14 files changed, 382 insertions, 7 deletions

diff --git a/ci/environments/multinode-3nodes.yaml b/ci/environments/multinode-3nodes.yaml
new file mode 100644
index 00000000..f35a0804
--- /dev/null
+++ b/ci/environments/multinode-3nodes.yaml
@@ -0,0 +1,77 @@
+# Specifies which roles (groups of nodes) will be deployed
+# Note this is used as an input to the various *.j2.yaml
+# jinja2 templates, so that they are converted into *.yaml
+# during the plan creation (via a mistral action/workflow).
+#
+# The format is a list, with the following format:
+#
+# * name: (string) mandatory, name of the role, must be unique
+#
+# CountDefault: (number) optional, default number of nodes, defaults to 0
+# sets the default for the {{role.name}}Count parameter in overcloud.yaml
+#
+# HostnameFormatDefault: (string) optional default format string for hostname
+# defaults to '%stackname%-{{role.name.lower()}}-%index%'
+# sets the default for {{role.name}}HostnameFormat parameter in overcloud.yaml
+#
+# ServicesDefault: (list) optional default list of services to be deployed
+# on the role, defaults to an empty list. Sets the default for the
+# {{role.name}}Services parameter in overcloud.yaml
+
+- name: ControllerApi
+  CountDefault: 1
+  ServicesDefault:
+    - OS::TripleO::Services::CACerts
+    - OS::TripleO::Services::CinderApi
+    - OS::TripleO::Services::CinderScheduler
+    - OS::TripleO::Services::Core
+    - OS::TripleO::Services::Kernel
+    - OS::TripleO::Services::Keystone
+    - OS::TripleO::Services::GlanceApi
+    - OS::TripleO::Services::HeatApi
+    - OS::TripleO::Services::HeatApiCfn
+    - OS::TripleO::Services::HeatApiCloudwatch
+    - OS::TripleO::Services::HeatEngine
+    - OS::TripleO::Services::NeutronDhcpAgent
+    - OS::TripleO::Services::NeutronL3Agent
+    - OS::TripleO::Services::NeutronMetadataAgent
+    - OS::TripleO::Services::NeutronApi
+    - OS::TripleO::Services::NeutronCorePlugin
+    - OS::TripleO::Services::NeutronOvsAgent
+    - OS::TripleO::Services::NovaConductor
+    - OS::TripleO::Services::NovaApi
+    - OS::TripleO::Services::NovaPlacement
+    - OS::TripleO::Services::NovaMetadata
+    - OS::TripleO::Services::NovaScheduler
+    - OS::TripleO::Services::NovaConsoleauth
+    - OS::TripleO::Services::NovaVncProxy
+    - OS::TripleO::Services::Ntp
+    - OS::TripleO::Services::SwiftProxy
+    - OS::TripleO::Services::SwiftStorage
+    - OS::TripleO::Services::SwiftRingBuilder
+    - OS::TripleO::Services::Snmp
+    - OS::TripleO::Services::Timezone
+    - OS::TripleO::Services::TripleoPackages
+    - OS::TripleO::Services::TripleoFirewall
+    - OS::TripleO::Services::NovaCompute
+    - OS::TripleO::Services::NovaLibvirt
+
+- name: Controller
+  CountDefault: 1
+  ServicesDefault:
+    - OS::TripleO::Services::CACerts
+    - OS::TripleO::Services::CinderBackup
+    - OS::TripleO::Services::CinderVolume
+    - OS::TripleO::Services::Core
+    - OS::TripleO::Services::Kernel
+    - OS::TripleO::Services::MySQL
+    - OS::TripleO::Services::RabbitMQ
+    - OS::TripleO::Services::HAproxy
+    - OS::TripleO::Services::Keepalived
+    - OS::TripleO::Services::Memcached
+    - OS::TripleO::Services::Pacemaker
+    - OS::TripleO::Services::Ntp
+    - OS::TripleO::Services::Snmp
+    - OS::TripleO::Services::Timezone
+    - OS::TripleO::Services::TripleoPackages
+    - OS::TripleO::Services::TripleoFirewall
diff --git a/ci/environments/multinode.yaml b/ci/environments/multinode.yaml
new file mode 100644
index 00000000..d7b61bb6
--- /dev/null
+++ b/ci/environments/multinode.yaml
@@ -0,0 +1,47 @@
+resource_registry:
+  OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode.yaml
+  OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode.yaml
+
+parameter_defaults:
+  ControllerServices:
+    - OS::TripleO::Services::CinderApi
+    - OS::TripleO::Services::CinderScheduler
+    - OS::TripleO::Services::CinderVolume
+    - OS::TripleO::Services::Kernel
+    - OS::TripleO::Services::Keystone
+    - OS::TripleO::Services::GlanceApi
+    - OS::TripleO::Services::HeatApi
+    - OS::TripleO::Services::HeatApiCfn
+    - OS::TripleO::Services::HeatApiCloudwatch
+    - OS::TripleO::Services::HeatEngine
+    - OS::TripleO::Services::MySQL
+    - OS::TripleO::Services::NeutronDhcpAgent
+    - OS::TripleO::Services::NeutronL3Agent
+    - OS::TripleO::Services::NeutronMetadataAgent
+    - OS::TripleO::Services::NeutronServer
+    - OS::TripleO::Services::NeutronCorePlugin
+    - OS::TripleO::Services::NeutronOvsAgent
+    - OS::TripleO::Services::RabbitMQ
+    - OS::TripleO::Services::HAproxy
+    - OS::TripleO::Services::Keepalived
+    - OS::TripleO::Services::Memcached
+    - OS::TripleO::Services::Pacemaker
+    - OS::TripleO::Services::NovaConductor
+    - OS::TripleO::Services::NovaApi
+    - OS::TripleO::Services::NovaPlacement
+    - OS::TripleO::Services::NovaMetadata
+    - OS::TripleO::Services::NovaScheduler
+    - OS::TripleO::Services::Ntp
+    - OS::TripleO::Services::SwiftProxy
+    - OS::TripleO::Services::SwiftStorage
+    - OS::TripleO::Services::SwiftRingBuilder
+    - OS::TripleO::Services::Snmp
+    - OS::TripleO::Services::Timezone
+    - OS::TripleO::Services::NovaCompute
+    - OS::TripleO::Services::NovaLibvirt
+  ControllerExtraConfig:
+    nova::compute::libvirt::services::libvirt_virt_type: qemu
+    nova::compute::libvirt::libvirt_virt_type: qemu
+    # Required for Centos 7.3 and Qemu 2.6.0
+    nova::compute::libvirt::libvirt_cpu_mode: 'none'
+  SwiftCeilometerPipelineEnabled: False
diff --git a/ci/pingtests/tenantvm_floatingip.yaml b/ci/pingtests/tenantvm_floatingip.yaml
new file mode 100644
index 00000000..0f31bc16
--- /dev/null
+++ b/ci/pingtests/tenantvm_floatingip.yaml
@@ -0,0 +1,142 @@
+heat_template_version: 2013-05-23
+
+description: >
+  This template resides in tripleo-ci for Mitaka CI jobs only.
+  For Newton and beyond, please look in THT.
+  HOT template to create a new neutron network plus a router to the public
+  network, and for deploying a server into the new network. The template also
+  assigns a floating IP address and sets security group rules. ADAPTED FROM
+  https://raw.githubusercontent.com/openstack/heat-templates/master/hot/servers_in_new_neutron_net.yaml
+parameters:
+  key_name:
+    type: string
+    description: Name of keypair to assign to servers
+    default: 'pingtest_key'
+  image:
+    type: string
+    description: Name of image to use for servers
+    default: 'pingtest_image'
+  public_net_name:
+    type: string
+    default: 'nova'
+    description: >
+      ID or name of public network for which floating IP addresses will be allocated
+  private_net_name:
+    type: string
+    description: Name of private network to be created
+    default: 'default-net'
+  private_net_cidr:
+    type: string
+    description: Private network address (CIDR notation)
+    default: '192.168.2.0/24'
+  private_net_gateway:
+    type: string
+    description: Private network gateway address
+    default: '192.168.2.1'
+  private_net_pool_start:
+    type: string
+    description: Start of private network IP address allocation pool
+    default: '192.168.2.100'
+  private_net_pool_end:
+    type: string
+    default: '192.168.2.200'
+    description: End of private network IP address allocation pool
+
+resources:
+
+  key_pair:
+    type: OS::Nova::KeyPair
+    properties:
+      save_private_key: true
+      name: {get_param: key_name }
+
+  private_net:
+    type: OS::Neutron::Net
+    properties:
+      name: { get_param: private_net_name }
+
+  private_subnet:
+    type: OS::Neutron::Subnet
+    properties:
+      network_id: { get_resource: private_net }
+      cidr: { get_param: private_net_cidr }
+      gateway_ip: { get_param: private_net_gateway }
+      allocation_pools:
+        - start: { get_param: private_net_pool_start }
+          end: { get_param: private_net_pool_end }
+
+  router:
+    type: OS::Neutron::Router
+    properties:
+      external_gateway_info:
+        network: { get_param: public_net_name }
+
+  router_interface:
+    type: OS::Neutron::RouterInterface
+    properties:
+      router_id: { get_resource: router }
+      subnet_id: { get_resource: private_subnet }
+
+  volume1:
+    type: OS::Cinder::Volume
+    properties:
+      name: Volume1
+      image: { get_param: image }
+      size: 1
+
+  server1:
+    type: OS::Nova::Server
+    depends_on: volume1
+    properties:
+      name: Server1
+      block_device_mapping:
+        - device_name: vda
+          volume_id: { get_resource: volume1 }
+      flavor: { get_resource: test_flavor }
+      key_name: { get_resource: key_pair }
+      networks:
+        - port: { get_resource: server1_port }
+
+  server1_port:
+    type: OS::Neutron::Port
+    properties:
+      network_id: { get_resource: private_net }
+      fixed_ips:
+        - subnet_id: { get_resource: private_subnet }
+      security_groups: [{ get_resource: server_security_group }]
+
+  server1_floating_ip:
+    type: OS::Neutron::FloatingIP
+    # TODO: investigate why we need this depends_on and if we could
+    # replace it by router_id with get_resource: router_interface
+    depends_on: router_interface
+    properties:
+      floating_network: { get_param: public_net_name }
+      port_id: { get_resource: server1_port }
+
+  server_security_group:
+    type: OS::Neutron::SecurityGroup
+    properties:
+      description: Add security group rules for server
+      name: pingtest-security-group
+      rules:
+        - remote_ip_prefix: 0.0.0.0/0
+          protocol: tcp
+          port_range_min: 22
+          port_range_max: 22
+        - remote_ip_prefix: 0.0.0.0/0
+          protocol: icmp
+
+  test_flavor:
+    type: OS::Nova::Flavor
+    properties:
+      ram: 512
+      vcpus: 1
+
+outputs:
+  server1_private_ip:
+    description: IP address of server1 in private network
+    value: { get_attr: [ server1, first_address ] }
+  server1_public_ip:
+    description: Floating IP address of server1 in public network
+    value: { get_attr: [ server1_floating_ip, floating_ip_address ] }
diff --git a/environments/enable-internal-tls.yaml b/environments/enable-internal-tls.yaml
index 6e912faa..d2fc59c6 100644
--- a/environments/enable-internal-tls.yaml
+++ b/environments/enable-internal-tls.yaml
@@ -6,3 +6,5 @@ resource_registry:
   OS::TripleO::Services::HAProxyInternalTLS: ../puppet/services/haproxy-internal-tls-certmonger.yaml
   OS::TripleO::Services::ApacheTLS: ../puppet/services/apache-internal-tls-certmonger.yaml
   OS::TripleO::Services::MySQLTLS: ../puppet/services/database/mysql-internal-tls-certmonger.yaml
+  # We use apache as a TLS proxy
+  OS::TripleO::Services::TLSProxyBase: ../puppet/services/apache.yaml
diff --git a/environments/puppet-pacemaker.yaml b/environments/puppet-pacemaker.yaml
index 0b71dbd9..da607a72 100644
--- a/environments/puppet-pacemaker.yaml
+++ b/environments/puppet-pacemaker.yaml
@@ -12,6 +12,7 @@ resource_registry:
   OS::TripleO::Services::RabbitMQ: ../puppet/services/pacemaker/rabbitmq.yaml
   OS::TripleO::Services::HAproxy: ../puppet/services/pacemaker/haproxy.yaml
   OS::TripleO::Services::Pacemaker: ../puppet/services/pacemaker.yaml
+  OS::TripleO::Services::PacemakerRemote: ../puppet/services/pacemaker_remote.yaml
   OS::TripleO::Services::Redis: ../puppet/services/pacemaker/database/redis.yaml
   OS::TripleO::Services::MySQL: ../puppet/services/pacemaker/database/mysql.yaml
   # Services that are disabled by default (use relevant environment files):
diff --git a/network/service_net_map.j2.yaml b/network/service_net_map.j2.yaml
index 36342cb7..cb4f464a 100644
--- a/network/service_net_map.j2.yaml
+++ b/network/service_net_map.j2.yaml
@@ -64,6 +64,7 @@ parameters:
       OvnDbsNetwork: internal_api
       MistralApiNetwork: internal_api
       ZaqarApiNetwork: internal_api
+      PacemakerRemoteNetwork: internal_api
       # We special-case the default ResolveNetwork for the CephStorage role
       # for backwards compatibility, all other roles default to internal_api
       CephStorageHostnameResolveNetwork: storage
diff --git a/overcloud-resource-registry-puppet.j2.yaml b/overcloud-resource-registry-puppet.j2.yaml
index 672a5af8..0612b186 100644
--- a/overcloud-resource-registry-puppet.j2.yaml
+++ b/overcloud-resource-registry-puppet.j2.yaml
@@ -160,6 +160,7 @@ resource_registry:
   OS::TripleO::Services::NeutronOvsAgent: puppet/services/neutron-ovs-agent.yaml
   OS::TripleO::Services::ComputeNeutronOvsAgent: puppet/services/neutron-ovs-agent.yaml
   OS::TripleO::Services::Pacemaker: OS::Heat::None
+  OS::TripleO::Services::PacemakerRemote: OS::Heat::None
   OS::TripleO::Services::NeutronSriovAgent: OS::Heat::None
   OS::TripleO::Services::RabbitMQ: puppet/services/rabbitmq.yaml
   OS::TripleO::Services::HAproxy: puppet/services/haproxy.yaml
@@ -230,6 +231,7 @@ resource_registry:
   OS::TripleO::Services::ContrailControl: puppet/services/network/contrail-control.yaml
   OS::TripleO::Services::ContrailDatabase: puppet/services/network/contrail-database.yaml
   OS::TripleO::Services::ContrailWebui: puppet/services/network/contrail-webui.yaml
+  OS::TripleO::Services::TLSProxyBase: OS::Heat::None
   OS::TripleO::Services::Zaqar: OS::Heat::None
   OS::TripleO::Services::NeutronML2FujitsuCfab: OS::Heat::None
   OS::TripleO::Services::NeutronML2FujitsuFossw: OS::Heat::None
diff --git a/puppet/major_upgrade_steps.j2.yaml b/puppet/major_upgrade_steps.j2.yaml
index 9430a704..433b03a0 100644
--- a/puppet/major_upgrade_steps.j2.yaml
+++ b/puppet/major_upgrade_steps.j2.yaml
@@ -31,19 +31,23 @@ resources:
   {% if step > 0 %}
     depends_on:
       {% for dep in roles %}
+        {% if not dep.disable_upgrade_deployment|default(false) %}
       - {{dep.name}}Upgrade_Step{{step -1}}
+        {% endif %}
       {% endfor %}
   {% endif %}
     properties:
       UpgradeStepConfig: {get_param: [role_data, {{role.name}}, upgrade_tasks]}
       step: {{step}}
-
+  {% if not role.disable_upgrade_deployment|default(false) %}
   {{role.name}}Upgrade_Step{{step}}:
     type: OS::Heat::StructuredDeploymentGroup
   {% if step > 0 %}
     depends_on:
       {% for dep in roles %}
+        {% if not dep.disable_upgrade_deployment|default(false) %}
       - {{dep.name}}Upgrade_Step{{step -1}}
+        {% endif %}
       {% endfor %}
   {% endif %}
     properties:
@@ -53,6 +57,7 @@ resources:
       input_values:
         role: {{role.name}}
         update_identifier: {get_param: UpdateIdentifier}
+  {% endif %}
   {% endfor %}
 {% endfor %}
 
diff --git a/puppet/services/cinder-api.yaml b/puppet/services/cinder-api.yaml
index b32c8185..eee04ce0 100644
--- a/puppet/services/cinder-api.yaml
+++ b/puppet/services/cinder-api.yaml
@@ -91,9 +91,6 @@ outputs:
             cinder::config:
               DEFAULT/swift_catalog_info:
                 value: 'object-store:swift:internalURL'
-            # TODO(emilien) remove the next line when https://review.openstack.org/422915
-            # is merged.
-            cinder::glance::glance_api_servers: {get_param: [EndpointMap, GlanceInternal, uri]}
             tripleo::profile::base::cinder::cinder_enable_db_purge: {get_param: CinderEnableDBPurge}
             tripleo.cinder_api.firewall_rules:
               '119 cinder':
diff --git a/puppet/services/glance-api.yaml b/puppet/services/glance-api.yaml
index 3ddb1927..09ea5d22 100644
--- a/puppet/services/glance-api.yaml
+++ b/puppet/services/glance-api.yaml
@@ -45,8 +45,23 @@ parameters:
     default:
       tag: openstack.glance.api
       path: /var/log/glance/api.log
+  EnableInternalTLS:
+    type: boolean
+    default: false
+
+conditions:
+  use_tls_proxy: {equals : [{get_param: EnableInternalTLS}, true]}
 
 resources:
+
+  TLSProxyBase:
+    type: OS::TripleO::Services::TLSProxyBase
+    properties:
+      ServiceNetMap: {get_param: ServiceNetMap}
+      DefaultPasswords: {get_param: DefaultPasswords}
+      EndpointMap: {get_param: EndpointMap}
+      EnableInternalTLS: {get_param: EnableInternalTLS}
+
   GlanceBase:
     type: ./glance-base.yaml
     properties:
@@ -66,6 +81,7 @@ outputs:
       config_settings:
         map_merge:
           - get_attr: [GlanceBase, role_data, config_settings]
+          - get_attr: [TLSProxyBase, role_data, config_settings]
           - glance::api::database_connection:
               list_join:
                 - ''
@@ -100,7 +116,23 @@ outputs:
             # internal_api -> IP
             # internal_api_uri -> [IP]
             # internal_api_subnet - > IP/CIDR
-            glance::api::bind_host: {get_param: [ServiceNetMap, GlanceApiNetwork]}
+            tripleo::profile::base::glance::api::tls_proxy_bind_ip:
+              get_param: [ServiceNetMap, GlanceApiNetwork]
+            tripleo::profile::base::glance::api::tls_proxy_fqdn:
+              str_replace:
+                template:
+                  "%{hiera('fqdn_$NETWORK')}"
+                params:
+                  $NETWORK: {get_param: [ServiceNetMap, GlanceApiNetwork]}
+            tripleo::profile::base::glance::api::tls_proxy_port:
+              get_param: [EndpointMap, GlanceInternal, port]
+            # Bind to localhost if internal TLS is enabled, since we put a TLs
+            # proxy in front.
+            glance::api::bind_host:
+              if:
+              - use_tls_proxy
+              - 'localhost'
+              - {get_param: [ServiceNetMap, GlanceApiNetwork]}
       step_config: |
         include ::tripleo::profile::base::glance::api
       service_config_settings:
diff --git a/puppet/services/pacemaker.yaml b/puppet/services/pacemaker.yaml
index 9adf1bdb..a8a9fb99 100644
--- a/puppet/services/pacemaker.yaml
+++ b/puppet/services/pacemaker.yaml
@@ -29,6 +29,11 @@ parameters:
     default: false
     description: Whether to enable fencing in Pacemaker or not.
     type: boolean
+  PacemakerRemoteAuthkey:
+    type: string
+    description: The authkey for the pacemaker remote service.
+    hidden: true
+    default: ''
   PcsdPassword:
     type: string
     description: The password for the 'pcsd' user for pacemaker.
@@ -112,5 +117,6 @@ outputs:
               passwords:
                 - {get_param: PcsdPassword}
                 - {get_param: [DefaultPasswords, pcsd_password]}
+        tripleo::profile::base::pacemaker::remote_authkey: {get_param: PacemakerRemoteAuthkey}
       step_config: |
         include ::tripleo::profile::base::pacemaker
diff --git a/puppet/services/pacemaker_remote.yaml b/puppet/services/pacemaker_remote.yaml
new file mode 100644
index 00000000..daee43e6
--- /dev/null
+++ b/puppet/services/pacemaker_remote.yaml
@@ -0,0 +1,57 @@
+heat_template_version: ocata
+
+description: >
+  Pacemaker remote service configured with Puppet
+
+parameters:
+  ServiceNetMap:
+    default: {}
+    description: Mapping of service_name -> network name. Typically set
+                 via parameter_defaults in the resource registry.  This
+                 mapping overrides those in ServiceNetMapDefaults.
+    type: json
+  DefaultPasswords:
+    default: {}
+    type: json
+  EndpointMap:
+    default: {}
+    description: Mapping of service endpoint -> protocol. Typically set
+                 via parameter_defaults in the resource registry.
+    type: json
+  PacemakerRemoteAuthkey:
+    type: string
+    description: The authkey for the pacemaker remote service.
+    hidden: true
+    default: ''
+  MonitoringSubscriptionPacemakerRemote:
+    default: 'overcloud-pacemaker_remote'
+    type: string
+  PacemakerRemoteLoggingSource:
+    type: json
+    default:
+      tag: system.pacemaker_remote
+      path: /var/log/pacemaker.log
+      format: >-
+        /^(?<time>[^ ]*\s*[^ ]* [^ ]*)
+        \[(?<pid>[^ ]*)\]
+        (?<host>[^ ]*)
+        (?<message>.*)$/
+
+outputs:
+  role_data:
+    description: Role data for the Pacemaker remote role.
+    value:
+      service_name: pacemaker_remote
+      monitoring_subscription: {get_param: MonitoringSubscriptionPacemakerRemote}
+      logging_groups:
+        - haclient
+      logging_source: {get_param: PacemakerRemoteLoggingSource}
+      config_settings:
+        tripleo.pacemaker_remote.firewall_rules:
+          '130 pacemaker_remote tcp':
+            proto: 'tcp'
+            dport:
+              - 3121
+        tripleo::profile::base::pacemaker_remote::remote_authkey: {get_param: PacemakerRemoteAuthkey}
+      step_config: |
+        include ::tripleo::profile::base::pacemaker_remote
diff --git a/roles_data.yaml b/roles_data.yaml
index 561500c8..39cb56f9 100644
--- a/roles_data.yaml
+++ b/roles_data.yaml
@@ -17,6 +17,9 @@
 # disable_constraints: (boolean) optional, whether to disable Nova and Glance
 # constraints for each role specified in the templates.
 #
+# disable_upgrade_deployment: (boolean) optional, whether to run the composable upgrade
+# steps for all services that are deployed on the particular role.
+#
 # ServicesDefault: (list) optional default list of services to be deployed
 # on the role, defaults to an empty list. Sets the default for the
 # {{role.name}}Services parameter in overcloud.yaml
@@ -109,6 +112,7 @@
 - name: Compute
   CountDefault: 1
   HostnameFormatDefault: '%stackname%-novacompute-%index%'
+  disable_upgrade_deployment: True
   ServicesDefault:
     - OS::TripleO::Services::CACerts
     - OS::TripleO::Services::CephClient
@@ -145,6 +149,7 @@
     - OS::TripleO::Services::FluentdClient
 
 - name: ObjectStorage
+  disable_upgrade_deployment: True
   ServicesDefault:
     - OS::TripleO::Services::CACerts
     - OS::TripleO::Services::Kernel
@@ -159,6 +164,7 @@
     - OS::TripleO::Services::FluentdClient
 
 - name: CephStorage
+  disable_upgrade_deployment: True
   ServicesDefault:
     - OS::TripleO::Services::CACerts
     - OS::TripleO::Services::CephOSD
diff --git a/tools/yaml-validate.py b/tools/yaml-validate.py
index 63e3ce51..19e40d19 100755
--- a/tools/yaml-validate.py
+++ b/tools/yaml-validate.py
@@ -196,8 +196,8 @@ if base_endpoint_map and \
         matches = validate_endpoint_map(base_endpoint_map,
                                         env_endpoint_map['map'])
         if not matches:
-            print("ERROR: %s doesn't match base endpoint map" %
-                  env_endpoint_map['file'])
+            print("ERROR: %s needs to be updated to match changes in base "
+                  "endpoint map" % env_endpoint_map['file'])
             failed_files.append(env_endpoint_map['file'])
             exit_val |= 1
         else: