/base/manila/authtoken.pp         |  44 +++++
manifests/profile/base/metrics/collectd.pp         |  11 +-
.../profile/base/metrics/collectd/sensubility.pp   | 147 ++++++++++++++
manifests/profile/base/metrics/qdr.pp              | 141 +++++++++----
manifests/profile/base/neutron/agents/ovn.pp       |   7 +-
manifests/profile/base/neutron/ovn_metadata.pp     |  33 +++-
.../base/neutron/plugins/ml2/networking_ansible.pp |  27 ++-
manifests/profile/base/neutron/plugins/ml2/ovn.pp  |  57 +++++-
manifests/profile/base/octavia/api.pp              |   1 +
manifests/profile/base/octavia/authtoken.pp        |  44 +++++
manifests/profile/base/pacemaker.pp                |  12 ++
manifests/profile/base/pacemaker/instance_ha.pp    |  32 ++-
manifests/profile/base/panko/api.pp                |   1 +
manifests/profile/base/panko/authtoken.pp          |  44 +++++
manifests/profile/base/tacker.pp                   |  88 ---------
.../profile/pacemaker/cinder/backup_bundle.pp      |  15 +-
.../profile/pacemaker/cinder/volume_bundle.pp      |  15 +-
.../profile/pacemaker/database/mysql_bundle.pp     |   2 +-
manifests/profile/pacemaker/manila/share_bundle.pp |  14 +-
manifests/profile/pacemaker/ovn_dbs_bundle.pp      | 188 ++++++++++++++----
metadata.json                                      |   2 +-
...l-rules-support-ipversion-c9e2adeca34b2fd0.yaml |   9 +
releasenotes/notes/ovn-ssl-298db2d617d7cc5e.yaml   |  16 ++
spec/classes/tripleo_certmonger_ovn_dbs.rb         |  60 ++++++
spec/classes/tripleo_firewall_spec.rb              |  69 ++++---
spec/classes/tripleo_profile_base_aodh_api_spec.rb |   5 +
.../tripleo_profile_base_aodh_authtoken_spec.rb    |  70 +++++++
.../tripleo_profile_base_barbican_api_spec.rb      |   4 +
...tripleo_profile_base_barbican_authtoken_spec.rb |  70 +++++++
.../tripleo_profile_base_cinder_api_spec.rb        |  18 ++
spec/classes/tripleo_profile_base_cinder_spec.rb   |  58 ++++--
...tripleo_profile_base_cinder_volume_pure_spec.rb |  16 ++
.../tripleo_profile_base_cinder_volume_spec.rb     |   9 +
.../tripleo_profile_base_glance_api_spec.rb        | 123 ++++++++++++
.../tripleo_profile_base_gnocchi_api_spec.rb       |   5 +
.../tripleo_profile_base_gnocchi_authtoken_spec.rb |  70 +++++++
spec/classes/tripleo_profile_base_keystone_spec.rb | 191 ++++++++++++++++++
.../tripleo_profile_base_manila_api_spec.rb        | 144 ++++++++++++++
.../tripleo_profile_base_manila_authtoken_spec.rb  |  70 +++++++
.../tripleo_profile_base_manila_scheduler_spec.rb  |  76 +++++++
.../tripleo_profile_base_manila_share_spec.rb      |  78 ++++++++
spec/classes/tripleo_profile_base_manila_spec.rb   | 127 ++++++++++++
.../tripleo_profile_base_metrics_collectd_spec.rb  |  39 ++++
.../tripleo_profile_base_metrics_qdr_spec.rb       | 220 +++++++++++++++++++++
.../tripleo_profile_base_neutron_dhcp_spec.rb      |  15 +-
.../tripleo_profile_base_neutron_l3_spec.rb        |  15 +-
.../tripleo_profile_base_neutron_ovs_spec.rb       |  16 +-
.../tripleo_profile_base_neutron_server_spec.rb    | 187 ++++++++++++++++++
spec/classes/tripleo_profile_base_neutron_spec.rb  |  81 +++++---
.../tripleo_profile_base_octavia_api_spec.rb       |   3 -
.../tripleo_profile_base_octavia_authtoken_spec.rb |  70 +++++++
.../tripleo_profile_base_panko_authtoken_spec.rb   |  70 +++++++
spec/fixtures/hieradata/default.yaml               |  11 +-
spec/fixtures/hieradata/step3.yaml                 |   8 +
spec/fixtures/hieradata/step5.yaml                 |   3 +
templates/metrics/collectd-sensubility.conf.epp    |  67 +++++++
templates/neutron/dibbler-client.epp               |   2 +-
templates/neutron/dnsmasq.epp                      |   2 +-
templates/neutron/haproxy.epp                      |   2 +-
templates/neutron/keepalived.epp                   |   2 +-
templates/neutron/radvd.epp                        |   2 +-
zuul.d/layout.yaml                                 |   7 -
83 files changed, 3358 insertions(+), 396 deletions(-)

More information about the Release-announce mailing list