Freeze all SHAs for 17.0.0.0b2
This patch updates all the roles to the latest available stable SHA's, copies the release notes from the updated roles into the integrated repo. Change-Id: Iebe2dfd5b1a1fd8977d13075dfe7f841e6e416a0
This commit is contained in:
parent
03a57d6668
commit
91cf1e88dc
@ -1,31 +1,31 @@
|
|||||||
- name: ansible-hardening
|
- name: ansible-hardening
|
||||||
scm: git
|
scm: git
|
||||||
src: https://git.openstack.org/openstack/ansible-hardening
|
src: https://git.openstack.org/openstack/ansible-hardening
|
||||||
version: master
|
version: 46a94c72518f83d27b25a5fa960dde7130956215
|
||||||
- name: apt_package_pinning
|
- name: apt_package_pinning
|
||||||
scm: git
|
scm: git
|
||||||
src: https://git.openstack.org/openstack/openstack-ansible-apt_package_pinning
|
src: https://git.openstack.org/openstack/openstack-ansible-apt_package_pinning
|
||||||
version: master
|
version: eba07d7dd7962d90301c49fc088551f9b35f367a
|
||||||
- name: pip_install
|
- name: pip_install
|
||||||
scm: git
|
scm: git
|
||||||
src: https://git.openstack.org/openstack/openstack-ansible-pip_install
|
src: https://git.openstack.org/openstack/openstack-ansible-pip_install
|
||||||
version: master
|
version: 32c27505c6e0ee00ea0fb4a1c62240c60f17a0e3
|
||||||
- name: galera_client
|
- name: galera_client
|
||||||
scm: git
|
scm: git
|
||||||
src: https://git.openstack.org/openstack/openstack-ansible-galera_client
|
src: https://git.openstack.org/openstack/openstack-ansible-galera_client
|
||||||
version: master
|
version: 9a8302cbba24ea4e5907567e5f93e874d30d79df
|
||||||
- name: galera_server
|
- name: galera_server
|
||||||
scm: git
|
scm: git
|
||||||
src: https://git.openstack.org/openstack/openstack-ansible-galera_server
|
src: https://git.openstack.org/openstack/openstack-ansible-galera_server
|
||||||
version: master
|
version: aa452989d7295111962f67a3f3a96d96bc408846
|
||||||
- name: ceph_client
|
- name: ceph_client
|
||||||
scm: git
|
scm: git
|
||||||
src: https://git.openstack.org/openstack/openstack-ansible-ceph_client
|
src: https://git.openstack.org/openstack/openstack-ansible-ceph_client
|
||||||
version: master
|
version: 34a04f7b24c80297866bc5ab56618e2211b1d5f9
|
||||||
- name: haproxy_server
|
- name: haproxy_server
|
||||||
scm: git
|
scm: git
|
||||||
src: https://git.openstack.org/openstack/openstack-ansible-haproxy_server
|
src: https://git.openstack.org/openstack/openstack-ansible-haproxy_server
|
||||||
version: master
|
version: 9966fd96fede46c3b00c9e069e402eae90c66f17
|
||||||
- name: keepalived
|
- name: keepalived
|
||||||
scm: git
|
scm: git
|
||||||
src: https://github.com/evrardjp/ansible-keepalived
|
src: https://github.com/evrardjp/ansible-keepalived
|
||||||
@ -33,135 +33,135 @@
|
|||||||
- name: lxc_container_create
|
- name: lxc_container_create
|
||||||
scm: git
|
scm: git
|
||||||
src: https://git.openstack.org/openstack/openstack-ansible-lxc_container_create
|
src: https://git.openstack.org/openstack/openstack-ansible-lxc_container_create
|
||||||
version: master
|
version: 68f81c679be88577633f98e8b9252a62bdcef754
|
||||||
- name: lxc_hosts
|
- name: lxc_hosts
|
||||||
scm: git
|
scm: git
|
||||||
src: https://git.openstack.org/openstack/openstack-ansible-lxc_hosts
|
src: https://git.openstack.org/openstack/openstack-ansible-lxc_hosts
|
||||||
version: master
|
version: 84ac3442e542aeedf1396c88e0387b4ea1548eb1
|
||||||
- name: memcached_server
|
- name: memcached_server
|
||||||
scm: git
|
scm: git
|
||||||
src: https://git.openstack.org/openstack/openstack-ansible-memcached_server
|
src: https://git.openstack.org/openstack/openstack-ansible-memcached_server
|
||||||
version: master
|
version: ae6f721dc0342e1e7b45ff2448ab51f7539dc01f
|
||||||
- name: openstack_hosts
|
- name: openstack_hosts
|
||||||
scm: git
|
scm: git
|
||||||
src: https://git.openstack.org/openstack/openstack-ansible-openstack_hosts
|
src: https://git.openstack.org/openstack/openstack-ansible-openstack_hosts
|
||||||
version: master
|
version: 05c7f09d181de1809fd596cc0d879c49e3f86bbf
|
||||||
- name: os_keystone
|
- name: os_keystone
|
||||||
scm: git
|
scm: git
|
||||||
src: https://git.openstack.org/openstack/openstack-ansible-os_keystone
|
src: https://git.openstack.org/openstack/openstack-ansible-os_keystone
|
||||||
version: master
|
version: cd9d4ef7d8614d241fa40ba33c1c205fd2b47fa1
|
||||||
- name: openstack_openrc
|
- name: openstack_openrc
|
||||||
scm: git
|
scm: git
|
||||||
src: https://git.openstack.org/openstack/openstack-ansible-openstack_openrc
|
src: https://git.openstack.org/openstack/openstack-ansible-openstack_openrc
|
||||||
version: master
|
version: d594c2debc249daa5b7f6f2890f546093efd1ee5
|
||||||
- name: os_aodh
|
- name: os_aodh
|
||||||
scm: git
|
scm: git
|
||||||
src: https://git.openstack.org/openstack/openstack-ansible-os_aodh
|
src: https://git.openstack.org/openstack/openstack-ansible-os_aodh
|
||||||
version: master
|
version: ce871dee75511f94bfd24dde8f97e573cf6d3ead
|
||||||
- name: os_barbican
|
- name: os_barbican
|
||||||
scm: git
|
scm: git
|
||||||
src: https://git.openstack.org/openstack/openstack-ansible-os_barbican
|
src: https://git.openstack.org/openstack/openstack-ansible-os_barbican
|
||||||
version: master
|
version: c3e191037d0978479e3cb95a59b2986adab28c69
|
||||||
- name: os_ceilometer
|
- name: os_ceilometer
|
||||||
scm: git
|
scm: git
|
||||||
src: https://git.openstack.org/openstack/openstack-ansible-os_ceilometer
|
src: https://git.openstack.org/openstack/openstack-ansible-os_ceilometer
|
||||||
version: master
|
version: 55bb04eaad4dd5c7fdad742b3557dc30dc9d45bf
|
||||||
- name: os_cinder
|
- name: os_cinder
|
||||||
scm: git
|
scm: git
|
||||||
src: https://git.openstack.org/openstack/openstack-ansible-os_cinder
|
src: https://git.openstack.org/openstack/openstack-ansible-os_cinder
|
||||||
version: master
|
version: 536dd3446e0fc7fc68ab42b982ac9affc4215787
|
||||||
- name: os_designate
|
- name: os_designate
|
||||||
scm: git
|
scm: git
|
||||||
src: https://git.openstack.org/openstack/openstack-ansible-os_designate
|
src: https://git.openstack.org/openstack/openstack-ansible-os_designate
|
||||||
version: master
|
version: a65d7a3394aef340ff94587dd0bb48133ed00763
|
||||||
- name: os_glance
|
- name: os_glance
|
||||||
scm: git
|
scm: git
|
||||||
src: https://git.openstack.org/openstack/openstack-ansible-os_glance
|
src: https://git.openstack.org/openstack/openstack-ansible-os_glance
|
||||||
version: master
|
version: 43aa00424f233a6125f7a9216cec42da1d8ca4c5
|
||||||
- name: os_gnocchi
|
- name: os_gnocchi
|
||||||
scm: git
|
scm: git
|
||||||
src: https://git.openstack.org/openstack/openstack-ansible-os_gnocchi
|
src: https://git.openstack.org/openstack/openstack-ansible-os_gnocchi
|
||||||
version: master
|
version: b1f7574dc529f8298a983d8d0e09520e90b571a8
|
||||||
- name: os_heat
|
- name: os_heat
|
||||||
scm: git
|
scm: git
|
||||||
src: https://git.openstack.org/openstack/openstack-ansible-os_heat
|
src: https://git.openstack.org/openstack/openstack-ansible-os_heat
|
||||||
version: master
|
version: 8fcd29197797eef409254605f0ce73ef8d1bda6b
|
||||||
- name: os_horizon
|
- name: os_horizon
|
||||||
scm: git
|
scm: git
|
||||||
src: https://git.openstack.org/openstack/openstack-ansible-os_horizon
|
src: https://git.openstack.org/openstack/openstack-ansible-os_horizon
|
||||||
version: master
|
version: 28f21f56b74a612c2e3b6f9c4866391128a91219
|
||||||
- name: os_ironic
|
- name: os_ironic
|
||||||
scm: git
|
scm: git
|
||||||
src: https://git.openstack.org/openstack/openstack-ansible-os_ironic
|
src: https://git.openstack.org/openstack/openstack-ansible-os_ironic
|
||||||
version: master
|
version: a90558f7a216e5e661c5d1a4048dbe30559542d1
|
||||||
- name: os_magnum
|
- name: os_magnum
|
||||||
scm: git
|
scm: git
|
||||||
src: https://git.openstack.org/openstack/openstack-ansible-os_magnum
|
src: https://git.openstack.org/openstack/openstack-ansible-os_magnum
|
||||||
version: master
|
version: 736d1707339cb99396578018a6bda7af9184fb02
|
||||||
- name: os_molteniron
|
- name: os_molteniron
|
||||||
scm: git
|
scm: git
|
||||||
src: https://git.openstack.org/openstack/openstack-ansible-os_molteniron
|
src: https://git.openstack.org/openstack/openstack-ansible-os_molteniron
|
||||||
version: master
|
version: 9b4c104a252c453bcd798fec9dbae7224b3d8001
|
||||||
- name: os_neutron
|
- name: os_neutron
|
||||||
scm: git
|
scm: git
|
||||||
src: https://git.openstack.org/openstack/openstack-ansible-os_neutron
|
src: https://git.openstack.org/openstack/openstack-ansible-os_neutron
|
||||||
version: master
|
version: 962cd92243641092412b6ef09a41bbf5e698c4a1
|
||||||
- name: os_nova
|
- name: os_nova
|
||||||
scm: git
|
scm: git
|
||||||
src: https://git.openstack.org/openstack/openstack-ansible-os_nova
|
src: https://git.openstack.org/openstack/openstack-ansible-os_nova
|
||||||
version: master
|
version: 53df001c9034f198b9349def3c9158f8bbe43ff3
|
||||||
- name: os_octavia
|
- name: os_octavia
|
||||||
scm: git
|
scm: git
|
||||||
src: https://git.openstack.org/openstack/openstack-ansible-os_octavia
|
src: https://git.openstack.org/openstack/openstack-ansible-os_octavia
|
||||||
version: master
|
version: 02ad3c68802287a1ba54cf10de085dcd14c324d8
|
||||||
- name: os_rally
|
- name: os_rally
|
||||||
scm: git
|
scm: git
|
||||||
src: https://git.openstack.org/openstack/openstack-ansible-os_rally
|
src: https://git.openstack.org/openstack/openstack-ansible-os_rally
|
||||||
version: master
|
version: bc9075dba204e64d11cb397017d32b0c2297eed0
|
||||||
- name: os_sahara
|
- name: os_sahara
|
||||||
scm: git
|
scm: git
|
||||||
src: https://git.openstack.org/openstack/openstack-ansible-os_sahara
|
src: https://git.openstack.org/openstack/openstack-ansible-os_sahara
|
||||||
version: master
|
version: 3c45121050ba21bd284f054d7b82a338f347157f
|
||||||
- name: os_swift
|
- name: os_swift
|
||||||
scm: git
|
scm: git
|
||||||
src: https://git.openstack.org/openstack/openstack-ansible-os_swift
|
src: https://git.openstack.org/openstack/openstack-ansible-os_swift
|
||||||
version: master
|
version: f31217bb097519f15755f2337165657d7eb6b014
|
||||||
- name: os_tacker
|
- name: os_tacker
|
||||||
scm: git
|
scm: git
|
||||||
src: https://git.openstack.org/openstack/openstack-ansible-os_tacker
|
src: https://git.openstack.org/openstack/openstack-ansible-os_tacker
|
||||||
version: master
|
version: d95902891c4e6200510509c066006c921cfff8df
|
||||||
- name: os_tempest
|
- name: os_tempest
|
||||||
scm: git
|
scm: git
|
||||||
src: https://git.openstack.org/openstack/openstack-ansible-os_tempest
|
src: https://git.openstack.org/openstack/openstack-ansible-os_tempest
|
||||||
version: master
|
version: 703ea4ad12332e1f98b46f6c3c4ad8ac18189e28
|
||||||
- name: os_trove
|
- name: os_trove
|
||||||
scm: git
|
scm: git
|
||||||
src: https://git.openstack.org/openstack/openstack-ansible-os_trove
|
src: https://git.openstack.org/openstack/openstack-ansible-os_trove
|
||||||
version: master
|
version: b425fa316999d0863a44126f239a33d8c3fec3a6
|
||||||
- name: plugins
|
- name: plugins
|
||||||
scm: git
|
scm: git
|
||||||
src: https://git.openstack.org/openstack/openstack-ansible-plugins
|
src: https://git.openstack.org/openstack/openstack-ansible-plugins
|
||||||
version: master
|
version: d2f60237761646968a4b39b15185fb5c84e7386f
|
||||||
- name: rabbitmq_server
|
- name: rabbitmq_server
|
||||||
scm: git
|
scm: git
|
||||||
src: https://git.openstack.org/openstack/openstack-ansible-rabbitmq_server
|
src: https://git.openstack.org/openstack/openstack-ansible-rabbitmq_server
|
||||||
version: master
|
version: 311f76890c8f99cb0b46958775d84de614609323
|
||||||
- name: repo_build
|
- name: repo_build
|
||||||
scm: git
|
scm: git
|
||||||
src: https://git.openstack.org/openstack/openstack-ansible-repo_build
|
src: https://git.openstack.org/openstack/openstack-ansible-repo_build
|
||||||
version: master
|
version: 59a3f444c263235d8f0f584da8768656179fa02a
|
||||||
- name: repo_server
|
- name: repo_server
|
||||||
scm: git
|
scm: git
|
||||||
src: https://git.openstack.org/openstack/openstack-ansible-repo_server
|
src: https://git.openstack.org/openstack/openstack-ansible-repo_server
|
||||||
version: master
|
version: 7889f37cdd2a90b4b98e8ef2e886f1fd4950fc0a
|
||||||
- name: rsyslog_client
|
- name: rsyslog_client
|
||||||
scm: git
|
scm: git
|
||||||
src: https://git.openstack.org/openstack/openstack-ansible-rsyslog_client
|
src: https://git.openstack.org/openstack/openstack-ansible-rsyslog_client
|
||||||
version: master
|
version: 310cfe9506d3742be10790533ad0d16100d81498
|
||||||
- name: rsyslog_server
|
- name: rsyslog_server
|
||||||
scm: git
|
scm: git
|
||||||
src: https://git.openstack.org/openstack/openstack-ansible-rsyslog_server
|
src: https://git.openstack.org/openstack/openstack-ansible-rsyslog_server
|
||||||
version: master
|
version: ba7bb699c0c874c7977add86ca308ca18be8f9a8
|
||||||
- name: sshd
|
- name: sshd
|
||||||
scm: git
|
scm: git
|
||||||
src: https://github.com/willshersystems/ansible-sshd
|
src: https://github.com/willshersystems/ansible-sshd
|
||||||
|
@ -14,7 +14,7 @@
|
|||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
|
||||||
## OpenStack Source Code Release
|
## OpenStack Source Code Release
|
||||||
openstack_release: master
|
openstack_release: 17.0.0.0b2
|
||||||
|
|
||||||
## Verbosity Options
|
## Verbosity Options
|
||||||
debug: False
|
debug: False
|
||||||
|
@ -0,0 +1,8 @@
|
|||||||
|
---
|
||||||
|
security:
|
||||||
|
- |
|
||||||
|
The following headers were added as additional default (and static) values.
|
||||||
|
`X-Content-Type-Options nosniff`, `X-XSS-Protection "1; mode=block"`, and
|
||||||
|
`Content-Security-Policy "default-src 'self' https: wss:;"`. Additionally,
|
||||||
|
the `X-Frame-Options DENY` header was added, defaulting to DENY. You may
|
||||||
|
override the header via the `keystone_x_frame_options` variable.
|
7
releasenotes/notes/clustecheck-9311d05fb32f13b3.yaml
Normal file
7
releasenotes/notes/clustecheck-9311d05fb32f13b3.yaml
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
---
|
||||||
|
features:
|
||||||
|
- The galera cluster now supports cluster health checks over HTTP using port
|
||||||
|
9200. The new cluster check ensures a node is healthy by running a simple
|
||||||
|
query against the wsrep sync status using monitoring user. This change will
|
||||||
|
provide for a more robust cluster check ensuring we have the most fault
|
||||||
|
tolerant galera cluster possible.
|
@ -0,0 +1,17 @@
|
|||||||
|
---
|
||||||
|
features:
|
||||||
|
- |
|
||||||
|
A typical OSA install will put the neutron and octavia queues on different
|
||||||
|
vhosts thus preventing the event streamer from working While octavia is
|
||||||
|
streaming to its own queue the consumer on the neutron side listens to the
|
||||||
|
neutron queue. With a recent octavia enhancement a separate queue for the
|
||||||
|
event streamer can be configured. This patch will set up the event
|
||||||
|
streamer to post into the neutron queue using neutron's credentials. Thus
|
||||||
|
reaching the consumer on the neutron-lbaas side and allowing for
|
||||||
|
streaming.
|
||||||
|
security:
|
||||||
|
- |
|
||||||
|
Since we use neutron's credentials to access the queue, security conscious
|
||||||
|
people might want to set up an extra user for octavia on the neutron queue
|
||||||
|
restricted to the topics octavia posts to.
|
||||||
|
|
@ -0,0 +1,7 @@
|
|||||||
|
---
|
||||||
|
features:
|
||||||
|
- |
|
||||||
|
Generating and validating checksums for all files installed by packages is now
|
||||||
|
disabled by default. The check causes delays in playbook runs and it can
|
||||||
|
consume a significant amount of CPU and I/O resources. Deployers can re-enable
|
||||||
|
the check by setting ``security_check_package_checksums`` to ``yes``.
|
5
releasenotes/notes/disable-ksm-670aeb175826b7ca.yaml
Normal file
5
releasenotes/notes/disable-ksm-670aeb175826b7ca.yaml
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
---
|
||||||
|
upgrade:
|
||||||
|
- KSM configuration is changed to disabled by default on Ubuntu.
|
||||||
|
If you overcommit the RAM on your hypervisor it's a good
|
||||||
|
idea to set ``nova_compute_ksm_enabled`` to ``True``.
|
@ -0,0 +1,5 @@
|
|||||||
|
---
|
||||||
|
other:
|
||||||
|
- Added support for specifying GID and UID for cinder system user by defining
|
||||||
|
``cinder_system_user_uid`` and ``cinder_system_group_gid``. This setting is
|
||||||
|
optional.
|
22
releasenotes/notes/glance-v2-api-only-0d4a61b0d4dade18.yaml
Normal file
22
releasenotes/notes/glance-v2-api-only-0d4a61b0d4dade18.yaml
Normal file
@ -0,0 +1,22 @@
|
|||||||
|
---
|
||||||
|
upgrade:
|
||||||
|
- |
|
||||||
|
The glance v1 API is now disabled by default as the API is scheduled
|
||||||
|
to be removed in Queens.
|
||||||
|
- |
|
||||||
|
The glance registry service is now disabled by default as it is not
|
||||||
|
required for the v2 API and is scheduled to be removed in the future.
|
||||||
|
The service can be enabled by setting ``glance_enable_v2_registry``
|
||||||
|
to ``True``.
|
||||||
|
deprecations:
|
||||||
|
- |
|
||||||
|
The ``glance_enable_v1_registry`` variable has been removed. When using
|
||||||
|
the glance v1 API the registry service is required, so having a variable
|
||||||
|
to disable it makes little sense. The service is now enabled/disabled
|
||||||
|
for the v1 API using the ``glance_enable_v1_api`` variable.
|
||||||
|
fixes:
|
||||||
|
- |
|
||||||
|
When the ``glance_enable_v2_registry`` variable is set to ``True`` the
|
||||||
|
corresponding ``data_api`` setting is now correctly set. Previously it
|
||||||
|
was not set and therefore the API service was not correctly informed
|
||||||
|
that the registry was operating.
|
@ -3,4 +3,4 @@ features:
|
|||||||
- Horizon now has the ability to set arbitrary configuration options using
|
- Horizon now has the ability to set arbitrary configuration options using
|
||||||
global option ``horizon_config_overrides`` in YAML format. The overrides
|
global option ``horizon_config_overrides`` in YAML format. The overrides
|
||||||
follow the same pattern found within the other OpenStack service
|
follow the same pattern found within the other OpenStack service
|
||||||
overrides. `General documentation on overrides can be found here <http://docs.openstack.org/developer/openstack-ansible/install-guide/configure-openstack.html#overriding-openstack-configuration-defaults>`_.
|
overrides. `General documentation on overrides can be found here <https://docs.openstack.org/project-deploy-guide/openstack-ansible/latest/app-advanced-config-override.html>`_.
|
||||||
|
@ -3,4 +3,4 @@ features:
|
|||||||
- It is now possible to use the horizon_launch_instance_defaults variable
|
- It is now possible to use the horizon_launch_instance_defaults variable
|
||||||
that allows customizing the default values for properties found in the
|
that allows customizing the default values for properties found in the
|
||||||
Launch Instance modal, using the LAUNCH_INSTANCE_DEFAULTS config option.
|
Launch Instance modal, using the LAUNCH_INSTANCE_DEFAULTS config option.
|
||||||
See https://docs.openstack.org/developer/horizon/install/settings.html#launch-instance-defaults
|
See https://docs.openstack.org/horizon/latest/configuration/settings.html#launch-instance-defaults
|
||||||
|
@ -0,0 +1,7 @@
|
|||||||
|
---
|
||||||
|
features:
|
||||||
|
- |
|
||||||
|
The maximum amount of time to wait until forcibly failing the
|
||||||
|
LXC cache preparation process is now configurable using the
|
||||||
|
``lxc_cache_prep_timeout`` variable. The value is specified
|
||||||
|
in seconds, with the default being 20 minutes.
|
@ -2,7 +2,7 @@
|
|||||||
features:
|
features:
|
||||||
- "Neutron BGP dynamic routing plugin can now optionally be deployed and
|
- "Neutron BGP dynamic routing plugin can now optionally be deployed and
|
||||||
configured. Please see `OpenStack Networking Guide: BGP dynamic routing
|
configured. Please see `OpenStack Networking Guide: BGP dynamic routing
|
||||||
<http://docs.openstack.org/networking-guide/config-bgp-dynamic-routing.html>`_
|
<https://docs.openstack.org/mitaka/networking-guide/config-bgp-dynamic-routing.html>`_
|
||||||
for details about what the service is and what it provides."
|
for details about what the service is and what it provides."
|
||||||
upgrade:
|
upgrade:
|
||||||
- Database migration tasks have been added for the dynamic routing neutron
|
- Database migration tasks have been added for the dynamic routing neutron
|
||||||
|
@ -2,9 +2,9 @@
|
|||||||
features:
|
features:
|
||||||
- Neutron Firewall as a Service (FWaaS) can now optionally be deployed and
|
- Neutron Firewall as a Service (FWaaS) can now optionally be deployed and
|
||||||
configured. Please see the `FWaaS Configuration Reference
|
configured. Please see the `FWaaS Configuration Reference
|
||||||
<http://docs.openstack.org/admin-guide-cloud/networking_introduction.html#firewall-as-a-service-fwaas-overview>`_
|
<https://docs.openstack.org/neutron/latest/admin/fwaas.html>`_
|
||||||
for details about the what the service is and what it provides. See the
|
for details about the what the service is and what it provides. See the
|
||||||
`FWaaS Install Guide <http://docs.openstack.org/developer/openstack-ansible/install-guide/configure-fwaas.html>`_
|
`FWaaS Install Guide <https://docs.openstack.org/openstack-ansible-os_neutron/latest/configure-network-services.html#firewall-service-optional>`_
|
||||||
for implementation details.
|
for implementation details.
|
||||||
upgrade:
|
upgrade:
|
||||||
- Database migration tasks have been added for the FWaaS neutron plugin.
|
- Database migration tasks have been added for the FWaaS neutron plugin.
|
||||||
|
@ -2,7 +2,7 @@
|
|||||||
features:
|
features:
|
||||||
- Neutron VPN as a Service (VPNaaS) can now optionally be deployed and
|
- Neutron VPN as a Service (VPNaaS) can now optionally be deployed and
|
||||||
configured. Please see the `OpenStack Networking Guide
|
configured. Please see the `OpenStack Networking Guide
|
||||||
<http://docs.openstack.org/mitaka/networking-guide/>`_ for details
|
<https://docs.openstack.org/mitaka/networking-guide/>`_ for details
|
||||||
about the what the service is and what it provides. See the
|
about the what the service is and what it provides. See the
|
||||||
`VPNaaS Install Guide <http://docs.openstack.org/developer/openstack-ansible/install-guide/configure-network-services.html#virtual-private-network-service-optional>`_
|
`VPNaaS Install Guide <https://docs.openstack.org/openstack-ansible-os_neutron/latest/configure-network-services.html#virtual-private-network-service-optional>`_
|
||||||
for implementation details.
|
for implementation details.
|
||||||
|
7
releasenotes/notes/new_healthcheck-9e559565745defd0.yaml
Normal file
7
releasenotes/notes/new_healthcheck-9e559565745defd0.yaml
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
---
|
||||||
|
features:
|
||||||
|
- |
|
||||||
|
Galera healthcheck has been improved, and relies on an xinetd service.
|
||||||
|
By default, the service is unaccessible (filtered with the no_access
|
||||||
|
directive). You can override the directive by setting any xinetd
|
||||||
|
valid value to ``galera_monitoring_allowed_source``.
|
@ -2,7 +2,7 @@
|
|||||||
features:
|
features:
|
||||||
- The horizon next generation instance management panels have been
|
- The horizon next generation instance management panels have been
|
||||||
enabled by default. This changes horizon to use the upstream defaults
|
enabled by default. This changes horizon to use the upstream defaults
|
||||||
instead of the legacy panels. `Documentation can be found here <http://docs.openstack.org/developer/horizon/topics/settings.html#launch-instance-ng-enabled>`_.
|
instead of the legacy panels. `Documentation can be found here <https://docs.openstack.org/horizon/latest/configuration/settings.html#launch-instance-ng-enabled>`_.
|
||||||
upgrade:
|
upgrade:
|
||||||
- |
|
- |
|
||||||
The default horizon instance launch panels have been changed to the
|
The default horizon instance launch panels have been changed to the
|
||||||
|
@ -0,0 +1,6 @@
|
|||||||
|
---
|
||||||
|
features:
|
||||||
|
- |
|
||||||
|
Open vSwitch dataplane with NSH support has been implemented.
|
||||||
|
This feature may be activated by setting ``ovs_nsh_support: True``
|
||||||
|
in ``/etc/openstack_deploy/user_variables.yml``.
|
@ -0,0 +1,5 @@
|
|||||||
|
---
|
||||||
|
features:
|
||||||
|
- A new variable, ``tempest_roles``, has been added to the
|
||||||
|
os_tempest role allowing users to define keystone roles
|
||||||
|
to be during tempest testing.
|
@ -0,0 +1,8 @@
|
|||||||
|
---
|
||||||
|
features:
|
||||||
|
- The ``security_sshd_permit_root_login`` setting can
|
||||||
|
now be set to change the ``PermitRootLogin`` setting
|
||||||
|
in ``/etc/ssh/sshd_config`` to any of the possible
|
||||||
|
options. Set ``security_sshd_permit_root_login`` to
|
||||||
|
one of ``without-password``, ``prohibit-password``,
|
||||||
|
``forced-commands-only``, ``yes`` or ``no``.
|
@ -0,0 +1,9 @@
|
|||||||
|
---
|
||||||
|
features:
|
||||||
|
- |
|
||||||
|
The repo server now implements nginx as a reverse proxy for python
|
||||||
|
packages sourced from pypi. The initial query will be to a local
|
||||||
|
deployment of pypiserver in order to serve any locally built packages,
|
||||||
|
but if the package is not available locally it will retry
|
||||||
|
the query against the upstream pypi mirror set in the variable
|
||||||
|
``repo_nginx_pypi_upstream`` (defaults to pypi) and cache the response.
|
@ -0,0 +1,37 @@
|
|||||||
|
---
|
||||||
|
features:
|
||||||
|
- |
|
||||||
|
The ``tempest_images`` data structure for the ``os_tempest`` role
|
||||||
|
now expects the values for each image to include ``name`` (optionally)
|
||||||
|
and ``format`` (the disk format). Also, the optional variable ``checksum``
|
||||||
|
may be used to set the checksum expected for the file in the format
|
||||||
|
``<algorithm>:<checksum>``.
|
||||||
|
- |
|
||||||
|
The default location for the image downloads in the ``os_tempest``
|
||||||
|
role set by the ``tempest_image_dir`` variable has now been changed
|
||||||
|
to be ``/opt/cache/files`` in order to match the default location
|
||||||
|
in nodepool. This improves the reliability of CI testing in
|
||||||
|
OpenStack CI as it will find the file already cached there.
|
||||||
|
- |
|
||||||
|
A new variable has been introduced into the ``os_tempest`` role
|
||||||
|
named ``tempest_image_downloader``. When set to ``deployment-host``
|
||||||
|
(which is the default) it uses the deployment host to handle the
|
||||||
|
download of images to be used for tempest testing. The images are
|
||||||
|
then uploaded to the target host for uploading into Glance.
|
||||||
|
deprecations:
|
||||||
|
- |
|
||||||
|
The following variables have been removed from the ``os_tempest``
|
||||||
|
role to simplify it. They have been replaced through the use of
|
||||||
|
the data structure ``tempest_images`` which now has equivalent
|
||||||
|
variables per image.
|
||||||
|
- cirros_version
|
||||||
|
- tempest_img_url
|
||||||
|
- tempest_image_file
|
||||||
|
- tempest_img_disk_format
|
||||||
|
- tempest_img_name
|
||||||
|
- tempest_images.sha256 (replaced by checksum)
|
||||||
|
fixes:
|
||||||
|
- |
|
||||||
|
The ``os_tempest`` tempest role was downloading images twice - once
|
||||||
|
arbitrarily, and once to use for testing. This has been consolidated
|
||||||
|
into a single download to a consistent location.
|
@ -0,0 +1,3 @@
|
|||||||
|
---
|
||||||
|
other:
|
||||||
|
- The use_neutron option was marked to be removed in sahara.
|
@ -0,0 +1,15 @@
|
|||||||
|
---
|
||||||
|
features:
|
||||||
|
- |
|
||||||
|
The tasks within the ansible-hardening role are now based on Version 1,
|
||||||
|
Release 3 of the Red Hat Enteprise Linux Security Technical Implementation
|
||||||
|
Guide.
|
||||||
|
- |
|
||||||
|
The ``sysctl`` parameter ``kernel.randomize_va_space`` is now set to
|
||||||
|
``2`` by default. This matches the default of most modern Linux
|
||||||
|
distributions and it ensures that Address Space Layout Randomization
|
||||||
|
(ASLR) is enabled.
|
||||||
|
- |
|
||||||
|
The Datagram Congestion Control Protocol (DCCP) kernel module is now
|
||||||
|
disabled by default, but a reboot is required to make the change
|
||||||
|
effective.
|
@ -0,0 +1,25 @@
|
|||||||
|
---
|
||||||
|
upgrade:
|
||||||
|
- |
|
||||||
|
If you have overriden your
|
||||||
|
``openstack_host_specific_kernel_modules``, please
|
||||||
|
remove its group matching, and move that override
|
||||||
|
directly to the appropriate group.
|
||||||
|
|
||||||
|
Example, for an override like:
|
||||||
|
|
||||||
|
.. code-block:: yaml
|
||||||
|
|
||||||
|
- name: "ebtables"
|
||||||
|
pattern: "CONFIG_BRIDGE_NF_EBTABLES"
|
||||||
|
group: "network_hosts"
|
||||||
|
|
||||||
|
You can create a file for the network_host group,
|
||||||
|
inside its group vars folder
|
||||||
|
``/etc/openstack_deploy/group_vars/network_hosts``,
|
||||||
|
with the content:
|
||||||
|
|
||||||
|
.. code-block:: yaml
|
||||||
|
|
||||||
|
- name: "ebtables"
|
||||||
|
pattern: "CONFIG_BRIDGE_NF_EBTABLES"
|
11
releasenotes/notes/static_uca_filename-849a6f491acae9c5.yaml
Normal file
11
releasenotes/notes/static_uca_filename-849a6f491acae9c5.yaml
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
---
|
||||||
|
upgrade:
|
||||||
|
- |
|
||||||
|
Any user that is coming from Pike or below on Ubuntu should modify
|
||||||
|
its ``user_external_repos_list``, switching its ubuntu cloud archive
|
||||||
|
repository from ``state: present`` to ``state: absent``.
|
||||||
|
From now on, UCA will be defined with the filename ``uca``. If the deployer
|
||||||
|
wants to use its mirror, he can still override the variable ``uca_repo``
|
||||||
|
to point to its mirror. Alternatively, the deployer can completely define
|
||||||
|
which repos to add and remove, ignoring our defaults, by overriding
|
||||||
|
``openstack_hosts_package_repos``.
|
5
releasenotes/notes/support-ksm-fe6993158768a14e.yaml
Normal file
5
releasenotes/notes/support-ksm-fe6993158768a14e.yaml
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
---
|
||||||
|
features:
|
||||||
|
- |
|
||||||
|
Enable Kernel Shared Memory support by setting
|
||||||
|
``nova_compute_ksm_enabled`` to ``True``.
|
@ -0,0 +1,7 @@
|
|||||||
|
---
|
||||||
|
features:
|
||||||
|
- |
|
||||||
|
Searching for world-writable files is now disabled by default. The search
|
||||||
|
causes delays in playbook runs and it can consume a significant amount of
|
||||||
|
CPU and I/O resources. Deployers can re-enable the search by setting
|
||||||
|
``security_find_world_writable_dirs`` to ``yes``.
|
Loading…
Reference in New Issue
Block a user