diff options
31 files changed, 240 insertions, 58 deletions
diff --git a/capabilities-map.yaml b/capabilities-map.yaml index 85c327c1..947ba8b6 100644 --- a/capabilities-map.yaml +++ b/capabilities-map.yaml @@ -597,3 +597,8 @@ topics: environments: - file: environments/cadf.yaml title: Keystone CADF auditing + - title: SecureTTY Values + description: Set values within /etc/securetty + environments: + - file: environments/securetty.yaml + title: SecureTTY Values diff --git a/ci/environments/scenario001-multinode.yaml b/ci/environments/scenario001-multinode.yaml index 63e51e29..5dd1f0f6 100644 --- a/ci/environments/scenario001-multinode.yaml +++ b/ci/environments/scenario001-multinode.yaml @@ -51,6 +51,7 @@ parameter_defaults: - OS::TripleO::Services::Ntp - OS::TripleO::Services::Snmp - OS::TripleO::Services::Sshd + - OS::TripleO::Services::Securetty - OS::TripleO::Services::Timezone - OS::TripleO::Services::NovaCompute - OS::TripleO::Services::NovaLibvirt @@ -124,3 +125,11 @@ parameter_defaults: MonitoringRabbitHost: 127.0.0.1 MonitoringRabbitPort: 5676 MonitoringRabbitPassword: sensu + TtyValues: + - console + - tty1 + - tty2 + - tty3 + - tty4 + - tty5 + - tty6 diff --git a/deployed-server/scripts/get-occ-config.sh b/deployed-server/scripts/get-occ-config.sh index d0cc4dff..28f038ce 100755 --- a/deployed-server/scripts/get-occ-config.sh +++ b/deployed-server/scripts/get-occ-config.sh @@ -89,16 +89,16 @@ for role in $OVERCLOUD_ROLES; do done echo "======================" - echo "$role$i os-collect-config.conf configuration:" + echo "$role$i deployed-server.json configuration:" - config=" -[DEFAULT] -collectors=request -command=os-refresh-config -polling_interval=30 - -[request] -metadata_url=$deployed_server_metadata_url" + config="{ + \"os-collect-config\": { + \"collectors\": [\"request\", \"local\"], + \"request\": { + \"metadata_url\": \"$deployed_server_metadata_url\" + } + } +}" echo "$config" echo "======================" @@ -108,12 +108,11 @@ metadata_url=$deployed_server_metadata_url" host= eval host=\${${role}_hosts_a[i]} if [ -n "$host" ]; then - # Delete the os-collect-config.conf template so our file won't get - # overwritten - ssh $SSH_OPTIONS -i $SUBNODES_SSH_KEY $host sudo /bin/rm -f /usr/libexec/os-apply-config/templates/etc/os-collect-config.conf - ssh $SSH_OPTIONS -i $SUBNODES_SSH_KEY $host "echo \"$config\" > os-collect-config.conf" - ssh $SSH_OPTIONS -i $SUBNODES_SSH_KEY $host sudo cp os-collect-config.conf /etc/os-collect-config.conf - ssh $SSH_OPTIONS -i $SUBNODES_SSH_KEY $host sudo systemctl restart os-collect-config + ssh $SSH_OPTIONS -i $SUBNODES_SSH_KEY $host "echo '$config' > deployed-server.json" + ssh $SSH_OPTIONS -i $SUBNODES_SSH_KEY $host sudo mkdir -p -m 0700 /var/lib/os-collect-config/local-data/ || true + ssh $SSH_OPTIONS -i $SUBNODES_SSH_KEY $host sudo cp deployed-server.json /var/lib/os-collect-config/local-data/deployed-server.json + ssh $SSH_OPTIONS -i $SUBNODES_SSH_KEY $host sudo systemctl start os-collect-config + ssh $SSH_OPTIONS -i $SUBNODES_SSH_KEY $host sudo systemctl enable os-collect-config fi let i+=1 diff --git a/docker/services/database/mongodb.yaml b/docker/services/database/mongodb.yaml index 5756c322..7d2d1a15 100644 --- a/docker/services/database/mongodb.yaml +++ b/docker/services/database/mongodb.yaml @@ -62,18 +62,13 @@ outputs: kolla_config: /var/lib/kolla/config_files/mongodb.json: command: /usr/bin/mongod --unixSocketPrefix=/var/run/mongodb --config /etc/mongod.conf run + permissions: + - path: /var/lib/mongodb + owner: mongodb:mongodb + recurse: true docker_config: step_2: - mongodb_data_ownership: - start_order: 0 - image: *mongodb_image - net: host - user: root - command: ['chown', '-R', 'mongodb:', '/var/lib/mongodb'] - volumes: - - /var/lib/mongodb:/var/lib/mongodb mongodb: - start_order: 1 image: *mongodb_image net: host privileged: false diff --git a/docker/services/database/mysql.yaml b/docker/services/database/mysql.yaml index 372f059c..cba2070d 100644 --- a/docker/services/database/mysql.yaml +++ b/docker/services/database/mysql.yaml @@ -71,20 +71,14 @@ outputs: kolla_config: /var/lib/kolla/config_files/mysql.json: command: /usr/bin/mysqld_safe + permissions: + - path: /var/lib/mysql + owner: mysql:mysql + recurse: true docker_config: step_2: - mysql_data_ownership: - start_order: 0 - detach: false - image: *mysql_image - net: host - user: root - # Kolla does only non-recursive chown - command: ['chown', '-R', 'mysql:', '/var/lib/mysql'] - volumes: - - /var/lib/mysql:/var/lib/mysql mysql_bootstrap: - start_order: 1 + start_order: 0 detach: false image: *mysql_image net: host @@ -113,7 +107,7 @@ outputs: - {get_param: MysqlRootPassword} - {get_param: [DefaultPasswords, mysql_root_password]} mysql: - start_order: 2 + start_order: 1 image: *mysql_image restart: always net: host diff --git a/environments/hyperconverged-ceph.yaml b/environments/hyperconverged-ceph.yaml index 8f74ec35..f1c90e2d 100644 --- a/environments/hyperconverged-ceph.yaml +++ b/environments/hyperconverged-ceph.yaml @@ -13,6 +13,7 @@ parameter_defaults: - OS::TripleO::Services::Ntp - OS::TripleO::Services::Snmp - OS::TripleO::Services::Sshd + - OS::TripleO::Services::Securetty - OS::TripleO::Services::NovaCompute - OS::TripleO::Services::NovaLibvirt - OS::TripleO::Services::Kernel @@ -32,3 +33,4 @@ parameter_defaults: - OS::TripleO::Services::CephOSD - OS::TripleO::Services::Vpp - OS::TripleO::Services::MySQLClient + - OS::TripleO::Services::Docker diff --git a/environments/neutron-bgpvpn.yaml b/environments/neutron-bgpvpn.yaml index dc6c1454..58157dfa 100644 --- a/environments/neutron-bgpvpn.yaml +++ b/environments/neutron-bgpvpn.yaml @@ -9,7 +9,7 @@ # - OpenDaylight: BGPVPN:OpenDaylight:networking_bgpvpn.neutron.services.service_drivers.opendaylight.odl.OpenDaylightBgpvpnDriver:default # - Nuage: BGPVPN:Nuage:nuage_neutron.bgpvpn.services.service_drivers.driver.NuageBGPVPNDriver:default resource_registry: - OS::TripleO::Services::NeutronBgpvpnApi: ../puppet/services/neutron-bgpvpn-api.yaml + OS::TripleO::Services::NeutronBgpVpnApi: ../puppet/services/neutron-bgpvpn-api.yaml parameter_defaults: NeutronServicePlugins: 'networking_bgpvpn.neutron.services.plugin.BGPVPNPlugin' diff --git a/environments/securetty.yaml b/environments/securetty.yaml new file mode 100644 index 00000000..cdadf376 --- /dev/null +++ b/environments/securetty.yaml @@ -0,0 +1,12 @@ +resource_registry: + OS::TripleO::Services::Securetty: ../puppet/services/securetty.yaml + +parameter_defaults: + TtyValues: + - console + - tty1 + - tty2 + - tty3 + - tty4 + - tty5 + - tty6 diff --git a/environments/services/ceilometer-api.yaml b/environments/services/ceilometer-api.yaml new file mode 100644 index 00000000..1e37e73b --- /dev/null +++ b/environments/services/ceilometer-api.yaml @@ -0,0 +1,6 @@ +resource_registry: + OS::TripleO::Services::CeilometerApi: ../../puppet/services/ceilometer-api.yaml + +parameter_defaults: + CeilometerApiEndpoint: true + diff --git a/environments/services/disable-ceilometer-api.yaml b/environments/services/disable-ceilometer-api.yaml deleted file mode 100644 index fb1ea6a7..00000000 --- a/environments/services/disable-ceilometer-api.yaml +++ /dev/null @@ -1,5 +0,0 @@ -resource_registry: - OS::TripleO::Services::CeilometerApi: OS::Heat::None - -parameter_defaults: - CeilometerApiEndpoint: false diff --git a/environments/services/keystone_domain_specific_ldap_backend.yaml b/environments/services/keystone_domain_specific_ldap_backend.yaml new file mode 100644 index 00000000..40b02fc5 --- /dev/null +++ b/environments/services/keystone_domain_specific_ldap_backend.yaml @@ -0,0 +1,18 @@ +# This is an example template on how to configure keystone domain specific LDAP +# backends. This will configure a domain called tripleoldap will the attributes +# specified. +parameter_defaults: + KeystoneLDAPDomainEnable: true + KeystoneLDAPBackendConfigs: + tripleoldap: + url: ldap://192.0.2.250 + user: cn=openstack,ou=Users,dc=tripleo,dc=example,dc=com + password: Secrete + suffix: dc=tripleo,dc=example,dc=com + user_tree_dn: ou=Users,dc=tripleo,dc=example,dc=com + user_filter: "(memberOf=cn=OSuser,ou=Groups,dc=tripleo,dc=example,dc=com)" + user_objectclass: person + user_id_attribute: cn + user_allow_create: false + user_allow_update: false + user_allow_delete: false diff --git a/overcloud-resource-registry-puppet.j2.yaml b/overcloud-resource-registry-puppet.j2.yaml index a7c9b0a6..689d6396 100644 --- a/overcloud-resource-registry-puppet.j2.yaml +++ b/overcloud-resource-registry-puppet.j2.yaml @@ -143,7 +143,7 @@ resource_registry: OS::TripleO::Services::HeatEngine: puppet/services/heat-engine.yaml OS::TripleO::Services::Kernel: puppet/services/kernel.yaml OS::TripleO::Services::MySQL: puppet/services/database/mysql.yaml - OS::TripleO::Services::NeutronBgpvpnApi: OS::Heat::None + OS::TripleO::Services::NeutronBgpVpnApi: OS::Heat::None OS::TripleO::Services::NeutronDhcpAgent: puppet/services/neutron-dhcp.yaml OS::TripleO::Services::NeutronL2gwApi: OS::Heat::None OS::TripleO::Services::NeutronL3Agent: puppet/services/neutron-l3.yaml @@ -178,6 +178,7 @@ resource_registry: OS::TripleO::Services::SaharaApi: OS::Heat::None OS::TripleO::Services::SaharaEngine: OS::Heat::None OS::TripleO::Services::Sshd: OS::Heat::None + OS::TripleO::Services::Securetty: OS::Heat::None OS::TripleO::Services::Redis: puppet/services/database/redis.yaml OS::TripleO::Services::NovaConductor: puppet/services/nova-conductor.yaml OS::TripleO::Services::MongoDb: puppet/services/database/mongodb.yaml diff --git a/puppet/services/ceilometer-base.yaml b/puppet/services/ceilometer-base.yaml index 185ffdc3..e1613720 100644 --- a/puppet/services/ceilometer-base.yaml +++ b/puppet/services/ceilometer-base.yaml @@ -77,7 +77,7 @@ parameters: description: Set rabbit subscriber port, change this if using SSL type: number CeilometerApiEndpoint: - default: true + default: false description: Whether to create or skip API endpoint. Set this to false, if you choose to disable Ceilometer API service. type: boolean diff --git a/puppet/services/ceph-rgw.yaml b/puppet/services/ceph-rgw.yaml index 01531971..49856115 100644 --- a/puppet/services/ceph-rgw.yaml +++ b/puppet/services/ceph-rgw.yaml @@ -73,7 +73,7 @@ outputs: ceph::rgw::keystone::auth::internal_url: {get_param: [EndpointMap, CephRgwInternal, uri]} ceph::rgw::keystone::auth::admin_url: {get_param: [EndpointMap, CephRgwAdmin, uri]} ceph::rgw::keystone::auth::region: {get_param: KeystoneRegion} - ceph::rgw::keystone::auth::roles: [ 'admin', 'member', '_member_' ] + ceph::rgw::keystone::auth::roles: [ 'admin', 'Member', '_member_' ] ceph::rgw::keystone::auth::tenant: service ceph::rgw::keystone::auth::user: swift ceph::rgw::keystone::auth::password: {get_param: SwiftPassword} diff --git a/puppet/services/congress.yaml b/puppet/services/congress.yaml index 1d9eecb1..5f6b5657 100644 --- a/puppet/services/congress.yaml +++ b/puppet/services/congress.yaml @@ -79,6 +79,7 @@ outputs: congress::rabbit_port: {get_param: RabbitClientPort} congress::server::bind_host: {get_param: [ServiceNetMap, CongressApiNetwork]} + congress::keystone::authtoken::password: {get_param: CongressPassword} congress::keystone::authtoken::project_name: 'service' congress::keystone::authtoken::user_domain_name: 'Default' congress::keystone::authtoken::project_domain_name: 'Default' diff --git a/puppet/services/horizon.yaml b/puppet/services/horizon.yaml index 7ae518b5..8fb13c16 100644 --- a/puppet/services/horizon.yaml +++ b/puppet/services/horizon.yaml @@ -40,6 +40,10 @@ parameters: type: string hidden: true default: '' + HorizonSecureCookies: + description: Set CSRF_COOKIE_SECURE / SESSION_COOKIE_SECURE in Horizon + type: boolean + default: true MemcachedIPv6: default: false description: Enable IPv6 features in Memcached. @@ -88,6 +92,7 @@ outputs: passwords: - {get_param: HorizonSecret} - {get_param: [DefaultPasswords, horizon_secret]} + horizon::secure_cookies: {get_param: [HorizonSecureCookies]} memcached_ipv6: {get_param: MemcachedIPv6} - if: diff --git a/puppet/services/ironic-conductor.yaml b/puppet/services/ironic-conductor.yaml index 56e1a90b..be910d10 100644 --- a/puppet/services/ironic-conductor.yaml +++ b/puppet/services/ironic-conductor.yaml @@ -32,6 +32,15 @@ parameters: created yet) and should be changed to an actual UUID in a post-deployment stack update. type: string + IronicDefaultNetworkInterface: + default: 'flat' + description: Network interface implementation to use by default. + Set to "flat" (the default) to use one flat provider network. + Set to "neutron" to make Ironic interact with the Neutron + ML2 driver to enable other network types and certain + advances networking features. Requires + IronicProvisioningNetwork to be correctly set. + type: string IronicEnabledDrivers: default: ['pxe_ipmitool', 'pxe_drac', 'pxe_ilo'] description: Enabled Ironic drivers @@ -48,6 +57,15 @@ parameters: description: The password for the Ironic service and db account, used by the Ironic services type: string hidden: true + IronicProvisioningNetwork: + default: 'provisioning' + description: Name or UUID of the *overcloud* network used for provisioning + of bare metal nodes, if IronicDefaultNetworkInterface is + set to "neutron". The default value of "provisioning" can be + left during the initial deployment (when no networks are + created yet) and should be changed to an actual UUID in + a post-deployment stack update. + type: string MonitoringSubscriptionIronicConductor: default: 'overcloud-ironic-conductor' type: string @@ -72,6 +90,7 @@ outputs: - ironic::conductor::api_url: {get_param: [EndpointMap, IronicInternal, uri_no_suffix]} ironic::conductor::cleaning_disk_erase: {get_param: IronicCleaningDiskErase} ironic::conductor::cleaning_network: {get_param: IronicCleaningNetwork} + ironic::conductor::provisioning_network: {get_param: IronicProvisioningNetwork} ironic::conductor::enabled_drivers: {get_param: IronicEnabledDrivers} # We need an endpoint containing a real IP, not a VIP here ironic_conductor_http_host: {get_param: [ServiceNetMap, IronicNetwork]} @@ -93,6 +112,8 @@ outputs: # NOTE(dtantsur): UEFI only works with iPXE currently for us ironic::drivers::pxe::uefi_pxe_config_template: '$pybasedir/drivers/modules/ipxe_config.template' ironic::drivers::pxe::uefi_pxe_bootfile_name: 'ipxe.efi' + ironic::drivers::interfaces::enabled_network_interfaces: ['flat', 'neutron'] + ironic::drivers::interfaces::default_network_interface: {get_param: IronicDefaultNetworkInterface} tripleo.ironic_conductor.firewall_rules: '134 ironic conductor TFTP': dport: 69 diff --git a/puppet/services/kernel.yaml b/puppet/services/kernel.yaml index 9b314b2a..94b15d4b 100644 --- a/puppet/services/kernel.yaml +++ b/puppet/services/kernel.yaml @@ -31,7 +31,7 @@ outputs: config_settings: kernel_modules: nf_conntrack: {} - ip_conntrack_proto_sctp: {} + nf_conntrack_proto_sctp: {} sysctl_settings: net.ipv4.tcp_keepalive_intvl: value: 1 diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml index 0976b97c..632d9b0b 100644 --- a/puppet/services/keystone.yaml +++ b/puppet/services/keystone.yaml @@ -164,6 +164,16 @@ parameters: e.g. { keystone-context_is_admin: { key: context_is_admin, value: 'role:admin' } } default: {} type: json + KeystoneLDAPDomainEnable: + description: Trigger to call ldap_backend puppet keystone define. + type: boolean + default: False + KeystoneLDAPBackendConfigs: + description: Hash containing the configurations for the LDAP backends + configured in keystone. + type: json + default: {} + hidden: true resources: @@ -177,6 +187,7 @@ resources: conditions: keystone_fernet_tokens: {equals: [{get_param: KeystoneTokenProvider}, "fernet"]} + keystone_ldap_domain_enabled: {equals: [{get_param: KeystoneLDAPDomainEnable}, True]} outputs: role_data: @@ -300,6 +311,15 @@ outputs: keystone::cron::token_flush::maxdelay: {get_param: KeystoneCronTokenFlushMaxDelay} keystone::cron::token_flush::destination: {get_param: KeystoneCronTokenFlushDestination} keystone::cron::token_flush::user: {get_param: KeystoneCronTokenFlushUser} + - + if: + - keystone_ldap_domain_enabled + - + tripleo::profile::base::keystone::ldap_backend_enable: True + keystone::using_domain_config: True + tripleo::profile::base::keystone::ldap_backends_config: + get_param: KeystoneLDAPBackendConfigs + - {} step_config: | include ::tripleo::profile::base::keystone @@ -312,6 +332,13 @@ outputs: keystone::db::mysql::allowed_hosts: - '%' - "%{hiera('mysql_bind_host')}" + horizon: + if: + - keystone_ldap_domain_enabled + - + horizon::keystone_multidomain_support: true + horizon::keystone_default_domain: 'Default' + - {} # Ansible tasks to handle upgrade upgrade_tasks: - name: Stop keystone service (running under httpd) diff --git a/puppet/services/neutron-compute-plugin-ovn.yaml b/puppet/services/neutron-compute-plugin-ovn.yaml index e3a4da99..0dca29ab 100644 --- a/puppet/services/neutron-compute-plugin-ovn.yaml +++ b/puppet/services/neutron-compute-plugin-ovn.yaml @@ -48,6 +48,7 @@ outputs: ovn::controller::ovn_encap_type: {get_param: OVNTunnelEncapType} ovn::controller::ovn_encap_ip: {get_param: [ServiceNetMap, NeutronApiNetwork]} ovn::controller::ovn_bridge_mappings: {get_param: NeutronBridgeMappings} + nova::compute::force_config_drive: true tripleo.neutron_compute_plugin_ovn.firewall_rules: '118 neutron vxlan networks': proto: 'udp' diff --git a/puppet/services/ovn-dbs.yaml b/puppet/services/ovn-dbs.yaml index 7f81afde..6b8be77c 100644 --- a/puppet/services/ovn-dbs.yaml +++ b/puppet/services/ovn-dbs.yaml @@ -36,5 +36,11 @@ outputs: ovn::northbound::port: {get_param: OVNNorthboundServerPort} ovn::southbound::port: {get_param: OVNSouthboundServerPort} ovn::northd::dbs_listen_ip: {get_param: [ServiceNetMap, OvnDbsNetwork]} + tripleo.ovn_dbs.firewall_rules: + '121 OVN DB server ports': + proto: 'tcp' + dport: + - {get_param: OVNNorthboundServerPort} + - {get_param: OVNSouthboundServerPort} step_config: | include ::tripleo::profile::base::neutron::ovn_northd diff --git a/puppet/services/securetty.yaml b/puppet/services/securetty.yaml new file mode 100644 index 00000000..6d32fe82 --- /dev/null +++ b/puppet/services/securetty.yaml @@ -0,0 +1,36 @@ +heat_template_version: ocata + +description: > + Configure securetty values + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + TtyValues: + default: {} + description: Configures console values in securetty + type: json + constraints: + - length: { min: 1} + +outputs: + role_data: + description: Console data for the securetty + value: + service_name: securetty + config_settings: + tripleo::profile::base::securetty::tty_list: {get_param: TtyValues} + step_config: | + include ::tripleo::profile::base::securetty diff --git a/releasenotes/notes/add-ldap-backend-0bda702fb0aa24bf.yaml b/releasenotes/notes/add-ldap-backend-0bda702fb0aa24bf.yaml new file mode 100644 index 00000000..19452f27 --- /dev/null +++ b/releasenotes/notes/add-ldap-backend-0bda702fb0aa24bf.yaml @@ -0,0 +1,5 @@ +--- +features: + - Add capabilities to configure LDAP backends as for keystone domains. + This can be done by using the KeystoneLDAPDomainEnable and + KeystoneLDAPBackendConfigs parameters. diff --git a/releasenotes/notes/disable-ceilo-api-dfe5d0947563bbe0.yaml b/releasenotes/notes/disable-ceilo-api-dfe5d0947563bbe0.yaml new file mode 100644 index 00000000..2661f7c9 --- /dev/null +++ b/releasenotes/notes/disable-ceilo-api-dfe5d0947563bbe0.yaml @@ -0,0 +1,4 @@ +--- +deprecations: + - Deprecate and disable ceilometer Api by default. This can be enabled + by passing in an env file to deploy command. diff --git a/releasenotes/notes/docker-service-all-roles-5c22a018caeafcf0.yaml b/releasenotes/notes/docker-service-all-roles-5c22a018caeafcf0.yaml new file mode 100644 index 00000000..734db08a --- /dev/null +++ b/releasenotes/notes/docker-service-all-roles-5c22a018caeafcf0.yaml @@ -0,0 +1,5 @@ +--- +features: + - | + When deploying with environments/docker.yaml, the docker service + is now deployed on all predefined roles. diff --git a/releasenotes/notes/get-occ-config-local-connector-5bbec3f591a9f311.yaml b/releasenotes/notes/get-occ-config-local-connector-5bbec3f591a9f311.yaml new file mode 100644 index 00000000..ef8877ae --- /dev/null +++ b/releasenotes/notes/get-occ-config-local-connector-5bbec3f591a9f311.yaml @@ -0,0 +1,10 @@ +--- +fixes: + - The deployed-server Heat agent configuration script, + get-occ-config.sh, is now updated to configure the + local data source for os-collect-config instead of + configuring /etc/os-collect-config.conf directly. Doing + so means that the configuration template for os-apply-config + no longer has to be deleted as the file will be rendered + correctly with the right data. See + https://bugs.launchpad.net/tripleo/+bug/1679705 diff --git a/releasenotes/notes/ironic-neutron-integration-76c4f9e0d10785e4.yaml b/releasenotes/notes/ironic-neutron-integration-76c4f9e0d10785e4.yaml new file mode 100644 index 00000000..dd99acc7 --- /dev/null +++ b/releasenotes/notes/ironic-neutron-integration-76c4f9e0d10785e4.yaml @@ -0,0 +1,9 @@ +--- +features: + - | + Allow setting the Ironic provisioning network UUID or name via new + ``IronicProvisioningNetwork`` configuration. + - | + Enable support for "neutron" Ironic networking plugin, enabling advanced + integration with Neutron, such as VLAN/VXLAN network support, bonding and + security groups. diff --git a/releasenotes/notes/ovn-fcd4b0168e6745a8.yaml b/releasenotes/notes/ovn-fcd4b0168e6745a8.yaml new file mode 100644 index 00000000..f5ccec06 --- /dev/null +++ b/releasenotes/notes/ovn-fcd4b0168e6745a8.yaml @@ -0,0 +1,6 @@ +--- +features: + - Support configuring NeutronBridgeMappings + - Set force_config_drive to true as OVN doesn't support metadata service + - Add necessary iptables rules to allow Geneve traffic and ovsdb-server + traffic for Northbound and Southbound databases. diff --git a/releasenotes/source/conf.py b/releasenotes/source/conf.py index 8da995b0..ec158ceb 100644 --- a/releasenotes/source/conf.py +++ b/releasenotes/source/conf.py @@ -52,9 +52,9 @@ copyright = u'2017, TripleO Developers' # built documents. # # The full version, including alpha/beta/rc tags. -release = '6.0.0.0b3' +release = '7.0.0.0b1' # The short X.Y version. -version = '6.0.0' +version = '7.0.0' # The full version, including alpha/beta/rc tags. diff --git a/roles_data.yaml b/roles_data.yaml index 780c9c93..48859473 100644 --- a/roles_data.yaml +++ b/roles_data.yaml @@ -53,7 +53,7 @@ - OS::TripleO::Services::HeatEngine - OS::TripleO::Services::MySQL - OS::TripleO::Services::MySQLClient - - OS::TripleO::Services::NeutronBgpvpnApi + - OS::TripleO::Services::NeutronBgpVpnApi - OS::TripleO::Services::NeutronDhcpAgent - OS::TripleO::Services::NeutronL2gwApi - OS::TripleO::Services::NeutronL3Agent @@ -82,8 +82,8 @@ - OS::TripleO::Services::SwiftRingBuilder - OS::TripleO::Services::Snmp - OS::TripleO::Services::Sshd + - OS::TripleO::Services::Securetty - OS::TripleO::Services::Timezone - - OS::TripleO::Services::CeilometerApi - OS::TripleO::Services::CeilometerCollector - OS::TripleO::Services::CeilometerExpirer - OS::TripleO::Services::CeilometerAgentCentral @@ -144,6 +144,7 @@ - OS::TripleO::Services::Ntp - OS::TripleO::Services::Snmp - OS::TripleO::Services::Sshd + - OS::TripleO::Services::Securetty - OS::TripleO::Services::NovaCompute - OS::TripleO::Services::NovaLibvirt - OS::TripleO::Services::Kernel @@ -162,6 +163,7 @@ - OS::TripleO::Services::Collectd - OS::TripleO::Services::Vpp - OS::TripleO::Services::MySQLClient + - OS::TripleO::Services::Docker - name: BlockStorage ServicesDefault: @@ -173,6 +175,7 @@ - OS::TripleO::Services::Timezone - OS::TripleO::Services::Snmp - OS::TripleO::Services::Sshd + - OS::TripleO::Services::Securetty - OS::TripleO::Services::TripleoPackages - OS::TripleO::Services::TripleoFirewall - OS::TripleO::Services::SensuClient @@ -180,6 +183,7 @@ - OS::TripleO::Services::AuditD - OS::TripleO::Services::Collectd - OS::TripleO::Services::MySQLClient + - OS::TripleO::Services::Docker - name: ObjectStorage disable_upgrade_deployment: True @@ -192,6 +196,7 @@ - OS::TripleO::Services::SwiftRingBuilder - OS::TripleO::Services::Snmp - OS::TripleO::Services::Sshd + - OS::TripleO::Services::Securetty - OS::TripleO::Services::Timezone - OS::TripleO::Services::TripleoPackages - OS::TripleO::Services::TripleoFirewall @@ -200,6 +205,7 @@ - OS::TripleO::Services::AuditD - OS::TripleO::Services::Collectd - OS::TripleO::Services::MySQLClient + - OS::TripleO::Services::Docker - name: CephStorage ServicesDefault: @@ -210,6 +216,7 @@ - OS::TripleO::Services::Ntp - OS::TripleO::Services::Snmp - OS::TripleO::Services::Sshd + - OS::TripleO::Services::Securetty - OS::TripleO::Services::Timezone - OS::TripleO::Services::TripleoPackages - OS::TripleO::Services::TripleoFirewall @@ -218,3 +225,4 @@ - OS::TripleO::Services::AuditD - OS::TripleO::Services::Collectd - OS::TripleO::Services::MySQLClient + - OS::TripleO::Services::Docker diff --git a/scripts/hosts-config.sh b/scripts/hosts-config.sh index f456b316..b3109a0c 100755 --- a/scripts/hosts-config.sh +++ b/scripts/hosts-config.sh @@ -13,14 +13,16 @@ write_entries() { if grep -q "^# HEAT_HOSTS_START" "$file"; then temp=$(mktemp) - awk -v v="$entries" '/^# HEAT_HOSTS_START/ { - print $0 - print v - f=1 - }f &&!/^# HEAT_HOSTS_END$/{next}/^# HEAT_HOSTS_END$/{f=0}!f' "$file" > "$temp" - echo "INFO: Updating hosts file $file, check below for changes" - diff "$file" "$temp" || true - cat "$temp" > "$file" + ( + sed '/^# HEAT_HOSTS_START/,$d' "$file" + echo -ne "\n# HEAT_HOSTS_START - Do not edit manually within this section!\n" + echo "$entries" + echo -ne "# HEAT_HOSTS_END\n\n" + sed '1,/^# HEAT_HOSTS_END/d' "$file" + ) > "$temp" + echo "INFO: Updating hosts file $file, check below for changes" + diff "$file" "$temp" || true + cat "$temp" > "$file" else echo -ne "\n# HEAT_HOSTS_START - Do not edit manually within this section!\n" >> "$file" echo "$entries" >> "$file" |