[release-announce] tripleo-heat-templates 14.1.0 (wallaby)
no-reply at openstack.org
no-reply at openstack.org
Wed May 5 15:52:31 UTC 2021
We are chuffed to announce the release of:
tripleo-heat-templates 14.1.0: Heat templates for deploying OpenStack
with OpenStack.
This release is part of the wallaby stable release series.
The source is available from:
https://opendev.org/openstack/tripleo-heat-templates
Download the package from:
https://tarballs.openstack.org/tripleo-heat-templates/
Please report issues through:
https://bugs.launchpad.net/tripleo/+bugs
For more details, please see below.
14.1.0
^^^^^^
Prelude
*******
It's not necessary to install ceph-ansible nor prepare a Ceph
container when configuring external Ceph in Wallaby and newer.
External ceph configuration is done with TripleO (not cephadm nor
ceph-ansible) and should be executed using the related environment
file.
New Features
************
* Added TripleO support for the Unbound DNS resolver service.
* Adds a new "IronicInspectorStorageBackend" parameter that can be
used to set the storage backend for introspection data.
* New environments are added at environments/disable-heat.yaml and
environments/disable-neutron.yaml which can be used to disable those
services.
* The new parameter GlanceCinderMountPointBase has been added which
will be used for mounting NFS volumes on glance nodes. When glance
uses cinder as store and cinder backend is NFS, this parameter must
be set to match cinder's mount point.
* Added new options for deploying Barbican with PKCS#11 backends:
*BarbicanPkcs11CryptoTokenLabels* and
*BarbicanPkcs11CryptoOsLockingOk*
* The new paramerter GlanceCinderVolumeType parameter has been added
which is required while configuring multiple cinder stores as glance
backends.
* The logic to configure the connection from barbican to nShield
HSMs has been augmented to parse a nshield_hsms parameter, which
allows the specification of multiple HSMs. The underlying ansible
role (ansible-role-thales-hsm) will configure the HSMs in load
sharing mode to provide HA.
* The "OS::TripleO::{{role.name}}::PreNetworkConfig" resource has
been restored. This resource can be used to implement any
configuration steps executed before network configurations are
applied.
* It is now possible to deploy Ceph with TripleO using cephadm.
* New "CinderRpcResponseTimeout" and "CinderApiWsgiTimeout"
parameters provide a means for configuring Cinder's RPC response and
WSGI connection timeouts, respectively.
* The Cinder Backup service can be switched from running
active/passive under pacemaker, to active-active mode where it runs
simultaneously on every node on which it's deployed. Note that the
service will be restarted when switching modes, which will interrupt
any backup operations currently in progress.
* A new "CinderBackupCompressionAlgorithm" parameter supports
specifying the compression algorithm used by Cinder Backup backends
that support the feature. The parameter defaults to "zlib," which is
Cinder's default value.
* Two new parameters are added to control the concurrency of
Cinder's backup and restore operations:
* CinderBackupWorkers
* CinderBackupMaxOperations
* Adds support for configuring the cinder-backup service with a
Google Cloud Storage (GCS) backend, or an Amazon S3 backend.
* The cinder-backup service can be configured to store backups on
external Ceph clusters defined by the "CephExternalMultiConfig"
parameter. New "CinderBackupRbdClusterName" and
"CinderBackupRbdClientUserName" parameters can be specified, which
override the default "CephClusterName" and "CephClientUserName"
values respectively.
* A new "CinderRbdMultiConfig" parameter may be used to configure
additional cinder RBD backends on external Ceph clusters defined by
the "CephExternalMultiConfig" parameter.
* The environment file environments/external-ceph.yaml has been
created and can be used when an external Ceph cluster is used.
* Added FRR as a new TripleO service. This service allows cloud
operators to deploy pure L3 control plane via BGP protocol. This has
the following benefits:
* Obtain multiple routes on multiple uplinks
* BGP used for ECMP load balancing and BFD for resiliency
* Advertise routes to API endpoints
* Less L2 traffic
Please refer to Install and Configure FRRouter specification
(https://specs.openstack.org/openstack/tripleo-specs/specs/wallaby
/triplo-bgp-frrouter.html) for more information.
* *QemuDefaultTLSVerify* will allow operators to enable or disable
TLS client certificate verification. Enabling this option will
reject any client who does not have a certificate signed by the CA
in /etc/pki/qemu/ca-cert.pem. The default is true and matches
libvirt's. We will want to disable this by default in train.
* The "LibvirtDebug" parameter has been added to enable or disable
debug logging of libvirtd and virtlogd.
* Now the debug logging of libvirtd and virtlogd is enabled
automatically when the Debug parameter is true.
* The "manila_api_cron" container has been introduced, which
executes db purge job for Manila service. Use ManilaCronDbPurge*
parameters to override cron parameters.
* Add posibilities to configure ovn dbs monitor interval in tht by
OVNDBSPacemakerMonitorInterval (default 30s). Under load, this can
create extra stress and since the timeout has already been bumped,
it makes sense to bump this interval to a higher value as a trade
off between detecting a failure and stressing the service.
* Introducing the following parameters:
* NovaComputeForceRawImages
* NovaComputeUseCowImages
* NovaComputeLibvirtPreAllocateImages
* NovaComputeImageCacheManagerInterval
* NovaComputeImageCacheRemoveUnusedBaseImages
* NovaComputeImageCacheRemoveUnusedResizedMinimumAge
* NovaComputeImageCachePrecacheConcurrency
* When a node has hugepages enabled, we can help with live
migrations by enabling *NovaLiveMigrationPermitPostCopy* and
*NovaLiveMigrationPermitAutoConverge*. These flags are automatically
enabled if hugepages are detected, but operators can override these
settings.
* Add the following parameters to tune the behavior of nova-
scheduler to achieve better distribution of instances.
* "NovaSchedulerHostSubsetSize"
* "NovaSchedulerShuffleBestSameWeighedHosts"
* Introduce new compute role based parameter
NovaGlanceEnableRbdDownload to enable direct download if rbd is used
for glance, but compute is using local ephemeral storage, to allow
nova-compute to direct download the images in this scenario from the
glance ceph pool via rbd, instead going through glance api. If
NovaGlanceEnableRbdDownload is set, per default the global RBD
glance parameters are used, CephClientUserName GlanceRbdPoolName and
CephClusterName for the used ceph.conf. Glance supports multi
storage backends which can be configured using
GlanceMultistoreConfig. If additional RBD glance backends are
configured, the NovaGlanceRbdDownloadMultistoreID can be used to
pointing to the hash key (backend ID) of GlanceMultistoreConfig to
use. If CephClientUserName or GlanceRbdPoolName are not set in the
GlanceMultistoreConfig, the global values of those parameters will
be used.
* Add NovaLibvirtMaxQueues role parameter to set
[libvirt]/max_queues in nova.conf of the compute. Default 0
corresponds to not set meaning the legacy limits based on the
reported kernel major version will be used.
* Nova supports to configure resource provider inventory and traits
using a standardized YAML file format starting victoria release [1].
This introduces CustomProviderInventories role parameter to
configure the custom provider yaml. [1]
https://docs.openstack.org/nova/latest/admin/managing-resource-
providers.html
* security-group logging is now supported under ML2/OVN. A more
detailed explanation can be found in bug 1914757
(https://bugs.launchpad.net/neutron/+bug/1914757).
* Adds pre_deploy_step_tasks support which is run after kolla files
are setup and podman is configured, but before any deployment task
or external deployment task. The use case is being able to start
containers before any deployment task.
* Add parameter
*NovaSchedulerQueryPlacementForRoutedNetworkAggregates* that allows
the scheduler to verify if the requested networks or the port are
related to Neutron *routed networks* _ with some specific segments
to use. In this case, the routed networks prefilter will require the
related aggregates to be reported in Placement, so only hosts within
the asked aggregates would be accepted. In order to support this
behaviour, operators need to set the
"[scheduler]/query_placement_for_routed_network_aggregates"
configuration option which defaults to "False".
(https://docs.openstack.org/neutron/latest/admin/config-routed-
networks.html)
* The keystone_cron container was reintroduced to run trust_flush
job, which removes expired or soft-deleted trusts from keystone
database.
* The KeystoneEnableDBPurge parameter was readded, to enable or
disable purge job for Keystone.
* The following parameters were added, to configure parameters about
trust_flush cron job.
* "KeystoneCronTrustFlushEnsure"
* "KeystoneCronTrustFlushMinute"
* "KeystoneCronTrustFlushHour"
* "KeystoneCronTrustFlushMonthday"
* "KeystoneCronTrustFlushMonth"
* "KeystoneCronTrustFlushWeekday"
* "KeystoneCronTrustFlushMaxDelay"
* "KeystoneCronTrustFlushDestination"
* "KeystoneCronTrustFlushUser"
* Adding ptp parameters for timemaster service configuration on
overcloud compute node.Timemaster will use already present chrony
parameters. PTPMessageTransport, PTPInterfaces are added new.
Upgrade Notes
*************
* All service "Debug" parameters are now booleans as expected by
oslo. This helps in proper validation and service template
composition complexities.
* The Keepalived service has been removed. The
"OS::Tripleo::Service::Keepalived" resource should be removed during
update/upgrade.
* The "iscsi" deploy interface is no longer enabled by default in
ironic, making the "direct" deploy interface the default. You will
need to update your nodes to the "direct" deploy before upgrading or
re-enable the "iscsi" deploy in "IronicEnabledDeployInterfaces" (but
note that it is going to be deprecated in the future).
* The "IronicImageDownloadSource" parameter has been changed to
"http" by default making ironic cache glance images and serve them
via a local HTTP server. Set the parameter to "swift" to return the
previous behavior of relying on swift temporary URLs.
* The "NovaHWMachineType" parameter now defaults "x86_64" based
instances to the unversioned "q35" machine type. The remaining
architecture machine type defaults being provided directly by
OpenStack Nova.
A "environments/nova-hw-machine-type-upgrade.yaml" environment file
has been provided to pin "NovaHWMachineType" to the previous
versioned machine type defaults during an upgrade.
When the upgrade of the overcloud is complete the following
OpenStack Nova documentation should then be used to ensure a machine
type is recorded for all existing instances before the new
"NovaHWMachineType" default can be used in the environment.
https://docs.openstack.org/nova/latest/admin/hw-machine-
type.html#update
* Users of the "OS::TripleO::Network::Ports::RedisVipPort" and
"OS::TripleO::Network::Ports::OVNDBsVipPort" interfaces must update
their templates. The interfaces has been removed, and the managment
of these virtual IPs has been moved to the tripleo-heat-templates
service template.
This change will typically affect deployments using already deployed
servers. Typically the virtual IPs for Redis and OVNDBs was
overriden using the "deployed-neutron-port" template. For example:
resource_registry:
OS::TripleO::Network::Ports::RedisVipPort: /usr/share/openstack-tripleo-heat-templates/deployed-server/deployed-neutron-port.yaml
OS::TripleO::Network::Ports::OVNDBsVipPort: /usr/share/openstack-tripleo-heat-templates/deployed-server/deployed-neutron-port.yaml
parameter_defaults:
DeployedServerPortMap:
redis_virtual_ip:
fixed_ips:
- ip_address: 192.168.100.10
subnets:
- cidr: 192.168.100.0/24
network:
tags:
- 192.168.100.0/24
ovn_dbs_virtual_ip:
fixed_ips:
- ip_address: 192.168.100.11
subnets:
- cidr: 192.168.100.0/24
network:
tags:
- 192.168.100.0/24
This will have to be changed. The following example shows how to
replicate the above configuration:
parameter_defaults:
RedisVirtualFixedIPs:
- ip_address: 192.168.100.10
use_neutron: false
OVNDBsVirtualFixedIPs:
- ip_address: 192.168.100.11
use_neutron: false
* The legacy DefaultPasswords interface to use passwords from heat
resources has been removed as we don't use it anymore.
* The "OVNVifType" parameter has been removed because the parameter
was not used in Neutron.
* The following two services have been removed, and should be
removed from role data during upgrade.
* "OS::TripleO::Services::CinderBackendVRTSHyperScale"
* "OS::TripleO::Services::VRTSHyperScale"
* Remove deprecated
OS::TripleO::Services::CinderBackendDellEMCXTREMIOIscsi. Use
OS::TripleO::Services::CinderBackendDellEMCXtremio instead.
Deprecation Notes
*****************
* The "IronicInspectorUseSwift" parameter has been deprecated in
favor of "IronicInspectorStorageBackend" and will be removed in a
future release.
* The *BarbicanPkcs11CryptoTokenLabel* option has been deprecated
and replaced with the *BarbicanPkcs11CryptoTokenLabels* option.
* Some parameters within ThalesVars have been deprecated. These are
- thales_hsm_ip_address and thales_hsm_config_location. See
environments/barbican-backend-pkcs11-thales.yaml for details.
* Ceph Deployment using Ceph versions older than Octopus is
deprecated.
* The CephOsdPercentageMin parameter has been deprecated and has a
new default of 0 so that the validation is not run. There is no need
to fail the deployment early if a percentage of the OSDs are not
running because the Ceph pools created for OpenStack can now be
created even if there are 0 OSDs as the PG number is no longer
required on pool creation. TripleO no longer waits for OSD creation
and instead only queues the request for OSD creation with the ceph
orchestrator.
* The environment file environments/ceph-ansible/ceph-ansible-
external.yaml has been deprecated and will be removed in X.
* The interfaces "OS::TripleO::Network::Ports::RedisVipPort" and
"OS::TripleO::Network::Ports::OVNDBsVipPort" ha been removed. The
resources are no longer used in the overcloud heat stack.
* Supoort for the Veritas HyperScale Driver has been removed.
Bug Fixes
*********
* Now "ExtraConfigPre" resource and "NodeExtraConfig" resource are
executed after network configurations are applied in nodes. This is
consitent with the previous version with heat software deployment
mechanism instead of config-download.
* The default value of CinderNfsSnapshotSupport has been changed
from true to false, to be consistent with the default value in
cinder.
* Previously access to the sshd running by the nova-migration-target
container is only limited via the sshd_config. While login is not
possible from other networks, the service is reachable via all
networks. This change limits the access to the NovaLibvirt and
NovaApi networks which are used for cold and live-migration.
* Nova vnc configuration right now uses NovaVncProxyNetwork,
NovaLibvirtNetwork and NovaApiNetwork to configure the different
components (novnc proxy, nova-compute and libvirt) for vnc. If one
of the networks get changed from internal_api, the service
configuration between libvirt, nova-compute and novnc proxy gets
inconsistent and the console is broken. This changed to just use
NovaLibvirtNetwork for configuring the vnc endpoints and removes
NovaVncProxyNetwork completely.
* Decrease Swift proxy timeouts for GET/HEAD requests using a new
parameter named SwiftProxyRecoverableNodeTimeout. The default node
timeout is 10 seconds in Swift, however this has been set to 60
seconds in TripleO in case there are slow nodes. However, this
affects all requests - GET, HEAD and PUT. GET/HEAD requests are
typically much faster, thus it makes sense to use a lower timeout to
recover earlier from node failures. This will increase stability,
because the proxy can select another backend node to retry the
request.
* Bug #1915800 (https://bugs.launchpad.net/cinder/+bug/1915800): Add
support for ports filtering in XtremIO driver.
Other Notes
***********
* The CephPoolDefaultPgNum paramter default is now 16. The Ceph
pg_autoscaler is enabled by default in the supported versions of
Ceph though the parameter CephPoolDefaultPgNum may still be used as
desired.
* The default value of the parameter 'RabbitAdditionalErlArgs' was
updated to include the new options '+sbwtdcpu none +sbwtdio none'
which disables busy-wait for dirty cpu schedulers and dirty i/o
schedulers respectively. This aligns with the flags recommended by
RabbitMQ upstream (https://www.rabbitmq.com/runtime.html#busy-
waiting).
Changes in tripleo-heat-templates 14.0.0..14.1.0
------------------------------------------------
4efd15e15 nova: Default to the unversioned q35 machine type on x86_64
1fd3ef688 Make sure the container configuration is refreshed during update.
1590be90f Default CephClientConfigVars within --working-dir
beacfa333 Define the GaneshaNetwork parameter used by cephadm
75eb5bcc3 Fix etcd/tls-e deployments
1542df355 Add OVNEncapType option to the ovn controller template
acafd67c3 Remove Keepalived service
73c1d300d Disable global_id reclaim for Ceph mons in scenario001
9fcd76ac4 Simplify manila, memcached and logging services
b7f0e066e Simplify keystone, iscsid service templates
03213d643 Simplify cephadm service templates
cda21df47 Correct metrics_qdr logging path and regex parsing
bafd6aba0 Stop using (and breaking) /var/tmp for horizon temporary things
0e30ed962 Migrate nova cron parameters to NovaApi service
0419c9006 Fix random redeploy failure during certificate extraction
6889ac2b3 Simplify horizon, ipservices templates
15ce9b6a2 Simplify haproxy service templates
59e4788ab Don't create/configure swift_temp_url_key
9d9f0ed74 Add DefaultRoute to deployed_port.j2
9cb9618dc Update undercloud TLS template with proper keytab group
550ad722b Remove EXPERIMENTAL from ovn/sriov env file
2da8297c8 cinder: remove support for the Veritas HyperScale driver
99eb1671a ScaleIO: Fix outdate template path
0b04407d0 Glance: Fix wrong indent about healthcheck key
210560d01 Make SkipRhelEnforcement boolean
d29e1b249 Add CinderBackupCompressionAlgorithm parameter
a453f1b59 Add manila db purge job
23434faf9 Aodh: define authtoken parameters in AodhApi service
0f1230d0b Add RootStackName to group_vars
faf71068b Deploy RGW by default when cephadm environment is included
a1e464a3d Migrate introspection data for undercloud upgrade
30e071b57 Use CephRgwCertificateKeySize, not CephCertificateKeySize, for RGW
fee14740b Remove deprecated CinderBackendDellEMCXTREMIOIscsi
66534f0b4 Simplify ironic service templates
e2b52f4a0 Use parameters of the nova::glance class
f08ed8036 Support removing cinder-backup from pcmk control
e7d37585a Missing client certificate for live-migration with TLS
31674339d Allow access to RabbitMQ management plugin over network
addcee106 Add ability to configure glance multiple cinder stores
1a95607b8 Removing duplicate mount point in metrics_qdr
e2936d760 Add cinder RBD support for multiple ceph clusters
4ca848fb0 Add CinderBackupWorkers and CinderBackupMaxOperations
c6c513a96 Support cinder backups to specific ceph cluster
b4b2bc5d7 Add DefaultRoute parameter to ports/noop.yaml
80b226c44 Fix "ManageNetworks" use-case
84cdac627 Simplify glance service templates
dc52f3c94 Run update tasks with become
23cdf4dd1 Refactor Service VIPs redis and ovn_dbs
7924cf945 Simplify etcd, frr service template
acdddec6d Simplify database service templates
652b86e80 Simplify cinder service templates
c5e2ecc5e Simplify ceph-ansible service templates
30ef4e572 Ensure ansible_fqdn is set
755084b52 Moving nova-consoleauth to step4
c04c9b0d7 Limit access to sshd used for nova migration
3b4d488a6 Add new options for Barbican PKCS#11 backend
70dc61cc0 Add tripleo_network_name tag hint to networks
73684d0a8 Set tags on all OS::Neutron::Port resources
f4eb7d475 Expose additional network sysctl knobs
7de18e52c Generate bind pool and bind configuration using deployment info
ecff7b705 Disable RabbitMQ busy-wait for dirty cpu and dirty i/o schedulers
f3968c641 Remove UndercloudExtraConfig merge_strategy
915bf046e Add some tunable parameters for nova-scheduler
01bb2a6f0 Disable snapshot support in Cinder NFS backend by default
9b8413e79 nova: Remove versioned default machine types
313e4484e Mount /etc/openldap inside the keystone container
1ca4f727b Enable exec resource to generate policy.yaml for Gnocchi
79ddf2f87 Move frr setup steps to pre_deploy_step_tasks
a65df66fb Always update the local certmonger ca cert
57add501a Add a boolean to allow disk overrides through NodeDataLookup
26cd692ab Fix tls for undercloud with ipa
e16384697 Add missing KOLLA_CONFIG_STRATEGY for the aodh_api_cron container
a7c593325 Set hieradata for the ceilometer::agent::service_credentials class
909845007 [update][upgrade] Use container-tools:3.0
95bc75aaf Fix some template conditions
3ed29643b Simplify ceilometer service template conditions
06efcbbd1 Simplify conditions in barbican service templates
cefbfe418 Simplify apache service conditions
35cb010cc Introduce pre_deploy_step_tasks
ef240c1f6 Use list_concat_unique instead of yaql
000e99465 Remove unused environment for split-stack
1954c3b25 Move Ceph services to linux-system-roles.certificate
180fcf18b Remove ovn-cms-options from OVS when OVNCMSOptions is set to ""
3f2e063c7 Enable debug logging of libvirt services when Debug is true
7a4a43d55 Add dependency on OVNMacAddressNetwork for role ResourceGroup
77358cbcc HA: fix injection of certificate in haproxy container
dba59f904 Simplify conditions in aodh service templates
4ee0f1894 Simplify conditions in heat service templates
c9991c2e3 Use 'wallaby' heat_template_version
d04e7b8cc radosgw_frontend_port should be a number
1c7657b00 Move tmpwatch from cron.daily to actual root crontab
1c7bac21f ovn: Set enable_hw_offload by puppet-vswitch
3e9df9576 Move overcloud common bootstrap tasks out of step1 deploy tasks
cea78ad4f Add neutron port tag hint for default_route_network
b40d5d702 Remove tripleo_hostname tag
a013f42e3 Enable ansible-lint
d77fe5551 Ensure SELinux context persist across restorecon and reboot
b4203a30e Change all *Debug parameter types to boolean
e68ed6f7c Remove CrushRules coverage from scenario001
27788212c Remove duplicate keys from yaml files
5e4c17acf Simplify internal_tls_enabled conditions
2f23f470c Fix CephExternalMultiConfig using tripleo_ceph_client
2108a5191 Fixed tox executions
9a30798b3 [collectd] Fix CollectdAmqpSendQueueLimit references
9283e44d1 [OVN] Remove check for OVN + Availability Zones
9616f83e5 Add artifact push interface to deployments
d2f6a3be2 Remove no longer used NovaNfsEnabled parameter and condtion
97fc5bcfe Remove neutron-l3-compute-dvr referenced nowhere
93e53b742 HA: inject public certificates without blocking container
3da1e7661 HA: fix race when moving VIP during minor update
5c21f8df6 Provide ability to deploy metrics_qdr using ansible
51059676b Add systemd dependency to openvswitch to ovn-controller
727d1656d Add support for py39
91a84be6f Add support for cinder-backup GCS and S3 backends
5a3f55ed9 Cavium/Liquidio is deprecated
56b8ec4e1 Designate: split bind instance into separate template
37a24bfe5 haproxy: fix typo after migration of TLS to ansible role
0d4a5f04f Disabling LM PostCopy and AutoConverge for RT roles
d350da5a8 live_migration setting should be under libvirt namespace
4ddc178cd [collectd][ansible] Add THT to deploy collectd using ansible
8bf1fb755 Updating settings description
519378191 Expose crush rule config parameter
e2680bbf7 Remove or fix outdated/incorrect manila hieradata definitions
e7077e984 Remove or fix outdated/incorrect swift hieradata definitions
111130d4f Remove or fix outdated/incorrect ironic hieradata definitions
95a0c8ff3 Remove or fix outdated/incorrect ceilometer hieradata definitions
8ba48afc6 Remove or fix outdated/incorrect aodh hieradata definitions
4d0d7adaf Remove or fix outdated/incorrect gnocchi hieradata definitions
cc5eb8177 Optimize conditions for TLS support
2c9781726 Remove Deprecated Ceph Environment Files
773fccb7c Add the Unbound DNS resolver service
8799a9421 Comment out parameter_defaults in barbican simple crypto template
c0dc78940 Drop older install CentOS/RHEL 7 tasks
fc50cfd2e Close if block in dual bonds
af4d23838 Add parameter to set iscsid CHAP algorithms
b6ae69956 Enable fernet token cache by default
6373ebf9b Correct spelling mistake
6e7e0ab48 Remove obsoleted generate_service_certificates
8d4e8adb3 Add external-ceph environment file
c54d9286c Fix up the principal name in ovn-dbs-pacemaker-puppet
1ceb52180 Add TLS support to services using memcached
1c3f2e4e6 Remove extra bash process in frr container
44d1e2ddd Add CephDynamicSpec, CephSpecPath, CephOsdSpec, CephSpecFqdn
fad07aa0b Set ansible_distribution vars for ipaclient
d8408ebb8 Add legacy fact setting
dadf71fca Use single NovaLibvirtNetwork to configure instance console components
97016b201 Add FRR service
e3f1ad953 Remove or fix outdated/incorrect keystone hieradata definitions
8874003c4 Remove or fix outdated/incorrect cinder hieradata definitions
4b01172be Add cephadm deployment and environments branch
2ee68bf9a Fix memcached firewall condition
e6801cebc Set vlan-limit value depending on vlan_transparent setting
c8a828aab Fix start order for {swift_proxy,glance_api}_tls_proxy
e329ca915 Generate certificates using ansible role
9be84a2fc Fix parameters for puppet-memcached-6.0.0
ad8f4f86e Revert "Hard code jobs to Nautilus before setting new default to Octopus"
d498ebe87 Add deployed_vip_port templates
5250e6d59 Check Ceph cluster healthy state before starting FS to BS playbook
155fe9454 Make UpgradeInitCommand and UpgradeLeapp{ToRemove,ToInstall,CommandOptions} per-role
fe53162e3 Adds net_cidr_map variable to allow cidr lists
b6d8ed854 [ovn]: Enable port forwarding in neutron service plugins
db270e91f [ovn]: Enable network logging in neutron service plugins
c0e869755 Add delegate_fact_hosts: false on ci scenarios
e7d824688 Fix plan-samples README.rst
a6c1aff5c Fix NovaDefaultFloatingPool parameter
9ece6f97a Add posibilities to set ovndbs monitor interval
0f081b4f8 Remove tripleo_transfer cleanup.yml reference
8f38bba53 Remove tempest container support from tht
d56a19159 Pass ipaclient_hostname to ipaclient role
59afff0c0 Add environments to disable Heat and Neutron
f55a08ad7 Add support for nova custom provider inventories
843713d06 Fix logging_sources map_merge issues
853549e5a Remove ovn_dbs puppet_config section
aca8b5fd6 Remove ovn-dbs temporary container
84c85aaff Fix redis_tls_proxy
3af965d6d Support configuring cinder's RPC and WSGI timeouts
c1462b760 Don't try creating default admin and member roles
236e0e0b7 Fix typo in ansible_facts
147335f79 Remove default plan-environment.yaml
d3b8515c4 Set tag hints on ControlVirtualIP
8d1fc8574 Use ansible_facts instead
73043121e Use include task for host prep tasks
8d66001fc Add parameter NovaSchedulerQueryPlacementForRoutedNetworkAggregates
15b752921 Remove usage of the wrong puppet parameter
850f5a281 Swift: Enable gatekeeper and listing_formats explicitly.
057f41345 Add no log to podman set_fact
9e6893cb8 Reintroduce keystone_cron container
b5d5b7dc2 Make content provider depend on tox-pep8/tht on check layout
b842a58e2 Fix jinja2 for VipSubnetMapDefaults redis and ovs_dbs
ed8d6c0e4 Fix issue with scale down and overcloud TLS
e0adf1056 Add ports filtering support to XtremIO Cinder driver
6c11a949f Create post-deploy.conf on update/upgrade for octavia
ac5f13c93 Lower MysqlInnodbBufferPoolSize to its old 128M default
75857d3a2 Add parameters to allow multiple nshield HSMs
f9100964f Drop service facts usage
712cfcc71 Upgrade mariadb storage during upgrade tasks
60c22c38c Stop non-pcmk services of manila and cinder during upgrade
92dcffc71 Always set NetworkDeploymentActions to its default
9b3ceef9f Add parameter {{role.name}}NetConfigOverride
823c5b48d Default all innodb_buffer_pool_size to 1G
125ebd64f Add non-tls listener to Memcached
c78f3afa2 ironic: stop defaulting to iscsi deploy in preparation for its deprecation
7f195ff9a Remove DefaultPasswords interface
a68149f24 per_node is not parsing generated json
4535e0f35 Enabling 'cinder_use_multipath' if cinder multipath is enabled
781beb757 Add ContainerDefaultPidsLimit to set default pid limits in containers.conf
365f16e21 Allow configuring cinder mount point for glance cinder store
8149df4c6 Use Ceph cluster name when setting minimum client version
b3d334099 Introducing parametrable storage configuration
69357c3a6 Make DnfStreams support RoleParameters
099badda3 Stop ironic services in unupgraded controllers
e66a70df6 Problematic nested quotes in hieradata file list
a01784dc3 [trivial] Fix mistaken variable rename
8d38363a7 Unify cinder's volume and backup kolla_config settings
91837d4fa Add new parameters to configure nova-compute direct rbd image download
b3f4111c9 Disable swift on undercloud by default
c35df2f7c Don't use swift backend for introspection data
a9bf1c128 Add post delay to reboot
8d962f136 Enforces minimum Ceph client version to Mimic
d8267d62d Hard code jobs to Nautilus before setting new default to Octopus
e7894c0b2 Restore PreNetworkConfig resources
5bf5dd9d9 Move the Overcloud common bootstrap tasks for step 1 before the deploy tasks
64e735898 Split network validation to it's own play
46df551a0 Use include_role for conditional inclusion
0c20e1e1a Add service ordering to cleanup service to avoid conflicts with agent startup
98c48b229 Config parameters for timemaster service
cff1618e4 Make the default transport POLL_SERVER_HEAT
2d0125ed4 Add an index tag on neutron network resources
4a862731b Remove deployed-server bootstrap mappings
67a5a7889 Add NovaLibvirtMaxQueues role parameter to set [libvirt]/max_queues
d4ae25e2f Deprecate environments/dcn-hci.yaml for dcn-storage.yaml
df207fd2e Live migration optimization with HP
b3d783695 Stop octavia servics in unupgraded controllers
9cbf8a39a Remove ffwd lifecycle environment files.
42bf766c7 Remove External{Internal,Public,Admin}Url parameters
f87652dfe Add a new role parameter rhsm_enforce.
a5383436c Default to cinder v3 in cloud config
c4d75bc14 Revert "Reset sriov_numvfs to 0 before leapp upgrade"
29a5bf31a Switch Octavia external tasks to 'post deploy'
67917bf65 nova: Use LIBGUESTFS_BACKEND=direct
1787da144 Add sample network data files for network-data-v2
8a79c1b63 Force json output format for hiera in derive pci whitelist
04405abdd Deleting nova-consoleauth services in post-upgrade
63c5a94f8 Use Ceph-NFS for Manila in scenario004
fe739bd59 Remove useless hieradata for keystone resource management by puppet
9d1e91794 Remove the OVNVifType parameter
06eb1d167 Neutron: Do not set ovn_l3_mode
f04f9645a Remove unused [ec2]driver parameter
7de39925d tool: convert heat network-config to ansible j2
6f140b93b Stop barbican servics in unupgraded controllers
5daaed405 Use nova::compute::image_cache class to set image cache parameters
f08905d7f Decrease Swift proxy timeouts for GET/HEAD requests
5cfb038cf Set Designate mdns to listen on both ipv6 and ipv4
6ff238199 Add ReaR service to all roles
a44181d61 Explicitly set port numbers used in swift storage
Diffstat (except docs and test files)
-------------------------------------
.ansible-lint | 24 +
.gitignore | 115 ++++
bindep.txt | 14 +-
ci/common/ironic_standalone_post.yaml | 2 +-
ci/common/vbmc_setup.yaml | 2 +-
ci/environments/disable-unbound.yaml | 5 +-
ci/environments/multinode-core.yaml | 5 +-
.../network-isolation-absolute.yaml | 2 -
.../multiple-nics-ipv6/network-isolation.yaml | 2 -
.../multiple-nics/network-isolation-absolute.yaml | 2 -
.../network/multiple-nics/network-isolation.yaml | 2 -
.../public-bond/network-isolation-absolute.yaml | 2 -
.../network/public-bond/network-isolation.yaml | 2 -
ci/environments/scenario000-standalone.yaml | 3 +-
.../scenario001-multinode-containers.yaml | 1 -
ci/environments/scenario001-standalone.yaml | 54 +-
ci/environments/scenario003-standalone.yaml | 46 +-
ci/environments/scenario004-standalone.yaml | 6 +
.../scenario010-multinode-containers.yaml | 24 +-
ci/environments/scenario010-standalone.yaml | 22 +-
ci/environments/scenario013-standalone.yaml | 19 +-
ci/environments/standalone-ipa.yaml | 1 -
common/common-container-config-scripts.yaml | 8 +
common/common-container-setup-tasks.yaml | 104 ++++
common/deploy-steps-playbooks-common.yaml | 42 +-
common/deploy-steps-tasks-step-0.j2.yaml | 13 +-
common/deploy-steps-tasks-step-1.yaml | 105 ----
common/deploy-steps-tasks.yaml | 6 +-
common/deploy-steps.j2 | 261 +++++++--
common/generate-config-tasks.yaml | 2 +-
common/host-container-puppet-tasks.yaml | 4 +-
common/services/role.role.j2.yaml | 19 +-
config-download-software.yaml | 2 +-
config-download-structured.yaml | 2 +-
container_config_scripts/mysql_upgrade_db.sh | 15 +
.../nova_libvirt_init_secret.sh | 60 ++
default_passwords.yaml | 25 -
deployed-server/ctlplane-port.yaml | 10 +-
deployed-server/deployed-neutron-port.yaml | 8 +-
.../deployed-server-environment-output.yaml | 53 --
deployed-server/deployed-server.yaml | 10 +-
deployment/README.rst | 4 -
deployment/aide/aide-baremetal-ansible.yaml | 5 +-
deployment/aodh/aodh-api-container-puppet.yaml | 51 +-
deployment/aodh/aodh-base.yaml | 47 +-
.../aodh/aodh-evaluator-container-puppet.yaml | 9 +-
.../aodh/aodh-listener-container-puppet.yaml | 9 +-
.../aodh/aodh-notifier-container-puppet.yaml | 9 +-
deployment/apache/apache-baremetal-puppet.j2.yaml | 78 +--
deployment/auditd/auditd-baremetal-puppet.yaml | 5 +-
.../backup-and-restore/rear-baremetal-ansible.yaml | 5 +-
.../barbican/barbican-api-container-puppet.yaml | 338 ++++++------
.../barbican/barbican-backend-dogtag-puppet.yaml | 5 +-
.../barbican/barbican-backend-kmip-puppet.yaml | 5 +-
.../barbican-backend-pkcs11-crypto-puppet.yaml | 21 +-
.../barbican-backend-simple-crypto-puppet.yaml | 5 +-
deployment/barbican/barbican-client-puppet.yaml | 5 +-
.../ceilometer-agent-central-container-puppet.yaml | 52 +-
.../ceilometer-agent-compute-container-puppet.yaml | 12 +-
.../ceilometer-agent-ipmi-container-puppet.yaml | 11 +-
...ometer-agent-notification-container-puppet.yaml | 14 +-
.../ceilometer-base-container-puppet.yaml | 38 +-
deployment/ceph-ansible/ceph-base.yaml | 149 +++--
deployment/ceph-ansible/ceph-client.yaml | 28 +-
deployment/ceph-ansible/ceph-external.yaml | 18 +-
deployment/ceph-ansible/ceph-grafana.yaml | 91 ++-
deployment/ceph-ansible/ceph-mds.yaml | 20 +-
deployment/ceph-ansible/ceph-mgr.yaml | 88 ++-
deployment/ceph-ansible/ceph-mon.yaml | 49 +-
deployment/ceph-ansible/ceph-nfs.yaml | 33 +-
deployment/ceph-ansible/ceph-osd.yaml | 26 +-
deployment/ceph-ansible/ceph-rbdmirror.yaml | 25 +-
deployment/ceph-ansible/ceph-rgw.yaml | 131 +++--
deployment/cephadm/ceph-base.yaml | 607 +++++++++++++++++++++
deployment/cephadm/ceph-client.yaml | 126 +++++
.../ceph-external.yaml} | 59 +-
deployment/cephadm/ceph-grafana.yaml | 196 +++++++
deployment/cephadm/ceph-mds.yaml | 58 ++
deployment/cephadm/ceph-mgr.yaml | 181 ++++++
deployment/cephadm/ceph-mon.yaml | 85 +++
deployment/cephadm/ceph-nfs.yaml | 133 +++++
deployment/cephadm/ceph-osd.yaml | 89 +++
deployment/cephadm/ceph-rbdmirror.yaml | 72 +++
deployment/cephadm/ceph-rgw.yaml | 207 +++++++
deployment/certs/ca-certs-baremetal-puppet.yaml | 5 +-
.../certs/certmonger-user-baremetal-puppet.yaml | 83 ---
deployment/cinder/cinder-api-container-puppet.yaml | 50 +-
.../cinder-backend-dellemc-powerflex-puppet.yaml | 11 +-
.../cinder-backend-dellemc-powermax-puppet.yaml | 11 +-
.../cinder-backend-dellemc-powerstore-puppet.yaml | 11 +-
.../cinder/cinder-backend-dellemc-sc-puppet.yaml | 11 +-
.../cinder-backend-dellemc-unity-puppet.yaml | 11 +-
.../cinder-backend-dellemc-vmax-iscsi-puppet.yaml | 11 +-
.../cinder/cinder-backend-dellemc-vnx-puppet.yaml | 11 +-
...inder-backend-dellemc-xtremio-iscsi-puppet.yaml | 120 ----
.../cinder-backend-dellemc-xtremio-puppet.yaml | 18 +-
.../cinder/cinder-backend-dellsc-puppet.yaml | 11 +-
.../cinder/cinder-backend-netapp-puppet.yaml | 11 +-
.../cinder/cinder-backend-nvmeof-puppet.yaml | 11 +-
deployment/cinder/cinder-backend-pure-puppet.yaml | 11 +-
.../cinder-backend-veritas-hyperscale-puppet.yaml | 66 ---
.../cinder/cinder-backup-container-puppet.yaml | 242 +++++---
.../cinder/cinder-backup-pacemaker-puppet.yaml | 57 +-
deployment/cinder/cinder-base.yaml | 45 +-
.../cinder/cinder-common-container-puppet.yaml | 134 +++--
.../cinder/cinder-hpelefthand-iscsi-puppet.yaml | 11 +-
.../cinder/cinder-scheduler-container-puppet.yaml | 15 +-
.../cinder/cinder-volume-container-puppet.yaml | 122 ++---
.../cinder/cinder-volume-pacemaker-puppet.yaml | 47 +-
.../openstack-clients-baremetal-ansible.yaml | 5 +-
...ntainer-image-prepare-baremetal-ansible.j2.yaml | 21 +-
deployment/containers-common.yaml | 5 +-
deployment/database/mysql-base.yaml | 190 ++++---
deployment/database/mysql-client.yaml | 5 +-
deployment/database/mysql-container-puppet.yaml | 96 ++--
deployment/database/mysql-pacemaker-puppet.yaml | 132 ++---
deployment/database/redis-base-puppet.yaml | 51 +-
deployment/database/redis-container-puppet.yaml | 103 ++--
deployment/database/redis-pacemaker-puppet.yaml | 84 +--
.../liquidio-compute-config-container-puppet.yaml | 5 +-
.../cinder-backend-dellemc-vxflexos-puppet.yaml | 5 +-
.../cinder/cinder-backend-scaleio-puppet.yaml | 5 +-
.../keepalived/keepalived-container-puppet.yaml | 156 ------
.../mistral/mistral-api-container-puppet.yaml | 6 +-
deployment/deprecated/mistral/mistral-base.yaml | 18 +-
.../mistral/mistral-engine-container-puppet.yaml | 6 +-
.../mistral-event-engine-container-puppet.yaml | 6 +-
.../mistral/mistral-executor-container-puppet.yaml | 6 +-
deployment/deprecated/multipathd-container.yaml | 5 +-
.../novajoin/ipaclient-baremetal-ansible.yaml | 5 +-
.../novajoin/novajoin-container-puppet.yaml | 11 +-
.../deprecated/zaqar/zaqar-container-puppet.yaml | 19 +-
deployment/etcd/etcd-container-puppet.yaml | 118 ++--
.../designate/designate-api-container-puppet.yaml | 6 +-
.../experimental/designate/designate-base.yaml | 16 +-
.../designate/designate-bind-container.yaml | 149 +++++
.../designate-central-container-puppet.yaml | 19 +-
.../designate/designate-mdns-container-puppet.yaml | 9 +-
.../designate-producer-container-puppet.yaml | 6 +-
.../designate/designate-sink-container-puppet.yaml | 6 +-
.../designate-worker-container-puppet.yaml | 98 +---
deployment/frr/frr-container-ansible.yaml | 230 ++++++++
deployment/glance/glance-api-container-puppet.yaml | 212 ++++---
.../glance/glance-api-edge-container-puppet.yaml | 17 +-
.../gnocchi/gnocchi-api-container-puppet.yaml | 14 +-
deployment/gnocchi/gnocchi-base.yaml | 20 +-
.../gnocchi/gnocchi-metricd-container-puppet.yaml | 6 +-
.../gnocchi/gnocchi-statsd-container-puppet.yaml | 6 +-
deployment/haproxy/haproxy-container-puppet.yaml | 138 +++--
.../haproxy/haproxy-edge-container-puppet.yaml | 22 +-
.../haproxy-internal-tls-certmonger.j2.yaml | 109 ++--
deployment/haproxy/haproxy-pacemaker-puppet.yaml | 147 ++---
.../haproxy/haproxy-public-tls-certmonger.yaml | 167 ++++--
deployment/haproxy/haproxy-public-tls-inject.yaml | 13 +-
deployment/heat/heat-api-cfn-container-puppet.yaml | 32 +-
.../heat/heat-api-cloudwatch-disabled-puppet.yaml | 5 +-
deployment/heat/heat-api-container-puppet.yaml | 35 +-
deployment/heat/heat-base-puppet.yaml | 54 +-
deployment/heat/heat-engine-container-puppet.yaml | 42 +-
deployment/horizon/horizon-container-puppet.yaml | 108 ++--
.../image-serve/image-serve-baremetal-ansible.yaml | 5 +-
deployment/ipa/ipaservices-baremetal-ansible.yaml | 108 ++--
deployment/ipsec/ipsec-baremetal-ansible.yaml | 5 +-
deployment/ironic/ironic-api-container-puppet.yaml | 50 +-
deployment/ironic/ironic-base-puppet.yaml | 82 ++-
.../ironic/ironic-conductor-container-puppet.yaml | 130 ++---
.../ironic/ironic-inspector-container-puppet.yaml | 136 +++--
.../ironic-neutron-agent-container-puppet.yaml | 10 +-
deployment/ironic/ironic-pxe-container-puppet.yaml | 28 +-
deployment/iscsid/iscsid-container-puppet.yaml | 36 +-
deployment/kernel/kernel-baremetal-ansible.yaml | 17 +-
.../kernel-boot-params-baremetal-ansible.yaml | 5 +-
deployment/keystone/keystone-container-puppet.yaml | 352 ++++++------
deployment/logging/files/barbican-api.yaml | 2 +-
deployment/logging/files/glance-api.yaml | 2 +-
deployment/logging/files/haproxy.yaml | 2 +-
deployment/logging/files/heat-api-cfn.yaml | 2 +-
deployment/logging/files/heat-api.yaml | 2 +-
deployment/logging/files/heat-engine.yaml | 2 +-
deployment/logging/files/keystone.yaml | 2 +-
deployment/logging/files/neutron-api.yaml | 2 +-
deployment/logging/files/neutron-common.yaml | 2 +-
deployment/logging/files/nova-api.yaml | 2 +-
deployment/logging/files/nova-common.yaml | 2 +-
deployment/logging/files/nova-libvirt.yaml | 32 +-
deployment/logging/files/nova-metadata.yaml | 2 +-
deployment/logging/files/placement-api.yaml | 2 +-
deployment/logging/rsyslog-baremetal-ansible.yaml | 6 +-
deployment/logging/rsyslog-container-puppet.yaml | 9 +-
.../logging/rsyslog-sidecar-container-puppet.yaml | 12 +-
deployment/logging/stdout/barbican-api.yaml | 2 +-
deployment/logging/stdout/glance-api.yaml | 2 +-
deployment/logging/stdout/haproxy.yaml | 2 +-
deployment/logging/stdout/heat-api-cfn.yaml | 2 +-
deployment/logging/stdout/heat-api.yaml | 2 +-
deployment/logging/stdout/heat-engine.yaml | 2 +-
deployment/logging/stdout/keystone.yaml | 2 +-
deployment/logging/stdout/neutron-common.yaml | 2 +-
deployment/logging/stdout/nova-api.yaml | 2 +-
deployment/logging/stdout/nova-common.yaml | 2 +-
deployment/logging/stdout/nova-libvirt.yaml | 32 +-
deployment/logging/stdout/nova-metadata.yaml | 2 +-
deployment/logging/stdout/placement-api.yaml | 2 +-
.../login-defs/login-defs-baremetal-ansible.yaml | 5 +-
.../logrotate-crond-container-puppet.yaml | 63 ++-
deployment/logrotate/tmpwatch-install.yaml | 5 +-
deployment/manila/manila-api-container-puppet.yaml | 133 ++++-
deployment/manila/manila-backend-cephfs.yaml | 14 +-
deployment/manila/manila-backend-isilon.yaml | 6 +-
deployment/manila/manila-backend-netapp.yaml | 6 +-
deployment/manila/manila-backend-unity.yaml | 7 +-
deployment/manila/manila-backend-vmax.yaml | 7 +-
deployment/manila/manila-backend-vnx.yaml | 8 +-
deployment/manila/manila-base.yaml | 46 +-
.../manila/manila-scheduler-container-puppet.yaml | 25 +-
deployment/manila/manila-share-common.yaml | 15 +-
.../manila/manila-share-container-puppet.yaml | 30 +-
.../manila/manila-share-pacemaker-puppet.yaml | 18 +-
.../masquerade-networks-baremetal-puppet.yaml | 5 +-
.../memcached/memcached-container-puppet.yaml | 189 +++++--
.../messaging/rpc-qdrouterd-container-puppet.yaml | 10 +-
deployment/metrics/collectd-container-ansible.yaml | 445 +++++++++++++++
deployment/metrics/collectd-container-puppet.yaml | 12 +-
deployment/metrics/qdr-container-ansible.yaml | 376 +++++++++++++
deployment/metrics/qdr-container-puppet.yaml | 131 +++--
.../multipathd/multipathd-container-ansible.yaml | 5 +-
.../neutron/derive_pci_passthrough_whitelist.py | 2 +-
.../neutron-agents-ib-config-container-puppet.yaml | 6 +-
.../neutron/neutron-api-container-puppet.yaml | 78 +--
deployment/neutron/neutron-base.yaml | 20 +-
.../neutron-bgpvpn-api-container-puppet.yaml | 5 +-
.../neutron-bgpvpn-bagpipe-baremetal-puppet.yaml | 5 +-
.../neutron-bigswitch-agent-baremetal-puppet.yaml | 5 +-
deployment/neutron/neutron-cleanup.service | 2 +-
.../neutron/neutron-compute-plugin-nuage.yaml | 5 +-
.../neutron/neutron-controller-plugin-nuage.yaml | 5 +-
.../neutron/neutron-dhcp-container-puppet.yaml | 91 +--
.../neutron-l2gw-agent-baremetal-puppet.yaml | 16 +-
.../neutron/neutron-l2gw-api-container-puppet.yaml | 5 +-
.../neutron/neutron-l3-container-puppet.yaml | 28 +-
...neutron-linuxbridge-agent-baremetal-puppet.yaml | 6 +-
.../neutron/neutron-metadata-container-puppet.yaml | 17 +-
.../neutron-mlnx-agent-container-puppet.yaml | 6 +-
.../neutron-ovn-dpdk-config-container-puppet.yaml | 6 +-
.../neutron-ovs-agent-container-puppet.yaml | 6 +-
.../neutron-ovs-dpdk-agent-container-puppet.yaml | 7 +-
...eutron-plugin-ml2-ansible-container-puppet.yaml | 5 +-
...tron-plugin-ml2-cisco-vts-container-puppet.yaml | 5 +-
.../neutron-plugin-ml2-container-puppet.yaml | 5 +-
...lugin-ml2-mlnx-sdn-assist-container-puppet.yaml | 6 +-
deployment/neutron/neutron-plugin-ml2-nuage.yaml | 6 +-
deployment/neutron/neutron-plugin-ml2-ovn.yaml | 16 +-
deployment/neutron/neutron-plugin-ml2.yaml | 6 +-
.../neutron-plugin-nsx-container-puppet.yaml | 4 +-
deployment/neutron/neutron-plugin-nuage.yaml | 6 +-
.../neutron/neutron-sfc-api-container-puppet.yaml | 5 +-
.../neutron-sriov-agent-container-puppet.yaml | 37 +-
.../neutron-vpp-agent-baremetal-puppet.yaml | 6 +-
deployment/nova/nova-api-container-puppet.yaml | 201 ++++++-
deployment/nova/nova-apidb-client-puppet.yaml | 5 +-
deployment/nova/nova-az-config.yaml | 5 +-
deployment/nova/nova-base-puppet.yaml | 198 +------
.../nova/nova-compute-common-container-puppet.yaml | 5 +-
deployment/nova/nova-compute-container-puppet.yaml | 495 ++++++++++++++---
.../nova/nova-conductor-container-puppet.yaml | 8 +-
deployment/nova/nova-db-client-puppet.yaml | 5 +-
deployment/nova/nova-ironic-container-puppet.yaml | 34 +-
deployment/nova/nova-libvirt-container-puppet.yaml | 410 ++++++++------
.../nova/nova-libvirt-guests-container-puppet.yaml | 5 +-
deployment/nova/nova-manager-container-puppet.yaml | 6 +-
.../nova/nova-metadata-container-puppet.yaml | 43 +-
.../nova-migration-target-container-puppet.yaml | 58 +-
.../nova/nova-scheduler-container-puppet.yaml | 30 +-
.../nova/nova-vnc-proxy-container-puppet.yaml | 213 +++++---
.../octavia/octavia-api-container-puppet.yaml | 128 +++--
deployment/octavia/octavia-base.yaml | 35 +-
.../octavia/octavia-deployment-config.j2.yaml | 12 +-
.../octavia-health-manager-container-puppet.yaml | 24 +-
.../octavia-housekeeping-container-puppet.yaml | 24 +-
.../octavia/octavia-worker-container-puppet.yaml | 28 +-
.../octavia/providers/ovn-provider-config.yaml | 53 +-
.../openvswitch-dpdk-baremetal-ansible.yaml | 6 +-
...vswitch-dpdk-netcontrold-container-ansible.yaml | 5 +-
.../ovn/ovn-controller-container-puppet.yaml | 78 ++-
deployment/ovn/ovn-dbs-container-puppet.yaml | 48 +-
deployment/ovn/ovn-dbs-pacemaker-puppet.yaml | 113 ++--
deployment/ovn/ovn-metadata-container-puppet.yaml | 77 ++-
.../pacemaker/clustercheck-container-puppet.yaml | 6 +-
.../compute-instanceha-baremetal-puppet.yaml | 5 +-
deployment/pacemaker/ovn-dbs-baremetal-puppet.yaml | 6 +-
.../pacemaker/pacemaker-baremetal-puppet.yaml | 17 +-
.../pacemaker-remote-baremetal-puppet.yaml | 13 +-
.../placement/placement-api-container-puppet.yaml | 15 +-
deployment/podman/podman-baremetal-ansible.yaml | 15 +-
deployment/qdr/qdrouterd-container-puppet.yaml | 10 +-
deployment/rabbitmq/rabbitmq-container-puppet.yaml | 135 +++--
...rabbitmq-messaging-notify-container-puppet.yaml | 92 ++--
...rabbitmq-messaging-notify-pacemaker-puppet.yaml | 61 +--
.../rabbitmq-messaging-notify-shared-puppet.yaml | 5 +-
.../rabbitmq-messaging-pacemaker-puppet.yaml | 66 +--
.../rabbitmq-messaging-rpc-container-puppet.yaml | 92 ++--
.../rabbitmq-messaging-rpc-pacemaker-puppet.yaml | 72 ++-
deployment/rhsm/rhsm-baremetal-ansible.yaml | 5 +-
.../securetty/securetty-baremetal-ansible.yaml | 5 +-
deployment/snmp/snmp-baremetal-puppet.yaml | 5 +-
deployment/sshd/sshd-baremetal-ansible.yaml | 5 +-
deployment/sshd/sshd-baremetal-puppet.yaml | 5 +-
.../external-swift-proxy-baremetal-puppet.yaml | 54 +-
deployment/swift/swift-base.yaml | 5 +-
.../swift/swift-dispersion-baremetal-puppet.yaml | 5 +-
deployment/swift/swift-proxy-container-puppet.yaml | 33 +-
.../swift/swift-ringbuilder-container-puppet.yaml | 48 +-
.../swift/swift-storage-container-puppet.yaml | 50 +-
deployment/time/ptp-baremetal-ansible.yaml | 5 +-
deployment/time/timezone-baremetal-ansible.yaml | 5 +-
.../timemaster/timemaster-baremetal-ansible.yaml | 171 ++++++
deployment/timesync/chrony-baremetal-ansible.yaml | 16 +-
deployment/tls/undercloud-remove-novajoin.yaml | 5 +-
deployment/tls/undercloud-tls.yaml | 18 +-
.../tripleo-firewall-baremetal-ansible.yaml | 5 +-
.../tripleo-packages-baremetal-puppet.yaml | 66 ++-
deployment/tuned/tuned-baremetal-ansible.yaml | 5 +-
deployment/unbound/unbound-container-ansible.yaml | 134 +++++
deployment/undercloud/minion-rabbitmq-puppet.yaml | 5 +-
.../undercloud/tempest-container-puppet.yaml | 70 ---
deployment/undercloud/undercloud-upgrade.yaml | 26 +-
.../tripleo-validations-baremetal-ansible.yaml | 5 +-
...tas-hyperscale-controller-baremetal-puppet.yaml | 130 -----
deployment/vpp/vpp-baremetal-puppet.yaml | 5 +-
environments/barbican-backend-pkcs11-atos.yaml | 13 +-
environments/barbican-backend-pkcs11-lunasa.yaml | 3 +-
environments/barbican-backend-pkcs11-thales.yaml | 21 +-
environments/barbican-backend-simple-crypto.yaml | 2 +-
environments/cavium-liquidio.yaml | 2 +-
.../ceph-ansible/ceph-ansible-external.yaml | 2 +
environments/cephadm/ceph-dashboard.yaml | 5 +
environments/cephadm/ceph-mds.yaml | 2 +
environments/cephadm/ceph-rbdmirror.yaml | 2 +
environments/cephadm/cephadm-rbd-only.yaml | 22 +
environments/cephadm/cephadm.yaml | 26 +
environments/cinder-backup-active-active.yaml | 2 +
environments/cinder-backup.yaml | 3 +-
environments/cinder-dellemc-xtremio-config.yaml | 1 +
.../cinder-dellemc-xtremio-iscsi-config.yaml | 18 -
environments/cinder-scaleio-config.yaml | 2 +-
environments/dcn-hci.yaml | 5 +-
environments/dcn-storage.yaml | 51 ++
environments/dcn.yaml | 2 -
environments/deployed-server-environment.j2.yaml | 1 -
environments/deployed-server-noop-ctlplane.yaml | 1 -
environments/designate-config-ha.yaml | 127 -----
environments/designate-config.yaml | 69 ---
environments/disable-heat.yaml | 5 +
environments/disable-neutron.yaml | 30 +
environments/enable-designate.yaml | 14 +
environments/enable-stf.yaml | 2 +-
environments/enable_tempest.yaml | 2 -
...nvironment-external.yaml => external-ceph.yaml} | 19 +-
environments/external-loadbalancer-vip-v6-all.yaml | 2 -
environments/external-loadbalancer-vip-v6.yaml | 2 -
environments/external-loadbalancer-vip.yaml | 2 -
environments/fixed-ip-vips-v6.yaml | 2 -
environments/fixed-ip-vips.yaml | 2 -
environments/hyperconverged-ceph.yaml | 63 ---
environments/lifecycle/ffwd-upgrade-converge.yaml | 9 -
environments/lifecycle/ffwd-upgrade-prepare.yaml | 10 -
.../lifecycle/undercloud-upgrade-prepare.yaml | 2 +-
environments/lifecycle/update-prepare.yaml | 2 +-
environments/lifecycle/upgrade-prepare.yaml | 2 +-
environments/low-memory-usage.yaml | 1 +
environments/metrics/collectd-write-qdr.yaml | 2 +-
environments/metrics/qdr-edge-only-ansible.yaml | 20 +
.../metrics/qdr-form-controller-mesh-ansible.yaml | 26 +
.../network-isolation-no-tunneling.j2.yaml | 2 -
environments/network-isolation-v6-all.j2.yaml | 2 -
environments/network-isolation-v6.j2.yaml | 2 -
environments/network-isolation.j2.yaml | 2 -
environments/nova-hw-machine-type-upgrade.yaml | 10 +
environments/overcloud-baremetal.j2.yaml | 3 -
environments/overcloud-services.yaml | 2 -
...deprecated_ceph_env_files-e71ea73eefe8bfad.yaml | 7 +
.../services-baremetal/neutron-ovn-dvr-ha.yaml | 3 +-
.../services-baremetal/neutron-ovn-ha.yaml | 3 +-
environments/services/frr.yaml | 9 +
environments/services/neutron-ovn-dvr-ha.yaml | 3 +-
environments/services/neutron-ovn-ha.yaml | 3 +-
environments/services/neutron-ovn-sriov.yaml | 3 -
environments/services/neutron-ovn-standalone.yaml | 3 +-
environments/services/neutron-ovs.yaml | 1 -
environments/services/tempest.yaml | 2 -
environments/services/undercloud-keepalived.yaml | 4 -
environments/ssl/enable-internal-tls.j2.yaml | 1 -
environments/ssl/enable-memcached-tls.yaml | 10 +
environments/standalone/standalone-overcloud.yaml | 1 +
environments/standalone/standalone-tripleo.yaml | 7 +-
environments/storage-environment.yaml | 86 ---
environments/tuned-ceph-filestore-hci.yaml | 13 -
environments/undercloud-enable-nova.yaml | 1 +
environments/undercloud-enable-swift.yaml | 12 +
environments/undercloud.yaml | 23 +-
environments/undercloud/undercloud-minion.yaml | 6 +-
environments/updates/README.md | 3 -
environments/updates/update-from-ceph-newton.yaml | 4 -
.../cinder-veritas-hyperscale-config.yaml | 18 -
.../veritas-hyperscale-config.yaml | 32 --
extraconfig/all_nodes/swap-partition.j2.yaml | 2 +-
extraconfig/all_nodes/swap.j2.yaml | 2 +-
.../krb-service-principals/role.role.j2.yaml | 2 +-
extraconfig/post_deploy/default.yaml | 2 +-
extraconfig/post_deploy/example.yaml | 2 +-
extraconfig/post_deploy/example_run_on_update.yaml | 2 +-
extraconfig/post_deploy/undercloud_post.yaml | 2 +-
firstboot/conntectx3_streering.yaml | 2 +-
firstboot/os-net-config-mappings.yaml | 2 +-
firstboot/userdata_default.yaml | 2 +-
firstboot/userdata_dev_rsync.yaml | 2 +-
firstboot/userdata_example.yaml | 2 +-
firstboot/userdata_heat_admin.yaml | 2 +-
firstboot/userdata_root_password.yaml | 2 +-
firstboot/userdata_timesync.yaml | 2 +-
.../default-network-isolation-ipv6.yaml | 56 ++
.../default-network-isolation.yaml | 56 ++
network-data-samples/ganesha-ipv6.yaml | 22 +
network-data-samples/ganesha.yaml | 24 +
.../legacy-routed-networks-ipv6.yaml | 90 +++
network-data-samples/legacy-routed-networks.yaml | 98 ++++
network-data-samples/management-ipv6.yaml | 12 +
network-data-samples/management.yaml | 12 +
network-data-samples/no-networks.yaml | 6 +
network-data-samples/routed-networks-ipv6.yaml | 84 +++
network-data-samples/routed-networks.yaml | 84 +++
network/deployed_networks.yaml | 2 +-
network/endpoints/build_endpoint_map.py | 2 +-
network/endpoints/endpoint_map.yaml | 2 +-
network/network.j2 | 41 +-
network/networks.j2.yaml | 2 +-
network/ovn_mac_addr_net.yaml | 2 +-
network/ports/ctlplane_vip.yaml | 18 +-
network/ports/deployed_port.j2 | 10 +-
network/ports/deployed_vip_ctlplane.yaml | 40 ++
network/ports/deployed_vip_port.j2 | 67 +++
network/ports/deployed_vip_port.network.j2.yaml | 1 +
network/ports/from_service.yaml | 5 +-
network/ports/from_service_v6.yaml | 5 +-
network/ports/net_ip_list_map.j2.yaml | 2 +-
network/ports/net_ip_map.j2.yaml | 2 +-
network/ports/net_vip_map_external.j2.yaml | 2 +-
network/ports/net_vip_map_external_v6.j2.yaml | 2 +-
network/ports/noop.yaml | 10 +-
network/ports/ovn_mac_addr_port.yaml | 18 +-
network/ports/port.j2 | 36 +-
network/ports/port_from_pool.j2 | 10 +-
network/ports/vip.yaml | 17 +-
network/ports/vip_v6.yaml | 18 +-
network/service_net_map.j2.yaml | 10 +-
overcloud-resource-registry-puppet.j2.yaml | 24 +-
overcloud.j2.yaml | 137 ++---
plan-environment.yaml | 8 -
plan-samples/README.rst | 26 +-
plan-samples/plan-environment-derived-params.yaml | 7 -
.../pre_deploy/compute/neutron-ml2-bigswitch.yaml | 2 +-
.../pre_deploy/controller/multiple.yaml | 2 +-
.../controller/neutron-ml2-bigswitch.yaml | 2 +-
puppet/extraconfig/pre_deploy/default.yaml | 2 +-
puppet/extraconfig/pre_deploy/per_node.yaml | 16 +-
puppet/extraconfig/tls/ca-inject.yaml | 2 +-
puppet/role.role.j2.yaml | 14 +-
.../Add-Unbound-service-ba72830f9c75ecc3.yaml | 4 +
...rStorageBackend-parameter-9dd87e751b576007.yaml | 9 +
...envs-disable-neutron-heat-6f031e2a4058a581.yaml | 5 +
...ount-point-base-parameter-852554398b9f3a19.yaml | 7 +
...r-barbican-pkcs11-options-a2ec14369518b40e.yaml | 9 +
...re_multiple_cinder_stores-74eea265ee795660.yaml | 5 +
.../notes/barbican-thales-ha-581fbe9b5ef4dc87.yaml | 11 +
.../notes/bug-1907214-df2f07cbacbe8a24.yaml | 13 +
releasenotes/notes/cephadm-28185ca8ac814567.yaml | 17 +
...er-add-timeout-parameters-54550a6e1c11c0b9.yaml | 6 +
...nder-backup-active-active-2eb8f8cf612a7989.yaml | 8 +
...kup-compression-algorithm-337a6708264cb84a.yaml | 7 +
...cinder-backup-concurrency-dc7627c617d36133.yaml | 8 +
...er-backup-gcs-s3-backends-7dc04376150164fc.yaml | 5 +
...backup-other-ceph-cluster-36852bf2edfd11a7.yaml | 8 +
...snapshot-support-disabled-2d2e08c97537bc94.yaml | 14 +
.../cinder-rbd-multiconfig-dff6b46a0b20331a.yaml | 6 +
.../dcn-hci-storage-rename-0b1c17dd50f4cc9a.yaml | 8 +
...-all-debug-params-boolean-b1256f282e414b98.yaml | 6 +
.../erl-sbwtdcpu-sbwtdio-b26506a0430480dc.yaml | 9 +
...external_ceph_environment-05a1405bce969060.yaml | 15 +
.../notes/frr-support-21648d0660a810ac.yaml | 15 +
...introducing-qemutlsverify-af590e0243fe6b08.yaml | 9 +
.../notes/keepalived_removed-04c52519d7b33acb.yaml | 6 +
.../notes/libvirt-debug-0bf95db421329ff6.yaml | 9 +
.../notes/manila-db-purge-811512391617216d.yaml | 6 +
.../monitor_interval_ovndbs-b14c886737965300.yaml | 9 +
releasenotes/notes/no-iscsi-df52429ef64f4093.yaml | 13 +
...-compute-image-parameters-eb3a11bf0fd4691b.yaml | 11 +
...mit-postcopy-autoconverge-ca1719fd2abed45f.yaml | 8 +
...hine-type-default-changed-27244a925f6d6200.yaml | 17 +
.../nova-scheduler-tunables-8c1dbab10b289480.yaml | 8 +
...irect_glance_rbd_download-e945933da26f10f0.yaml | 17 +
.../nova_libvirt_max_queues-8024fc63105bd25d.yaml | 6 +
...va_migration_limit_access-20be8d69686ca95c.yaml | 8 +
.../notes/nova_novnc_network-83a1479bf227f867.yaml | 10 +
...placement_custom_provider-21203c3ff54c878c.yaml | 7 +
...vn-security-group-logging-0542b777ea58b5f6.yaml | 6 +
...ploy_setup_tasks-addition-63a9e4dfccc2132a.yaml | 6 +
...routed_network_aggregates-b23a7279643c6a70.yaml | 15 +
.../refactor-service-vips-a48739c1b2fab207.yaml | 54 ++
...reintroduce-keystone_corn-85290afe6bf8b019.yaml | 21 +
...dd_support_for_timemaster-a8dc3e4d5db4e8b3.yaml | 7 +
...efault-password-interface-55a4e85ef0ccef2f.yaml | 5 +
.../remove-ovn-vif_type-1c09bf29d1bd38da.yaml | 5 +
...tempest-container-support-8950767b0047c9af.yaml | 8 +
...remove-veritas-hyperscale-a0b5da7d882c853f.yaml | 12 +
...-recoverable-node-timeout-1fcd7a83f983e61b.yaml | 11 +
.../xtremio-add-ports-option-8991f7c8acc1aadb.yaml | 5 +
...o-iscsi-remove-deprecated-68a8830be3d4f2b8.yaml | 5 +
roles/BlockStorage.yaml | 3 +-
roles/CellController.yaml | 3 +-
roles/CephAll.yaml | 2 +-
roles/CephFile.yaml | 3 +-
roles/CephObject.yaml | 3 +-
roles/CephStorage.yaml | 3 +-
roles/Compute.yaml | 2 +-
roles/ComputeAlt.yaml | 3 +-
roles/ComputeDVR.yaml | 3 +-
roles/ComputeHCI.yaml | 2 +-
roles/ComputeHCIOvsDpdk.yaml | 2 +-
roles/ComputeHCISriov.yaml | 3 +-
roles/ComputeInstanceHA.yaml | 3 +-
roles/ComputeLiquidio.yaml | 3 +-
roles/ComputeLocalEphemeral.yaml | 2 +-
roles/ComputeOvsDpdk.yaml | 2 +-
roles/ComputeOvsDpdkRT.yaml | 2 +-
roles/ComputeOvsDpdkSriov.yaml | 3 +-
roles/ComputeOvsDpdkSriovRT.yaml | 3 +-
roles/ComputePPC64LE.yaml | 2 +-
roles/ComputeRBDEphemeral.yaml | 2 +-
roles/ComputeRealTime.yaml | 2 +-
roles/ComputeSriov.yaml | 2 +-
roles/ComputeSriovIB.yaml | 3 +-
roles/ComputeSriovRT.yaml | 2 +-
roles/Controller.yaml | 6 +-
roles/ControllerAllNovaStandalone.yaml | 5 +-
roles/ControllerNoCeph.yaml | 6 +-
roles/ControllerNovaStandalone.yaml | 5 +-
roles/ControllerOpenstack.yaml | 4 +-
roles/ControllerSriov.yaml | 6 +-
roles/ControllerStorageDashboard.yaml | 6 +-
roles/ControllerStorageNfs.yaml | 6 +-
roles/Database.yaml | 3 +-
roles/DistributedCompute.yaml | 3 +-
roles/DistributedComputeHCI.yaml | 3 +-
roles/DistributedComputeHCIDashboard.yaml | 2 +-
roles/DistributedComputeHCIScaleOut.yaml | 3 +-
roles/DistributedComputeScaleOut.yaml | 3 +-
roles/HciCephAll.yaml | 2 +-
roles/HciCephFile.yaml | 2 +-
roles/HciCephMon.yaml | 2 +-
roles/HciCephObject.yaml | 2 +-
roles/IronicConductor.yaml | 3 +-
roles/Messaging.yaml | 3 +-
roles/Minimal.yaml | 1 -
roles/Networker.yaml | 3 +-
roles/NetworkerSriov.yaml | 3 +-
roles/NovaManager.yaml | 2 +-
roles/Novacontrol.yaml | 3 +-
roles/ObjectStorage.yaml | 2 +-
roles/README.rst | 7 +-
roles/Standalone.yaml | 9 +-
roles/Telemetry.yaml | 3 +-
roles/Undercloud.yaml | 2 +-
roles/UndercloudMinion.yaml | 1 -
roles_data.yaml | 16 +-
roles_data_undercloud.yaml | 2 +-
sample-env-generator/dcn.yaml | 13 +-
sample-env-generator/enable-services.yaml | 173 +-----
sample-env-generator/ssl.yaml | 4 -
sample-env-generator/standalone.yaml | 12 +-
sample-env-generator/undercloud-minion.yaml | 8 +-
setup.cfg | 4 +-
test-requirements.txt | 1 +
tools/__init__.py | 0
tools/convert_heat_nic_config_to_ansible_j2.py | 513 +++++++++++++++++
tools/process-templates.py | 11 +
.../2-linux-bonds-vlans-controller.yaml | 344 ++++++++++++
.../heat_templates/bond-vlans-controller.yaml | 298 ++++++++++
.../heat_templates/complex.yaml | 237 ++++++++
.../multiple-nics-vlans-controller.yaml | 280 ++++++++++
.../heat_templates/simple.yaml | 51 ++
.../single-nic-linux-bridge-vlans-controller.yaml | 285 ++++++++++
.../single-nic-vlans-controller.yaml | 281 ++++++++++
.../2-linux-bonds-vlans-controller.j2 | 96 ++++
.../j2_references/bond-vlans-controller.j2 | 61 +++
.../j2_references/complex_complete.j2 | 48 ++
.../j2_references/complex_incomplete.j2 | 39 ++
.../multiple-nics-vlans-controller.j2 | 78 +++
.../j2_references/simple.j2 | 26 +
.../single-nic-linux-bridge-vlans-controller.j2 | 56 ++
.../j2_references/single-nic-vlans-controller.j2 | 51 ++
.../network_file_complex.yaml | 32 ++
.../networks_file_simple.yaml | 4 +
.../stack_env_complex.yaml | 17 +
.../stack_env_simple.yaml | 10 +
.../test_convert_heat_nic_config_to_ansible_j2.py | 303 ++++++++++
tools/yaml-validate.py | 45 +-
tox.ini | 12 +-
tripleo_heat_templates/environment_generator.py | 2 +-
zuul.d/layout.yaml | 6 +-
612 files changed, 14278 insertions(+), 6979 deletions(-)
Requirements updates
--------------------
diff --git a/test-requirements.txt b/test-requirements.txt
index 36bb9c41f..90fd4a994 100644
--- a/test-requirements.txt
+++ b/test-requirements.txt
@@ -16,0 +17 @@ ansible-runner>=1.4.2 # Apache
+ansible-lint[core,yamllint]>=5.0.5 # MIT/GPL
More information about the Release-announce
mailing list