[release-announce] tripleo-heat-templates 16.0.0

no-reply at openstack.org no-reply at openstack.org
Tue Apr 12 16:45:19 UTC 2022


We are excited to announce the release of:

tripleo-heat-templates 16.0.0: Heat templates for deploying OpenStack
with OpenStack.

The source is available from:

    https://opendev.org/openstack/tripleo-heat-templates

Download the package from:

    https://tarballs.openstack.org/tripleo-heat-templates/

For more details, please see below.

16.0.0
^^^^^^


New Features
************

* Add parameter to set the auth type for the snmpd_user.  Possible
  options are MD5 (which is what was hardcoded before and is the
  default now) and SHA.  This should be set to SHA on FIPS
  environments.

* Add IronicDefaultBootInterface parameter to allow users to set /
  override the default boot interface used by ironic. This may not
  work if a hardware type does not support the set boot interface.
  This overrides create-time defaults.  The ordered union of the
  enabled boot interfaces and hardware type determines, under normal
  circumstances, what the default will be.

* Since genisoimage was removed from CentOS9 / RHEL9, the nova's
  default "mkisofs_cmd" option will not work anymore. In RHEL/CentOS
  realm, "mkisofs" is an alias to alternatives that either map to
  "xorriso" (9) or "genisoimage" (8).

* * Added the Octavia TLS parameters.


* RabbitMQ can be configured to run in FIPS mode via the new
  configuration option RabbitFIPS.  The default value is false.

* Admin endpoint of Keystone listens on Internal API network by
  default.

* Logging for the designate bind backend is now more fully
  configured. DNS query logging can be enabled by setting
  *DesignateBindQueryLogging* to *true*.

* Neutron can now be configured to support secure RBAC using
  *EnforceSecureRbac*. Note, you may not be able to use this until
  Neutron upstream has support for common RBAC personas
  (https://docs.openstack.org/keystone/latest/admin/service-api-
  protection.html#roles-definitions).

* Keystone can now be configured to support secure RBAC personas
  (https://docs.openstack.org/keystone/latest/admin/service-api-
  protection.html#roles-definitions) with the *EnforceSecureRbac*
  setting. Note that deployments with mixed permission models will
  have unexpected side-effects. Setting this option won't have
  meaningful effect until all services in your deployment support
  secure RBAC personas.

* The new parameter "EnforceSecureRbac" has been added to enforce
  authorization based on common RBAC personas. Currently in glance the
  support is only available for project-admin, project-member and
  project-reader personas and system personas will come in a later
  release.

* The new "KeystoneNotificationDriver" parameter has been added.
  This parameter overrides the global "NotificationDriver" parameter
  and allows customizing notification driver only in Keystone, which
  is required to use notification listner function in Barbican.

* Add *NovaShowHostStatus* to allow overriding API policies to
  access the compute host status in the requested Nova server details.
  The default value 'hidden' allows only admins to access it. Setting
  it to 'all' ('unknown-only') without additional fine-grained tuning
  of *NovaApiHostStatusPolicy* shows the full (limited) *host_status*
  to the system/project readers.

  Add *NovaApiHostStatusPolicy* that defines a custom API policy for
  *os_compute_api:servers:show:host_status and
  `os_compute_api:servers:show:host_status:unknown-only*. These rules,
  or roles, replace the admins-only policies based on the given
  *NovaShowHostStatus*: 'unknown-only' shows the limited host status
  UNKNOWN whenever a heartbeat was not received within the configured
  threshold, and 'all' also reveals UP, DOWN, or MAINTENANCE statuses
  in the Nova server details. Finally, *NovaShowHostStatus*: 'hidden'
  puts it back being visible only for admins. Additional policies
  specified using *NovaApiPolicies* get merged with this policy.

* A heat parameter "IronicPowerStateChangeTimeout" has been added
  which sets the number of seconds to wait for power operations to
  complete, i.e., so that a baremetal node is in the desired power
  state. If timed out, the power operation is considered a failure.
  The default is 60 seconds, which is the same as the current Ironic
  default.

* Added "pure_iscsi_cidr" and "pure_host_personality" and
  "eradicate_on_delete" support for the Pure Storage FlashArray Cinder
  driver.

* Added "NovaDisableComputeServiceCheckForFfu" parameter to
  configure "nova::workarounds::disable_compute_service_check_for_ffu"
  to disable the service version check workaround for FFU.

* Adding Hugepages role parameter

  Hugepages management was always a manual step done by operators via
  the TripleO parameter "KernelArgs". This is error prone and causing
  confusion.

  The new "Hugepages" parameter allow operators to define hugepages as
  dictionnary, making it easier to read and follow.

  To prevent unvolontary changes, there's multiple validations before
  applying a change:

     * We convert the current running configurations to an actual
       dictionnary that we validate the new format against

     * If no change is necessary, even though the format might not
       be the same, there's no kernel_args update.

     * By default, we don't remove hugepages in places except when
       operators specifically set the "ReconfigureHugepages" to true.

  This change is also opening the door to more automations and
  automatic tuning.


Upgrade Notes
*************

* Support for the following three volume drivers have been removed.

  * Dell EMC ScaleIO

  * Dell EMC VxFlexOS

  * Dell EMC VMAX

* The following services should be removed from roles data during
  upgrade.

  * "OS::TripleO::Services::CinderBackendScaleIO"

  * "OS::TripleO::Services::CinderBackendDellEMCVxFlexOS"

  * "OS::Tripleo::Services::CinderBackendDellEMCVMAXISCSI"

* Redis is now disabled by default in new deployments, so existing
  deployments have to delete the redis resource in pacemaker prior to
  upgrade, or include the new environment file ha-redis.yaml if they
  still implicitely depend on redis.

* Support for networking-bigswitch has been removed, because the
  plugin is no longer maineined.

* Support for the novajoin service has been removed.

* The "OS::TripleO::Service::Novajoin" resource has been removed. It
  should be removed from roles data before upgrade.

* The default boot mode for ironic deployed nodes is now "uefi" when
  no boot mode is explicitly set in the node's driver_info,
  capabilities, or instance_info configuration. To restore the
  previous default, set the heat parameter "IronicDefaultBootMode" to
  "bios".

* The default UEFI iPXE bootfile is now *snponly.efi*. The boolean
  parameter *IronicIPXEUefiSnpOnly* was added to allow custom
  configuration. When set to *true* snponly is used, when *false* the
  previous default ipxe.efi is used. See bug: 1959726
  (https://bugs.launchpad.net/tripleo/+bug/1959726).


Deprecation Notes
*****************

* The MlnxSDNUsername and MlnxSDNPassword have been deprecated and
  have no effect

* The "MysqlIncreaseFileLimit" parameter has been deprecated and has
  no effect now.

* The "IronicIpVersion" parameter has been deprecated and has no
  effect.

* Using environments/enable-designate.yaml has been deprecated in
  favor of environments/services/designate.yaml, the current location
  for environment files that enable TripleO components.

* With the switch to ephemeral heat for the overcloud, the
  UndercloudMinion is no longer viable. Deploying UndercloudMinion is
  not supported anymore and environments files to enable its
  deployment are dropped.


Bug Fixes
*********

* Adds the port used for directly accessing Ironic-Inspector using
  TLS, 13050, to the list of ports to permit inbound connections on.

* Rsyslog config for haproxy
  (https://bugs.launchpad.net/tripleo/+bug/1953672)

* Before this patch, invalid certificates would be detected close to
  the end of the deployment.  In small environments, this comes fast
  but in an environment with a large number of nodes, failures would
  come really late after a few hours of deployment.   With this
  validation, it now fails before step1 at host_prep_steps if the
  certificate is smaller than 512 bytes if UsePublicTLS is set to true
  and PublicSSLCertificateAutogenerated is set to false.  It will also
  use openssl to verify the state of the certificate and fail if the
  certificate is invalid or expired.

* When we install libvirt on a host, the system parameter "fs.aio-
  max- nr" is to 1048576. Since we containerized libvirtd, we lost
  this system parameter. We now make sure it's defined by adding it
  from the nova-libvirt-common template.

* Enable Swift replicators in single replica mode to ensure cleanup
  of old tombstone (.ts) files. Sleep interval between replication
  runs is set to 24 hours to prevent unneeded load on the systems if
  no replication is needed.


Other Notes
***********

* A new param MlnxSDNToken has been added to authenticate sdn
  controller

* Steps are taken to minimize chances of confusion between the
  default block storage volume type established by the
  CinderDefaultVolumeType parameter, and cinder's own __DEFAULT__
  volume type.

  In a new deployment where no volumes exist, cinder's __DEFAULT__
  type is deleted because it is redundant. In an upgrade scenerio, if
  volumes exist then the __DEFAULT__ type's description is updated to
  indicate the actual default volume type is the one established by
  the CinderDefaultVolumeType parameter.

* "OvsDpdkDriverType" is now deprecated. Note that is had no effect
  since we upgraded to OVS 2.6, where we stopped supporting the
  configuration of DPDK driver in puppet-vswitch. Since then, we
  couldn't change the driver; so we can safely deprecate this
  parameter and remove it in a future release.

* "podman image prune" is no longer used on the undercloud to remove
  unused images during the undercloud update/upgrade. With the usage
  of ephemeral Heat, not all images will always be used by running or
  stopped containers, so "podman image prune" should not be used to
  clean up the local container image storage. Images that are no
  longer being used can still be removed individually with "podman
  rmi".

Changes in tripleo-heat-templates 15.1.0..16.0.0
------------------------------------------------

5136dd9d8 Have Ceph log to a file for scenario 001/004
720dd1482 Add HostnameFormatDefault for Ceph related roles
07adbb7b7 Update .gitignore
de668b4ec Use FQCN for ansible builtin tasks
4d23590ca Ceilometer: Remove incomplete cache parameters
6f8a5bc1e Memcached: Allow puppet to be aware IPv6 is used
e66f495b1 Include redis templates in Octavia configuration
15744039d Increase stop_grace_period for Octavia controller services
0fa959acb Add support for ovn bgp agent
20230cd59 Remove support for the novajoin service
df569e638 Fix typo in HciCephObject role tag
115439e6b Add missing option for rgw/swift compatibility
5d1e6f8c0 Added log volumes for ceilometer-agent-ipmi
d3d20bb44 Etcd: Update cluster membership when replacing a node
881334004 Ironic: Use generated dnsmasq conf file
875155550 Add Octavia TLS parameters
0d4fbc86a Remove support for Nuage core plugin
e99a251ad Use consistent indent in .sh files
5249a06d4 Nova: Fix missing cache backend
d0ca9fe63 Fix trailing slashes in bind-mounts and linting
35eb903a8 Fix network-environment.yaml ipv6 {{network.name}}Routes
5bf166be6 Drop services not used for undercloud role
243f80b8b Octavia: Add missing region_name parameters
f59346887 Cinder: Remove leftover of Dell EMC VMAX driver support
a2674a176 Update Ceph client service to handle external Ceph
4dc74ac16 Add CephIngress resource
fa69bfc1e Disable GSSAPIAuthentication by default
f97c99bc2 Use puppet parameters instead of hieradata key
b35015b30 Fix sshd host_prep_tasks
309c89e90 Only run mysql upgrade commands when needed
263fee246 Ensure db initialization is not executed by puppet
087d67733 Designate: Ensure pool management by puppet is disabled
1d77d9af2 Don't add conntrack entries for vxlan
67969af3d Remove support for networking-bigswitch
7ec40a3c5 Added NovaDisableComputeServiceCheckForFfu var
a8b849f03 Remove unused deployed_server_port_map output
219817528 Remove Nova from undercloud during upgrades
1395d1c49 Update Barbican Orders policy for secure-rbac
7ca6a836f rsyslog: Add missing logging sources for gnocchi services
e07098b53 rsyslog: Add missing logging sources for aodh services
a1b967faf Add support for additional log sources for rsyslog
7f8876ce7 Sync updated DB root password in running container
2329e416e Required DDP package is not loaded issue
88f2dfbba Update of OVN controllers as an external task.
e1de2bcb7 Add CephNfs service on roles providing "external" network connectivity
9ed9c8da5 Horizon: Fix the wrong policy parameters
b1e1df2b7 Enable designate-dashboard
ae866ab47 Adding Hugepages role parameter
c275d7870 Do not run puppet in docker_config
0c3ea4c28 Allow nic-config conversion without Heat
27b8210fd Align defaults for SoftwareConfigTransport
64a19091a Run the SSL verification at step2
18e7522d6 Fix ca-certs-baremetal-puppet.yaml description in header
71ed74176 Update Barbican Secure-RBAC policy
9cb551201 Cleanup openldap certs database
19b0b7429 Remove "ceph" tags for the TripleO cephadm branch
d72a23759 Expose tripleo_cephadm_default_container boolean
e93b454d6 Redis: Hard-code paths of configuration files
5746310b6 Replace dnf by tripleo_dnf_stream for updates.
cd7d10133 Move zuul jobs layout to centos9 only for master branch
daa48254e Exclude /etc/openldap to avoid overriding ro file
7e8d88afa Allow deployments to run when selinux is disabled
fceeb2fbd Fix AnyErrorsFatal type
85ccef292 Fix Redis config generation when fd limit changes
3ae6ce355 Don't bind host's /run in multipathd container
d5701e6ce Validate SSLCertificate is defined
a3fa2a052 Nova: Use cross_az_attach from nova::cinder
19c11813d Fix ironic boot interface for undercloud
ceed5ac9e Fix OS_CLOUD for multistack and nova az tasks
acf032a09 Designate: miniDNS and bind9 instances on the proper networks
d3a6e7a99 Start the neutron metadata agent with cgroupns host
bd13adefd Add parameter IronicIPXEUefiSnpOnly
7eb280ace Skip podman purge on Undercloud
33d4b44ae Remove unused environment file
7bb44f26b Enable clean-up service for novajoin by default
17004426a Drop Nova and NovaJoin services from UC role data
b2b9e983c Add heat::trustee parameters
ec33ab404 Disable heat by default in favor of ephemeral-heat.
caed5081e Keystone: Use system-admin to create resources
c2d110257 Use Internal API by default for Keystone admin endpoint
c3affa49a Nova: Use internal endpoint to access Keystone
97c1306b2 Defining fs.aio-max-nr for hosts with libvirt service
ff7bc29c7 Added rabbit FIPS flag to FIPS env fle
3f7db6a9a Placement: Enable proxy headers parsing
8e28fde39 Allow neutron to configure secure RBAC options
9aa90bd1a Skip 'ensure dnf modules' for CS9 on undercloud-upgrade
59edff435 Add RabbitFIPS parameter
dde9a258d Update dervice_pci script to handle pci address formats
6ff47463b Configure logging for designate bind backend
ebab335f3 Role specific container support
db63209ae Revert "Update cell0 db connection, if required"
e36f44cad Check if passthrough user_config is decoded properly from hiera data
ed560e46c Pass OS_CLOUD env when migrating to heat ephemeral.
cef35a45a Fix cloud-init detection rules
97a2bd2ca Reduce frequency of task retries
5b9648dd9 Disable libvirtd and stop it
2caf85f84 fix path typo
72e75597c Fix ignored OctaviaControlSecurityGroup
dfeb0e643 Nova: Configure [keystone] parameters
a1f6142b9 Missing OVN Parameters
9b5dba49e Cinder: Remove support for deprecated Dell EMC volume drivers
d57f9a877 Add ironic-inspector TLS endpoint port to be reachable
277ef9bbc README: Remove OVN row
f63176e97 Horizon: Manage policy files
4362c14ce Disable metrics_qdr binding in HAProxyEdge
b4a9058b8 Make sure libvirt guests shut down before network
2a27e8bdb Enable policy rule management in nova-compute
a170d70e2 Add OVNContainerCpusetCpus
5326c3d5e Move *NetworkConfigTemplate to parameter_defaults
81d546a23 Add show unknown only host_status to scn002
b11c78a02 Add show all host_status policy to scn001
2b9461e97 Fix remaining usage of internal url for www_authenticate_uri
3a04690cd Enable notification from Keystone when Barbican is enabled
4e078fc42 Handle ping test ips when not available
392abfd2a Include subnet in unbound colloc port creation to ensure IP allocation
b49da7236 Allow keystone to configure secure RBAC options
dfd28f7b1 Revert "Revert "Add chrony waitsync back in""
98e9b2983 Align services of ControllerSriov role
21bd42b4f Revert "Add chrony waitsync back in"
925af6378 Add generated deployed network environment
4f7e4fd18 Fix killscript regex match for libpod-conmon-*
62ded067d Fix IPv6 router on UC re-install
8d46c9c38 Add chrony waitsync back in
160936df1 Use public endpoint for [keystone_authtoken] www_authenticate_uri
3e4135aa3 Add CephAdmVerbose variable
6d142165f IDM server registration is fixed to one server only
ee617c09a Add missing services to ControllerNovaStandalone role
15ff29cf1 Fix IronicImageDownloadSource on undercloud
71012af59 Replace deprecated octavia::controller::port_detach_timeout
4c1206938 Remove hieradata for Redis Sentinel
423644945 Check that redis is removed prior to FFU
98d731768 Use Python3 yoga unit tests
157d0c112 Start the l3 agent with cgroupns: host
97da97eda Fix external-ceph deployment directory reference
008b55afa fix InternalApi subnet for ControllerNovaStandalone role
d8475ede4 Remove tripleo_ovn_mac_port_name port tag
eae88fe0a Sync neutron-ovs-dvr.yaml copies
3983bc744 Update cell0 db connection, if required
cb24c0bff Revert "Fix the wrong parameter name to disable management of libvirt services"
c3bb91338 Missing rsyslog parameters for HAProxy
20368af84 Fix the wrong parameter name to disable management of libvirt services
9d4d7f9a6 Manage octavia flavor in tripleo-ansible
9d06a3c7e Exec libvirtd in a transient scope
a77d5ebde Make tools scripts executable
2e4f35b07 Add templates for custom network ci job
a88c32f51 Replace deprecated manila::sql_connection
5e77f8198 Manila: Use internal endpoints to access other services
e78fbfb99 Nova: Use internal endpoint to access Neutron API
efdbece13 Run designate-api under apache
a035de7d3 Remove setype for /var/log/containers creation
98af86994 Parameters for API policies to show a host status
7a99ae23e Introduce a new linter for yaml-validate, and correct issues
613dd92d8 Add a configuration option to enable secure RBAC in Heat
1f868ba53 Ensure we bind-mount /dev instead of /dev/
579102e54 Sc001: Enable glance image import methods
4df0b3519 Neutron: Use internal endpoint when accessing Placement API
3b80985e5 Assign project-scoped service role for token validation
e6f24185b CoreServices list has to be flatten
08c5e74d3 Placement: Define root path explicitly
0436025d8 Add IronicDefaultBootInterface parameter
3055a4f11 Use only internal endpoints in Octavia controller services
1127ac015 Accept lists for Manila*ShareDataPools and Manila*EthernetPorts
7e1ee7511 set manila context-is-admin policy rule for secure-rbac
dbf5d36fd Add timestamps to nova/placement wait for scripts
969043bef Correct the multiple_nics_vlans_dvr.j2 file path
06787c853 Add support for powermax.
6dc38e414 Fix doc link
531aecc4b Fix convert_v1_net_data.py - ipv6 property
3a0b86e4e Add ephemeral Heat entry to clouds.yaml
047499937 Fix condition to add per subnet routes parameter
ee846d21e [Neutron] Add custom env file to set dns_domain_name
0555ee4df [Pure Storage] Set default parameter for iscsi cidr
368102b14 Deprecate ineffective MysqlIncreaseFileLimit
efc328c66 Make PingTestGatewayIPsMap a map of flatten lists
1f79df6da Update project personas policies in custom neutron policy
70720d21d [Pure Storage] Add new FlashArray Cinder driver params
632afe18c Add rgw max attributes constraints
c72579637 neutron: Stop setting the allow_overlapping_ips parameter
925e2db46 Keystone: Remove unused container_puppet_tasks
8cb2fd898 Fix logic related to CinderEtcdLocalConnect parameter
7f04caaf4 Use a designate specific directory for the bind persistent storage
0265f9572 Clean up update converge file
1314f345f [ovn] Deleting ovn agents during scale down tasks
61a1dcc3b Remove double slashes in path
a287ebc42 Add socket keepalive options for the pymemcache backend
839ddccdb Implement project personas in custom barbican policy file
0fe7045fa Deprecate env/enable-designate in favor of env/services/designate.yaml
b3863568a Fix set_fact on the CephMgrAnsibleVars
52ed0f05b Remove old non-ha container removal tasks
6d8091240 task-core basic framework
5d830980e Add ping test for all networks gateway IPs
d98009ae4 Change authentication method for Mellanox sdn controller
d33865cde Remove mariadb-server packages from the host
f2fd2a856 Add ovn_chassis_mac_map to ExtraConfig role
273b41a5d Use ServiceNetMap to filter PublicNetwork in haproxy-tls
f6eddad78 Don't use service_net_map_replace in krb-svc-principals
65151adc1 Add parameter IronicPowerStateChangeTimeout
48ed6294c Do not error out when a network is ipv6 only
040859a73 Clean up implementation to manage volume type by puppet
82a0781b4 Revert "Fix TLS-e with custom network names"
4bf486603 Clear up confusion on cinder's default volume type
4ba798c57 Add environment file for FIPS deployments
e2f6aec3e Add auth type for snmpd readonly user
6bae260bc Fix TLS-e with custom network names
26b05056e Adding NovaMkisofsCmd parameter to nova-compute
20311a0a5 Flatten yaql list expressions
f8e7bf2bb Do not set rabbitmq SSL CA certs when InternalTLSCAFile is ''
6b50e1622 Flatten yaql list expressions
b3e5e03d6 Drop UndercloudMinion environments
6b4a4389f Remove ganesha_vip extra config workaround
716fe9bc6 Deprecate `OvsDpdkDriverType` parameter
015fc41bd Sc04: Enable glance sparse image upload
ba7f896c5 Revert "Enable fernet token cache by default"
9193090b1 Allow configuring secure RBAC in glance
1cbd03a13 Use double quotes for string comparisons policies in glance
34b7d28e6 Drop non-bundle manila from puppet-config
76adfd420 Use true/false for boolean values
4d6dc5308 Refactor usage of QemuMemoryBackingDir
f834c26d5 Enable new SELinux boolean for vTPM support
f664302c3 Enable new SELinux boolean for vTPM support
40d5282eb follow-up: Enable support for Libvirt modular daemons
42d746921 Introduce ApplyCephConfigOverridesOnUpdate
3d2fec12b Implement project personas in custom cinder policy file
9e30f281f Remove network_virtual_ips hard-coded name filter
c0b778301 GaneshaNetwork - fallback -> external -> ctlplane
2202412db Implement project personas in custom neutron policy file
433cc9375 Implement project personas in custom keystone policy file
b522254bc Remove six library
b30b3cc82 Implement project personas in custom placement policy file
5a43e8a30 Use EnableInternalTLS to set pssl in nb and sb
4477e2862 Implement project personas in custom manila policy file
716492274 Deprecate IronicIpVersion
9d6f24131 Set default value of IronicDefaultBootMode to uefi
9be1b7746 Run Swift replicators in single replica mode
762f5056d Allow Swift to configure secure RBAC options
93d06c2b9 Cinder: Update puppet parameters to set castellan options
ccacb548e Enable enable_proxy_headers_parsing in Designate API
5e5472337 Add note indicating only Controllers use network VIPs
e618ad8d3 Honor the ExternalSwiftUserTenant parameter


Diffstat (except docs and test files)
-------------------------------------

.gitignore                                         |   17 +-
README.rst                                         |    2 -
ci/custom_ci_roles_data.yaml                       |  263 ++++
ci/custom_names_network_data.yaml                  |   60 +
ci/custom_names_vip_data.yaml                      |    6 +
.../multiple-nics/custom-network-environment.yaml  |   27 +
ci/environments/neutron_dns_domain.yaml            |    2 +
ci/environments/scenario000-standalone.yaml        |    2 -
ci/environments/scenario001-standalone.yaml        |   27 +-
ci/environments/scenario002-standalone.yaml        |    1 +
ci/environments/scenario004-standalone.yaml        |   14 +-
common/common-container-setup-tasks.yaml           |    3 +-
common/container-puppet.sh                         |    4 +-
common/deploy-steps-playbooks-common.yaml          |   20 +-
common/deploy-steps-tasks-step-0.j2.yaml           |    6 +
common/deploy-steps-tasks-step-1.yaml              |   28 +-
common/deploy-steps-tasks.yaml                     |    8 +-
common/deploy-steps.j2                             |   84 +-
common/generate-config-tasks.yaml                  |    2 +-
common/host-container-puppet-tasks.yaml            |    4 +-
common/services/deployment-bootstrap.yaml          |   71 +
common/services/deployment-host-prep.yaml          |   52 +
common/services/deployment-legacy-deploy.yaml      |   31 +
common/services/deployment-network.yaml            |   41 +
common/services/deployment-post-deploy.yaml        |   42 +
common/services/deployment-state.yaml              |  104 ++
common/services/role.role.j2.yaml                  |   21 +-
.../nova_wait_for_api_service.py                   |   27 +-
.../nova_wait_for_compute_service.py               |   27 +-
.../pacemaker_restart_bundle.sh                    |   28 +-
container_config_scripts/pacemaker_wait_bundle.sh  |   94 +-
.../placement_wait_for_service.py                  |   26 +-
deployment/README.rst                              |    3 +
deployment/aodh/aodh-api-container-puppet.yaml     |   40 +-
.../aodh/aodh-evaluator-container-puppet.yaml      |   34 +-
.../aodh/aodh-listener-container-puppet.yaml       |   33 +-
.../aodh/aodh-notifier-container-puppet.yaml       |   33 +-
.../barbican/barbican-api-container-puppet.yaml    |   47 +-
deployment/barbican/barbican-client-puppet.yaml    |    8 +-
.../ceilometer-agent-central-container-puppet.yaml |   25 +-
.../ceilometer-agent-compute-container-puppet.yaml |   31 +-
.../ceilometer-agent-ipmi-container-puppet.yaml    |   25 +-
...ometer-agent-notification-container-puppet.yaml |   29 +-
.../ceilometer-base-container-puppet.yaml          |   13 +-
deployment/cephadm/ceph-base.yaml                  |   25 +-
deployment/cephadm/ceph-client.yaml                |   30 +-
deployment/cephadm/ceph-external.yaml              |    2 -
deployment/cephadm/ceph-grafana.yaml               |    2 -
deployment/cephadm/ceph-ingress.yaml               |   72 +
deployment/cephadm/ceph-mgr.yaml                   |   32 +-
deployment/cephadm/ceph-nfs.yaml                   |    6 +-
deployment/cephadm/ceph-osd.yaml                   |    2 -
deployment/cephadm/ceph-rbdmirror.yaml             |    2 -
deployment/cephadm/ceph-rgw.yaml                   |    8 +-
deployment/certs/ca-certs-baremetal-puppet.yaml    |    2 +-
deployment/cinder/cinder-api-container-puppet.yaml |   78 +-
.../cinder-backend-dellemc-vmax-iscsi-puppet.yaml  |   82 -
deployment/cinder/cinder-backend-pure-puppet.yaml  |   30 +
.../cinder/cinder-backup-container-puppet.yaml     |   29 +-
.../cinder/cinder-backup-pacemaker-puppet.yaml     |   49 +-
.../cinder/cinder-common-container-puppet.yaml     |   12 +-
.../cinder/cinder-scheduler-container-puppet.yaml  |   29 +-
.../cinder/cinder-volume-container-puppet.yaml     |   24 +-
.../cinder/cinder-volume-pacemaker-puppet.yaml     |   49 +-
deployment/database/mysql-base.yaml                |    3 +-
deployment/database/mysql-container-puppet.yaml    |   26 +-
deployment/database/mysql-pacemaker-puppet.yaml    |  102 +-
deployment/database/redis-base-puppet.yaml         |   16 -
deployment/database/redis-container-puppet.yaml    |   32 +-
deployment/database/redis-pacemaker-puppet.yaml    |   50 +-
.../cinder-backend-dellemc-vxflexos-puppet.yaml    |  172 ---
.../cinder/cinder-backend-scaleio-puppet.yaml      |  153 --
deployment/deprecated/multipathd-container.yaml    |   26 +-
.../nova/nova-libvirt-container-puppet.yaml        |   42 +-
.../novajoin/ipaclient-baremetal-ansible.yaml      |  191 ---
.../novajoin/novajoin-container-puppet.yaml        |  273 ----
.../designate/designate-api-container-puppet.yaml  |   78 +-
deployment/designate/designate-base.yaml           |   21 +-
deployment/designate/designate-bind-container.yaml |   48 +-
.../designate-central-container-puppet.yaml        |   23 +-
.../designate/designate-mdns-container-puppet.yaml |   31 +-
.../designate-producer-container-puppet.yaml       |   22 +-
.../designate/designate-sink-container-puppet.yaml |   22 +-
.../designate-worker-container-puppet.yaml         |   22 +-
deployment/etcd/etcd-container-puppet.yaml         |  195 ++-
deployment/frr/frr-container-ansible.yaml          |  198 ++-
deployment/glance/glance-api-container-puppet.yaml |   45 +-
.../gnocchi/gnocchi-api-container-puppet.yaml      |   28 +-
.../gnocchi/gnocchi-metricd-container-puppet.yaml  |   34 +-
.../gnocchi/gnocchi-statsd-container-puppet.yaml   |   34 +-
deployment/haproxy/haproxy-container-puppet.yaml   |   38 +-
.../haproxy/haproxy-edge-container-puppet.yaml     |    1 +
.../haproxy-internal-tls-certmonger.j2.yaml        |   24 +-
deployment/haproxy/haproxy-pacemaker-puppet.yaml   |   87 +-
deployment/heat/heat-api-cfn-container-puppet.yaml |   25 +-
deployment/heat/heat-api-container-puppet.yaml     |   29 +-
deployment/heat/heat-base-puppet.yaml              |   23 +-
deployment/heat/heat-engine-container-puppet.yaml  |   29 +-
.../heat/heat-ephemeral-container-ansible.yaml     |   60 +-
deployment/horizon/horizon-container-puppet.yaml   |   27 +-
.../image-serve/image-serve-baremetal-ansible.yaml |    2 +-
deployment/ipa/ipaservices-baremetal-ansible.yaml  |   10 +-
deployment/ironic/ironic-api-container-puppet.yaml |   25 +-
.../ironic/ironic-conductor-container-puppet.yaml  |   54 +-
.../ironic/ironic-inspector-container-puppet.yaml  |   29 +-
.../ironic-neutron-agent-container-puppet.yaml     |   22 +-
deployment/ironic/ironic-pxe-container-puppet.yaml |   31 +-
deployment/iscsid/iscsid-container-puppet.yaml     |   16 +-
deployment/kernel/kernel-baremetal-ansible.yaml    |   22 +-
.../kernel-boot-params-baremetal-ansible.yaml      |   33 +
deployment/keystone/keystone-container-puppet.yaml |  102 +-
deployment/logging/files/barbican-api.yaml         |   22 +-
deployment/logging/files/glance-api.yaml           |   22 +-
deployment/logging/files/heat-engine.yaml          |   22 +-
deployment/logging/files/keystone.yaml             |   22 +-
deployment/logging/files/neutron-api.yaml          |   22 +-
deployment/logging/files/nova-api.yaml             |   22 +-
deployment/logging/files/nova-common.yaml          |   19 +-
deployment/logging/files/nova-libvirt.yaml         |   40 +-
deployment/logging/files/nova-metadata.yaml        |   22 +-
deployment/logging/files/placement-api.yaml        |   22 +-
deployment/logging/rsyslog-container-puppet.yaml   |   34 +-
.../logging/rsyslog-sidecar-container-puppet.yaml  |   18 +-
deployment/logging/stdout/barbican-api.yaml        |   34 +-
deployment/logging/stdout/haproxy.yaml             |   26 +-
deployment/logging/stdout/heat-api-cfn.yaml        |   34 +-
deployment/logging/stdout/heat-api.yaml            |   34 +-
deployment/logging/stdout/keystone.yaml            |   34 +-
deployment/logging/stdout/nova-api.yaml            |   34 +-
deployment/logging/stdout/nova-common.yaml         |    2 +
deployment/logging/stdout/nova-libvirt.yaml        |   95 ++
deployment/logging/stdout/nova-metadata.yaml       |   34 +-
deployment/logging/stdout/placement-api.yaml       |   34 +-
.../logrotate-crond-container-puppet.yaml          |   29 +-
deployment/manila/manila-api-container-puppet.yaml |   46 +-
deployment/manila/manila-backend-powermax.yaml     |   80 +
deployment/manila/manila-backend-unity.yaml        |    8 +-
deployment/manila/manila-backend-vmax.yaml         |    8 +-
deployment/manila/manila-backend-vnx.yaml          |    8 +-
deployment/manila/manila-base.yaml                 |    2 +-
.../manila/manila-scheduler-container-puppet.yaml  |   29 +-
deployment/manila/manila-share-common.yaml         |    4 +-
.../manila/manila-share-container-puppet.yaml      |   27 +-
.../manila/manila-share-pacemaker-puppet.yaml      |   36 +-
.../memcached/memcached-container-puppet.yaml      |   46 +-
.../messaging/rpc-qdrouterd-container-puppet.yaml  |   22 +-
deployment/metrics/collectd-container-ansible.yaml |   22 +-
deployment/metrics/collectd-container-puppet.yaml  |   24 +-
deployment/metrics/qdr-container-ansible.yaml      |   15 +-
deployment/metrics/qdr-container-puppet.yaml       |   22 +-
.../multipathd/multipathd-container-ansible.yaml   |   23 +-
.../neutron/derive_pci_passthrough_whitelist.py    |  502 ++++--
deployment/neutron/kill-script                     |    2 +-
.../neutron-agents-ib-config-container-puppet.yaml |   46 +-
.../neutron/neutron-api-container-puppet.yaml      |   47 +-
deployment/neutron/neutron-base.yaml               |    1 -
.../neutron-bgpvpn-api-container-puppet.yaml       |   16 +-
.../neutron-bigswitch-agent-baremetal-puppet.yaml  |   37 -
.../neutron/neutron-dhcp-container-puppet.yaml     |   35 +-
.../neutron/neutron-l2gw-api-container-puppet.yaml |   18 +-
.../neutron/neutron-l3-container-puppet.yaml       |   30 +-
.../neutron/neutron-metadata-container-puppet.yaml |   30 +-
.../neutron-mlnx-agent-container-puppet.yaml       |   52 +-
.../neutron-ovs-agent-container-puppet.yaml        |   95 +-
.../neutron-ovs-dpdk-agent-container-puppet.yaml   |    8 +-
...eutron-plugin-ml2-ansible-container-puppet.yaml |   16 +-
...tron-plugin-ml2-cisco-vts-container-puppet.yaml |   16 +-
.../neutron-plugin-ml2-container-puppet.yaml       |   16 +-
...lugin-ml2-mlnx-sdn-assist-container-puppet.yaml |   38 +-
.../neutron-plugin-nsx-container-puppet.yaml       |   18 +-
deployment/neutron/neutron-plugin-nuage.yaml       |   96 --
.../neutron/neutron-sfc-api-container-puppet.yaml  |   18 +-
.../neutron-sriov-agent-container-puppet.yaml      |   19 +-
deployment/nova/nova-api-container-puppet.yaml     |   89 +-
deployment/nova/nova-az-config.yaml                |   23 +-
deployment/nova/nova-base-puppet.yaml              |  106 +-
.../nova/nova-compute-common-container-puppet.yaml |    2 +-
deployment/nova/nova-compute-container-puppet.yaml |   56 +-
.../nova/nova-conductor-container-puppet.yaml      |   30 +-
deployment/nova/nova-ironic-container-puppet.yaml  |   32 +-
...a-virt-common.yaml => nova-libvirt-common.yaml} |   22 +-
.../nova/nova-libvirt-guests-container-puppet.yaml |    6 +-
deployment/nova/nova-manager-container-puppet.yaml |   15 +-
.../nova/nova-metadata-container-puppet.yaml       |   25 +-
.../nova-migration-target-container-puppet.yaml    |   24 +-
.../nova-modular-libvirt-container-puppet.yaml     |   98 +-
.../nova/nova-scheduler-container-puppet.yaml      |   31 +-
.../nova/nova-vnc-proxy-container-puppet.yaml      |   37 +-
.../octavia/octavia-api-container-puppet.yaml      |   82 +-
deployment/octavia/octavia-base.yaml               |   12 +-
.../octavia/octavia-deployment-config.j2.yaml      |   23 +-
.../octavia-health-manager-container-puppet.yaml   |   32 +-
.../octavia-housekeeping-container-puppet.yaml     |   26 +-
.../octavia/octavia-worker-container-puppet.yaml   |   33 +-
.../openvswitch-dpdk-baremetal-ansible.yaml        |   11 +-
...vswitch-dpdk-netcontrold-container-ansible.yaml |   16 +-
.../ovn/ovn-controller-container-puppet.yaml       |  233 ++-
deployment/ovn/ovn-dbs-cluster-ansible.yaml        |   30 +-
deployment/ovn/ovn-dbs-container-puppet.yaml       |   47 +-
deployment/ovn/ovn-dbs-pacemaker-puppet.yaml       |   49 +-
deployment/ovn/ovn-metadata-container-puppet.yaml  |   28 +-
.../pacemaker/clustercheck-container-puppet.yaml   |   22 +-
.../pacemaker/pacemaker-baremetal-puppet.yaml      |   25 +-
.../pacemaker-remote-baremetal-puppet.yaml         |    6 +-
.../placement/placement-api-container-puppet.yaml  |   32 +-
deployment/podman/podman-baremetal-ansible.yaml    |   22 +
deployment/qdr/qdrouterd-container-puppet.yaml     |   22 +-
deployment/rabbitmq/rabbitmq-container-puppet.yaml |   38 +-
...rabbitmq-messaging-notify-container-puppet.yaml |   24 +-
...rabbitmq-messaging-notify-pacemaker-puppet.yaml |   51 +-
.../rabbitmq-messaging-pacemaker-puppet.yaml       |   51 +-
.../rabbitmq-messaging-rpc-container-puppet.yaml   |   24 +-
.../rabbitmq-messaging-rpc-pacemaker-puppet.yaml   |   51 +-
deployment/snmp/snmp-baremetal-puppet.yaml         |    5 +
deployment/sshd/sshd-baremetal-ansible.yaml        |    6 +-
deployment/sshd/sshd-baremetal-puppet.yaml         |    2 +-
.../external-swift-proxy-baremetal-puppet.yaml     |    2 +
deployment/swift/swift-proxy-container-puppet.yaml |   42 +-
.../swift/swift-ringbuilder-container-puppet.yaml  |   18 +-
.../swift/swift-storage-container-puppet.yaml      |  155 +-
deployment/timesync/chrony-baremetal-ansible.yaml  |    6 +-
.../tripleo-packages-baremetal-puppet.yaml         |   33 +-
deployment/unbound/unbound-container-ansible.yaml  |   39 +-
deployment/undercloud/minion-rabbitmq-puppet.yaml  |   65 -
deployment/undercloud/undercloud-upgrade.yaml      |   41 +-
environments/cinder-dellemc-vmax-iscsi-config.yaml |   12 -
environments/cinder-dellemc-vxflexos-config.yaml   |   39 -
environments/cinder-pure-config.yaml               |    3 +
environments/cinder-scaleio-config.yaml            |   39 -
...ontainerized-control-plane-dellemc-scaleio.yaml |   35 -
environments/deployed-network-environment.j2.yaml  |   65 +
environments/deployed-networks.yaml                |    2 +-
environments/disable-neutron.yaml                  |    1 -
environments/docker-ha.yaml                        |    1 -
environments/enable-designate.yaml                 |   15 +-
environments/enable-secure-rbac.yaml               | 1598 +++++++++-----------
environments/external-ceph.yaml                    |    2 +-
environments/fips.yaml                             |    9 +
environments/ha-redis.yaml                         |    6 +
environments/lifecycle/update-converge.yaml        |    7 -
environments/manila-cephfsganesha-config.yaml      |    1 +
environments/manila-powermax-config.yaml           |   20 +
environments/net-multiple-nics-vlans.j2.yaml       |    2 +-
environments/network-environment-v6.j2.yaml        |    4 +-
environments/network-environment.j2.yaml           |    9 +-
environments/neutron-ml2-bigswitch.yaml            |   31 -
environments/neutron-ml2-mlnx-sdn.yaml             |    3 +-
environments/neutron-ovs-dvr.yaml                  |   13 +-
environments/rhsm.yaml                             |    2 +-
environments/services-baremetal/barbican.yaml      |    3 +
environments/services-baremetal/octavia.yaml       |    2 +-
environments/services/barbican.yaml                |    3 +
environments/services/designate.yaml               |   20 +
environments/services/frr.yaml                     |    4 +
environments/services/neutron-ovn-dpdk.yaml        |    3 +
environments/services/neutron-ovn-sriov.yaml       |    2 +
environments/services/neutron-ovs-dpdk.yaml        |    1 -
environments/services/neutron-ovs-dvr.yaml         |    6 +-
environments/services/novajoin.yaml                |    5 -
environments/services/octavia.yaml                 |    2 +-
.../services/undercloud-remove-novajoin.yaml       |    4 -
environments/ssl/tls-endpoints-public-dns.yaml     |    1 -
environments/ssl/tls-endpoints-public-ip.yaml      |    1 -
environments/ssl/tls-everywhere-endpoints-dns.yaml |    3 -
environments/undercloud-enable-nova.yaml           |    6 -
environments/undercloud.yaml                       |   14 +-
environments/undercloud/undercloud-minion.yaml     |  289 ----
.../update-from-keystone-admin-internal-api.yaml   |    6 -
.../krb-service-principals/role.role.j2.yaml       |   22 +-
.../post_deploy/undercloud_ctlplane_network.py     |   73 +-
firstboot/userdata_timesync.yaml                   |    1 +
network/endpoints/endpoint_map.yaml                |  384 -----
network/network.j2                                 |    8 +-
network/ports/ovn_mac_addr_port.yaml               |    4 -
network_data.yaml                                  |    3 +-
network_data_dashboard.yaml                        |    3 +-
network_data_ganesha.yaml                          |    3 +-
network_data_routed.yaml                           |    3 +-
network_data_subnets_routed.yaml                   |    3 +-
overcloud-resource-registry-puppet.j2.yaml         |   17 +-
overcloud.j2.yaml                                  |   26 +-
.../pre_deploy/compute/neutron-ml2-bigswitch.yaml  |   52 -
.../controller/neutron-ml2-bigswitch.yaml          |   84 -
puppet/role.role.j2.yaml                           |   21 +-
...pe-for-snmp-readonly-user-c90c9e5a12c92893.yaml |    6 +
...-boot-interface-parameter-f07c1fe24c7cb543.yaml |    8 +
...ironic-inspector-tls-port-4e59d0c2b2922f68.yaml |    5 +
.../add-novamkisofscmd-param-6dbb64e4497a8ce6.yaml |    7 +
.../add-octavia-tls-settings-7583df511c53b27a.yaml |    4 +
.../add-rabbit-fips-option-ddf5a0d7e37d8e5d.yaml   |    5 +
.../notes/add_token_auth-fb9f0dfe8e70a4c1.yaml     |   10 +
...g-1953672-haproxy-rsyslog-6f8e386f8909a253.yaml |    4 +
.../certificiate-validation-1b08ab8cf40b7cad.yaml  |   11 +
...ge-keystone-admin-network-a29499018c323cea.yaml |    4 +
...arify-default-volume-type-c77e7a7ddafdf172.yaml |   12 +
.../dellemc-driver-cleanup-4a1febdc51ec674c.yaml   |   14 +
...te-MysqlIncreaseFileLimit-20548c5f7234d14c.yaml |    5 +
...precate-ironic-ip-version-27e24f03da6ddd59.yaml |    4 +
...gnate-enable-bind-logging-642e77541645519b.yaml |    6 +
...esignate-environment-file-bd08eef69758a996.yaml |    6 +
.../notes/dpdk_driver_remove-76d61711c19cd099.yaml |    7 +
...e-secure-rbac-for-neutron-842bd41339a48f26.yaml |    8 +
..._secure_rbac_for_keystone-62685484ef589726.yaml |    9 +
...e_rbac_support_for_glance-167d53c491cd326c.yaml |    8 +
...-fs.aio-max.nr-on-compute-06447122b8e12c71.yaml |    7 +
...stone-notification-driver-0c71165430eb57ef.yaml |    7 +
...nova_api_show_host_status-f0dfaf4c2b0c536f.yaml |   19 +
.../notes/power_state-457f12af30b9e341.yaml        |    8 +
...ure_storage_update_params-4de801b1ed2d0744.yaml |    6 +
...redis_disabled_by_default-9992b2bae9b149cd.yaml |    7 +
...ute_service_check_for_ffu-19a91d20e146056c.yaml |    6 +
...move-networking-bigswitch-9ae5c280990284a2.yaml |    5 +
.../notes/remove-novajoin-3ccef190c99c419b.yaml    |    8 +
.../remove-undercloud-minion-198ce8ea01c4e366.yaml |    7 +
...p-podman-purge-undercloud-a3a30b5ac3a0951b.yaml |    9 +
...ft-single-replica-cleanup-fdf72b9e462185c7.yaml |    6 +
.../tripleo-kernel-hugepages-424c19a4b1579af8.yaml |   23 +
.../notes/uefi-boot-mode-a8b1b416a0e9cdc4.yaml     |    7 +
.../uefi_ipxe_bootfile_name-f2c9cc8971dc1ed8.yaml  |    9 +
requirements.txt                                   |    1 -
roles/CephAll.yaml                                 |    1 +
roles/CephStorage.yaml                             |    1 +
roles/Compute.yaml                                 |    1 +
roles/ComputeAlt.yaml                              |    1 +
roles/ComputeDVR.yaml                              |    1 +
roles/ComputeHCI.yaml                              |    1 +
roles/ComputeHCIOvsDpdk.yaml                       |    1 +
roles/ComputeHCISriov.yaml                         |    1 +
roles/ComputeInstanceHA.yaml                       |    1 +
roles/ComputeLocalEphemeral.yaml                   |    1 +
roles/ComputeOvsDpdk.yaml                          |    1 +
roles/ComputeOvsDpdkRT.yaml                        |    1 +
roles/ComputeOvsDpdkSriov.yaml                     |    1 +
roles/ComputeOvsDpdkSriovRT.yaml                   |    1 +
roles/ComputePPC64LE.yaml                          |    1 +
roles/ComputeRBDEphemeral.yaml                     |    1 +
roles/ComputeRealTime.yaml                         |    1 +
roles/ComputeSriov.yaml                            |    1 +
roles/ComputeSriovIB.yaml                          |    1 +
roles/ComputeSriovRT.yaml                          |    1 +
roles/ComputeVdpa.yaml                             |    1 +
roles/Controller.yaml                              |    5 +-
roles/ControllerAllNovaStandalone.yaml             |    1 +
roles/ControllerNoCeph.yaml                        |    3 -
roles/ControllerNovaStandalone.yaml                |   26 +-
roles/ControllerOpenstack.yaml                     |    2 +
roles/ControllerSriov.yaml                         |   11 +-
roles/ControllerStorageDashboard.yaml              |    5 +-
roles/ControllerStorageNfs.yaml                    |    4 +-
roles/DistributedCompute.yaml                      |    1 +
roles/DistributedComputeHCI.yaml                   |    1 +
roles/DistributedComputeHCIDashboard.yaml          |    1 +
roles/DistributedComputeHCIScaleOut.yaml           |    1 +
roles/DistributedComputeScaleOut.yaml              |    1 +
roles/HciCephAll.yaml                              |    1 +
roles/HciCephObject.yaml                           |    2 +-
roles/Standalone.yaml                              |    4 +-
roles/Undercloud.yaml                              |   35 -
roles/UndercloudMinion.yaml                        |   33 -
roles_data.yaml                                    |    7 +-
roles_data_undercloud.yaml                         |   36 +-
sample-env-generator/enable-services.yaml          |   29 -
sample-env-generator/ssl.yaml                      |    5 -
sample-env-generator/undercloud-minion.yaml        |  284 ----
scripts/undercloud-upgrade-ephemeral-heat.py       |   24 +-
tools/convert_heat_nic_config_to_ansible_j2.py     |   17 +-
tools/convert_nic_config.py                        |    5 +-
tools/convert_v1_net_data.py                       |    1 +
tools/merge-new-params-nic-config-script.py        |    5 +-
tools/process-templates.py                         |    5 +-
tools/yaml-validate.py                             |   99 +-
tox.ini                                            |    4 +-
zuul.d/layout.yaml                                 |    4 +-
377 files changed, 9015 insertions(+), 5122 deletions(-)


Requirements updates
--------------------

diff --git a/requirements.txt b/requirements.txt
index bda47437c..180423b34 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -7 +6,0 @@ Jinja2>=2.10 # BSD License (3 clause)
-six>=1.10.0 # MIT






More information about the Release-announce mailing list