Update all SHAs for Newton-1 2016-06-02
This patch updates all the roles to the latest available SHA's, updates all the OpenStack Service SHA's and also updates the appropriate python requirements pins. Change-Id: Ifc77c02d456500651e8adcaf9338f81601e2c148
This commit is contained in:
parent
53702e0f84
commit
bb69b667f0
@ -1,125 +1,125 @@
|
||||
- name: apt_package_pinning
|
||||
scm: git
|
||||
src: https://git.openstack.org/openstack/openstack-ansible-apt_package_pinning
|
||||
version: master
|
||||
version: 27c0a0f3ab51c12d8b5602eb1f4053069cf7dfa0
|
||||
- name: pip_install
|
||||
scm: git
|
||||
src: https://git.openstack.org/openstack/openstack-ansible-pip_install
|
||||
version: master
|
||||
version: 0c782d893b4720eff64a4aa1ef1d0c900468db6f
|
||||
- name: pip_lock_down
|
||||
scm: git
|
||||
src: https://git.openstack.org/openstack/openstack-ansible-pip_lock_down
|
||||
version: master
|
||||
version: b2b669e3f4b78c9bcbfb09c111556ecd1142ec9f
|
||||
- name: galera_client
|
||||
scm: git
|
||||
src: https://git.openstack.org/openstack/openstack-ansible-galera_client
|
||||
version: master
|
||||
version: 90d58da17908b4b32638a739e01da254a589f5c6
|
||||
- name: galera_server
|
||||
scm: git
|
||||
src: https://git.openstack.org/openstack/openstack-ansible-galera_server
|
||||
version: master
|
||||
version: 5b23837dd0cbddb3aab13702bf7b824ae8c775ba
|
||||
- name: keepalived
|
||||
scm: git
|
||||
src: https://github.com/evrardjp/ansible-keepalived
|
||||
version: master
|
||||
version: 2.0.0
|
||||
- name: lxc_container_create
|
||||
scm: git
|
||||
src: https://git.openstack.org/openstack/openstack-ansible-lxc_container_create
|
||||
version: master
|
||||
version: e6022b33195d3dc2e7a24830b2d95b8c31f7c282
|
||||
- name: lxc_hosts
|
||||
scm: git
|
||||
src: https://git.openstack.org/openstack/openstack-ansible-lxc_hosts
|
||||
version: master
|
||||
version: c1fe6c0251186dcd4f5dcb04a6dc91c7aaa22b10
|
||||
- name: memcached_server
|
||||
scm: git
|
||||
src: https://git.openstack.org/openstack/openstack-ansible-memcached_server
|
||||
version: master
|
||||
version: d76fb52cb2dc733b5aa1e008877197a71feb5c4b
|
||||
- name: openstack-ansible-security
|
||||
scm: git
|
||||
src: https://git.openstack.org/openstack/openstack-ansible-security
|
||||
version: master
|
||||
version: ecb03290884e0ef6a05452b072e950f36a29610a
|
||||
- name: openstack_hosts
|
||||
scm: git
|
||||
src: https://git.openstack.org/openstack/openstack-ansible-openstack_hosts
|
||||
version: master
|
||||
version: c9abd5134e22810b6d332e1e0ae43b55bfc883ef
|
||||
- name: os_keystone
|
||||
scm: git
|
||||
src: https://git.openstack.org/openstack/openstack-ansible-os_keystone
|
||||
version: master
|
||||
version: bbc645cad8d7bd7864fcf0c76a26d619b23f7d75
|
||||
- name: openstack_openrc
|
||||
scm: git
|
||||
src: https://git.openstack.org/openstack/openstack-ansible-openstack_openrc
|
||||
version: master
|
||||
version: a9938092081ad34b7ceaf4e1c29275f835425e2d
|
||||
- name: os_aodh
|
||||
scm: git
|
||||
src: https://git.openstack.org/openstack/openstack-ansible-os_aodh
|
||||
version: master
|
||||
version: e9cf8b4d11937a68a6674dc5991494c997d1dc86
|
||||
- name: os_ceilometer
|
||||
scm: git
|
||||
src: https://git.openstack.org/openstack/openstack-ansible-os_ceilometer
|
||||
version: master
|
||||
version: 28ec6206b1c7338db7de85e3ec14e79383abfd45
|
||||
- name: os_cinder
|
||||
scm: git
|
||||
src: https://git.openstack.org/openstack/openstack-ansible-os_cinder
|
||||
version: master
|
||||
version: b854beeaf429546daa1fb9f342674754beeb9941
|
||||
- name: os_glance
|
||||
scm: git
|
||||
src: https://git.openstack.org/openstack/openstack-ansible-os_glance
|
||||
version: master
|
||||
version: 28c573b88d398da178fe992612f26e75033d6921
|
||||
- name: os_heat
|
||||
scm: git
|
||||
src: https://git.openstack.org/openstack/openstack-ansible-os_heat
|
||||
version: master
|
||||
version: 3383a911e4f5624acf5a8ab059f2a2249c74b1c3
|
||||
- name: os_horizon
|
||||
scm: git
|
||||
src: https://git.openstack.org/openstack/openstack-ansible-os_horizon
|
||||
version: master
|
||||
version: fe79b45b6dc2471558d9f2862e6a8cbabd4d9f59
|
||||
- name: os_ironic
|
||||
src: https://github.com/openstack/openstack-ansible-ironic
|
||||
scm: git
|
||||
version: master
|
||||
src: https://github.com/openstack/openstack-ansible-ironic
|
||||
version: 3113ef63af3740bb7d671450b38df7c11e82a8d5
|
||||
- name: os_neutron
|
||||
scm: git
|
||||
src: https://git.openstack.org/openstack/openstack-ansible-os_neutron
|
||||
version: master
|
||||
version: dcb0fff2556fd685c0177d963f872af2911a12a7
|
||||
- name: os_nova
|
||||
scm: git
|
||||
src: https://git.openstack.org/openstack/openstack-ansible-os_nova
|
||||
version: master
|
||||
version: 118c12c8c2fe00b8b805dd80e1db4d1bc544b787
|
||||
- name: os_swift
|
||||
scm: git
|
||||
src: https://git.openstack.org/openstack/openstack-ansible-os_swift
|
||||
version: master
|
||||
version: 9380862b618fa77272a8b453885e154e07f43481
|
||||
- name: os_tempest
|
||||
scm: git
|
||||
src: https://git.openstack.org/openstack/openstack-ansible-os_tempest
|
||||
version: master
|
||||
version: 4fe7f096e9754848dddbce3f7dac59f09b916c2a
|
||||
- name: plugins
|
||||
path: /etc/ansible
|
||||
scm: git
|
||||
src: https://git.openstack.org/openstack/openstack-ansible-plugins
|
||||
version: master
|
||||
version: a72d40ef8a997b8dc2501e9136a41997519a310a
|
||||
- name: rabbitmq_server
|
||||
scm: git
|
||||
src: https://git.openstack.org/openstack/openstack-ansible-rabbitmq_server
|
||||
version: master
|
||||
version: 1994d6be466c60e5e23b876768ae8bedee6be1b9
|
||||
- name: repo_build
|
||||
scm: git
|
||||
src: https://git.openstack.org/openstack/openstack-ansible-repo_build
|
||||
version: master
|
||||
version: 2c10e0d81cfe62a5b0337057a8ed727a512b0a2f
|
||||
- name: repo_server
|
||||
scm: git
|
||||
src: https://git.openstack.org/openstack/openstack-ansible-repo_server
|
||||
version: master
|
||||
version: 4efb9f2f88e98c0cb8a789e77a091b2fd4159df7
|
||||
- name: rsyslog_client
|
||||
scm: git
|
||||
src: https://git.openstack.org/openstack/openstack-ansible-rsyslog_client
|
||||
version: master
|
||||
version: 232bf64dec9a8f5078367a3448d7afadc7b04b5d
|
||||
- name: rsyslog_server
|
||||
scm: git
|
||||
src: https://git.openstack.org/openstack/openstack-ansible-rsyslog_server
|
||||
version: master
|
||||
version: 12ec7106f23a7ec43a37d139c05b3e58a4f53528
|
||||
- name: sshd
|
||||
scm: git
|
||||
src: https://github.com/willshersystems/ansible-sshd
|
||||
version: master
|
||||
version: 0.4.4
|
||||
|
@ -27,17 +27,17 @@
|
||||
|
||||
## Tempest service
|
||||
tempest_git_repo: https://git.openstack.org/openstack/tempest
|
||||
tempest_git_install_branch: c1513b71279604a58e2f6e40127b8b32eb1f7e93 # HEAD of "master" as of 19.05.2016
|
||||
tempest_git_install_branch: e9ae44b574f14ccd44dcd6b8cb8913bcebe35e83 # HEAD of "master" as of 02.06.2016
|
||||
tempest_git_dest: "/opt/tempest_{{ tempest_git_install_branch | replace('/', '_') }}"
|
||||
|
||||
|
||||
## NOVNC from source
|
||||
novncproxy_git_repo: https://github.com/kanaka/novnc
|
||||
novncproxy_git_install_branch: f52105bc88ebd18d5cb3fba817173e99600cdc3f # HEAD of "master" as of 19.05.2016
|
||||
novncproxy_git_install_branch: f52105bc88ebd18d5cb3fba817173e99600cdc3f # HEAD of "master" as of 02.06.2016
|
||||
novncproxy_git_dest: "/opt/novnc_{{ novncproxy_git_install_branch | replace('/', '_') }}"
|
||||
|
||||
|
||||
## spice-html5 from source
|
||||
spicehtml5_git_repo: https://github.com/SPICE/spice-html5
|
||||
spicehtml5_git_install_branch: 54cc41299bea8cd681ed0262735e0fd821cd774a # HEAD of "master" as of 19.05.2016
|
||||
spicehtml5_git_install_branch: 54cc41299bea8cd681ed0262735e0fd821cd774a # HEAD of "master" as of 02.06.2016
|
||||
spicehtml5_git_dest: "/opt/spicehtml5_{{ spicehtml5_git_install_branch | replace('/', '_') }}"
|
||||
|
@ -31,93 +31,93 @@
|
||||
|
||||
## Global Requirements
|
||||
requirements_git_repo: https://git.openstack.org/openstack/requirements
|
||||
requirements_git_install_branch: f724bca6c907122f53069dd6a6b5c5f56bd76a64 # HEAD of "master" as of 19.05.2016
|
||||
requirements_git_install_branch: e00676a8b2b2292138f3f02c2b3b949573730a49 # HEAD of "master" as of 02.06.2016
|
||||
requirements_git_dest: "/opt/requirements_{{ requirements_git_install_branch | replace('/', '_') }}"
|
||||
|
||||
|
||||
## Aodh service
|
||||
aodh_git_repo: https://git.openstack.org/openstack/aodh
|
||||
aodh_git_install_branch: 1c1064b6d447aa0186cbd9099dc84d7c34f60405 # HEAD of "master" as of 19.05.2016
|
||||
aodh_git_install_branch: 6f897a20bf56522e9b4d2490cf03de2312e47a9d # HEAD of "master" as of 02.06.2016
|
||||
aodh_git_dest: "/opt/aodh_{{ aodh_git_install_branch | replace('/', '_') }}"
|
||||
|
||||
|
||||
## Ceilometer service
|
||||
ceilometer_git_repo: https://git.openstack.org/openstack/ceilometer
|
||||
ceilometer_git_install_branch: 23978d7a7944a3a822587b16aeba946cb4d34845 # HEAD of "master" as of 19.05.2016
|
||||
ceilometer_git_install_branch: b95710db063258e29abc00a3a6313b840b906b9d # HEAD of "master" as of 02.06.2016
|
||||
ceilometer_git_dest: "/opt/ceilometer_{{ceilometer_git_install_branch | replace('/', '_') }}"
|
||||
|
||||
|
||||
## Cinder service
|
||||
cinder_git_repo: https://git.openstack.org/openstack/cinder
|
||||
cinder_git_install_branch: cb0504e24f80c98c662081f74b7e7c2351c9e06c # HEAD of "master" as of 19.05.2016
|
||||
cinder_git_install_branch: 3e83a3338943fac4908b3e7c8765563d35cae900 # HEAD of "master" as of 02.06.2016
|
||||
cinder_git_dest: "/opt/cinder_{{ cinder_git_install_branch | replace('/', '_') }}"
|
||||
|
||||
|
||||
## Glance service
|
||||
glance_git_repo: https://git.openstack.org/openstack/glance
|
||||
glance_git_install_branch: 67f4866fb232434ec3b22df71b06f7cd29365949 # HEAD of "master" as of 19.05.2016
|
||||
glance_git_install_branch: 8dd23d0b9c7ca9bb521f56407f6f601db84771f9 # HEAD of "master" as of 02.06.2016
|
||||
glance_git_dest: "/opt/glance_{{ glance_git_install_branch | replace('/', '_') }}"
|
||||
|
||||
|
||||
## Heat service
|
||||
heat_git_repo: https://git.openstack.org/openstack/heat
|
||||
heat_git_install_branch: d4445e15141aad03bba035d475629200a7ef3298 # HEAD of "master" as of 19.05.2016
|
||||
heat_git_install_branch: e4c09815e9557e5f93785e8a49db3c41be1d7892 # HEAD of "master" as of 02.06.2016
|
||||
heat_git_dest: "/opt/heat_{{ heat_git_install_branch | replace('/', '_') }}"
|
||||
|
||||
|
||||
## Horizon service
|
||||
horizon_git_repo: https://git.openstack.org/openstack/horizon
|
||||
horizon_git_install_branch: 6ec5dd3b5327df4d51c5c9a396656365918258d8 # HEAD of "master" as of 19.05.2016
|
||||
horizon_git_install_branch: 4e384db0cf665198866c94dae961d7123730da4c # HEAD of "master" as of 02.06.2016
|
||||
horizon_git_dest: "/opt/horizon_{{ horizon_git_install_branch | replace('/', '_') }}"
|
||||
|
||||
## Horizon LBaaS dashboard plugin
|
||||
neutron_lbaas_dashboard_git_repo: https://git.openstack.org/openstack/neutron-lbaas-dashboard
|
||||
neutron_lbaas_dashboard_git_install_branch: 528567509debcb9165bcf7bf675d31bde5d36c00 # HEAD of "master" as of 19.05.2016
|
||||
neutron_lbaas_dashboard_git_install_branch: 38605d2e4ccee5f956231ddf17785ba940fa66c9 # HEAD of "master" as of 02.06.2016
|
||||
neutron_lbaas_dashboard_git_dest: "/opt/neutron_lbaas_dashboard_{{ neutron_lbaas_dashboard_git_install_branch | replace('/', '_') }}"
|
||||
|
||||
|
||||
## Keystone service
|
||||
keystone_git_repo: https://git.openstack.org/openstack/keystone
|
||||
keystone_git_install_branch: 6635f8dcac2c14c24e1033ca7226671075161eb6 # HEAD of "master" as of 19.05.2016
|
||||
keystone_git_install_branch: 0068096e132d05aa799a8d7b58f9646b4d96ac34 # HEAD of "master" as of 02.06.2016
|
||||
keystone_git_dest: "/opt/keystone_{{ keystone_git_install_branch | replace('/', '_') }}"
|
||||
|
||||
|
||||
## Neutron service
|
||||
neutron_git_repo: https://git.openstack.org/openstack/neutron
|
||||
neutron_git_install_branch: 79c1d7efc1a964836a98339e1e820ab6ebc5570e # HEAD of "master" as of 19.05.2016
|
||||
neutron_git_install_branch: 96a195c064df65fb566defa839e8872750931f58 # HEAD of "master" as of 02.06.2016
|
||||
neutron_git_dest: "/opt/neutron_{{ neutron_git_install_branch | replace('/', '_') }}"
|
||||
|
||||
neutron_lbaas_git_repo: https://git.openstack.org/openstack/neutron-lbaas
|
||||
neutron_lbaas_git_install_branch: 0033ab1d00a342bb0627a9e44b5140f389883855 # HEAD of "master" as of 19.05.2016
|
||||
neutron_lbaas_git_install_branch: d693e6e9b2103fa02b31fe6bcd94cb888267cbc4 # HEAD of "master" as of 02.06.2016
|
||||
neutron_lbaas_git_dest: "/opt/neutron_lbaas_{{ neutron_lbaas_git_install_branch | replace('/', '_') }}"
|
||||
|
||||
neutron_vpnaas_git_repo: https://git.openstack.org/openstack/neutron-vpnaas
|
||||
neutron_vpnaas_git_install_branch: 5a7883bdf5c17ea5440c1f3dcdc2fbc065fc13f1 # HEAD of "master" as of 19.05.2016
|
||||
neutron_vpnaas_git_install_branch: bca157440b09659d4d47f01152dc951e2c960139 # HEAD of "master" as of 02.06.2016
|
||||
neutron_vpnaas_git_dest: "/opt/neutron_vpnaas_{{ neutron_vpnaas_git_install_branch | replace('/', '_') }}"
|
||||
|
||||
neutron_fwaas_git_repo: https://git.openstack.org/openstack/neutron-fwaas
|
||||
neutron_fwaas_git_install_branch: fadfe86516de7982c86de4dd1a0d275d0a6c84f7 # HEAD of "master" as of 19.05.2016
|
||||
neutron_fwaas_git_install_branch: 24921d8e2f62ed3c0dd14d5d67c3992fe8395a46 # HEAD of "master" as of 02.06.2016
|
||||
neutron_fwaas_git_dest: "/opt/neutron_fwaas_{{ neutron_fwaas_git_install_branch | replace('/', '_') }}"
|
||||
|
||||
|
||||
## Nova service
|
||||
nova_git_repo: https://git.openstack.org/openstack/nova
|
||||
nova_git_install_branch: 813787644bd11ffb8bdf46a547bd25982d995dea # HEAD of "master" as of 19.05.2016
|
||||
nova_git_install_branch: 0f8b89c6bf1762985ff59dc19a458e99c07278fa # HEAD of "master" as of 02.06.2016
|
||||
nova_git_dest: "/opt/nova_{{ nova_git_install_branch | replace('/', '_') }}"
|
||||
|
||||
|
||||
## PowerVM Virt Driver
|
||||
nova_powervm_git_repo: https://git.openstack.org/openstack/nova-powervm
|
||||
nova_powervm_git_install_branch: 86d7fdfee450de555cdc506c4ad2fdfbbc14ab24 # HEAD of "master" as of 18.05.2016
|
||||
nova_powervm_git_install_branch: 8c4a0c19d73aa38a1849a7da529889464d790bca # HEAD of "master" as of 02.06.2016
|
||||
nova_powervm_git_dest: "/opt/nova_powervm_{{ nova_powervm_git_install_branch | replace('/', '_') }}"
|
||||
|
||||
## Swift service
|
||||
swift_git_repo: https://git.openstack.org/openstack/swift
|
||||
swift_git_install_branch: 4f9d9eab7fdf7c85c3ad1fc884464d4df952118d # HEAD of "master" as of 19.05.2016
|
||||
swift_git_install_branch: 99186aded9d4904f63444eb8d33ab2d1c08eed76 # HEAD of "master" as of 02.06.2016
|
||||
swift_git_dest: "/opt/swift_{{ swift_git_install_branch | replace('/', '_') }}"
|
||||
|
||||
|
||||
## Ironic service
|
||||
ironic_git_repo: https://git.openstack.org/openstack/ironic
|
||||
ironic_git_install_branch: bb42652d709a82aecb93f1d77bfbcb7e1d027d06 # HEAD of "master" as of 19.05.2016
|
||||
ironic_git_install_branch: 838420868e98b30e6f2c11d538f6a881ee112975 # HEAD of "master" as of 02.06.2016
|
||||
ironic_git_dest: "/opt/ironic_{{ ironic_git_install_branch | replace('/', '_') }}"
|
||||
|
@ -70,7 +70,7 @@ pip_links:
|
||||
# These pins are updated through the sources-branch-updater script
|
||||
pip_packages:
|
||||
- pip==8.1.2
|
||||
- setuptools==21.1.0
|
||||
- setuptools==22.0.0
|
||||
- wheel==0.29.0
|
||||
|
||||
## Memcached options
|
||||
|
@ -0,0 +1,15 @@
|
||||
---
|
||||
features:
|
||||
- LXC containers will now have a proper RFC1034/5 hostname set during post
|
||||
build tasks. A localhost entry for 127.0.1.1 will be created by converting
|
||||
all of the "_" in the ``inventory_hostname`` to "-". Containers will be
|
||||
created with a default domain of *openstack.local*.
|
||||
This domain name can be customized to meet your deployment needs by
|
||||
setting the option ``lxc_container_domain``.
|
||||
upgrade:
|
||||
- LXC containers will now have a proper RFC1034/5 hostname set during post
|
||||
build tasks. A localhost entry for 127.0.1.1 will be created by converting
|
||||
all of the "_" in the ``inventory_hostname`` to "-". Containers will be
|
||||
created with a default domain of *openstack.local*.
|
||||
This domain name can be customized to meet your deployment needs by
|
||||
setting the option ``lxc_container_domain``.
|
6
releasenotes/notes/add-ca-certs-2398cb4856356028.yaml
Normal file
6
releasenotes/notes/add-ca-certs-2398cb4856356028.yaml
Normal file
@ -0,0 +1,6 @@
|
||||
---
|
||||
upgrade:
|
||||
- The ``ca-certificates`` package has been included in the LXC
|
||||
container build process in order to prevent issues related to
|
||||
trying to connect to public websites which make use of newer
|
||||
certificates than exist in the base CA certificate store.
|
@ -0,0 +1,4 @@
|
||||
---
|
||||
upgrade:
|
||||
- The Galera client role now has a dependency on the
|
||||
apt package pinning role.
|
@ -0,0 +1,15 @@
|
||||
---
|
||||
|
||||
upgrade:
|
||||
- |
|
||||
The variable ``security_audit_apparmor_changes`` is now renamed to
|
||||
``security_audit_mac_changes`` and is enabled by default. Setting
|
||||
``security_audit_mac_changes`` to ``no`` will disable syscall auditing for
|
||||
any changes to AppArmor policies (in Ubuntu) or SELinux policies (in
|
||||
CentOS).
|
||||
features:
|
||||
- |
|
||||
The auditd rules template included a rule that audited changes to the
|
||||
AppArmor policies, but the SELinux policy changes were not being audited.
|
||||
Any changes to SELinux policies in ``/etc/selinux`` are now being logged
|
||||
by auditd.
|
@ -0,0 +1,6 @@
|
||||
---
|
||||
upgrade:
|
||||
- The default value of ``service_credentials/os_endpoint_type``
|
||||
within ceilometer's configuration file has been changed to
|
||||
**internalURL**. This may be overridden through the use of
|
||||
the ``ceilometer_ceilometer_conf_overrides`` variable.
|
@ -0,0 +1,6 @@
|
||||
---
|
||||
features:
|
||||
- The pip_install role can now configure pip to be locked down to the
|
||||
repository built by OpenStack-Ansible. To enable the lockdown
|
||||
configuration, deployers may set ``pip_lock_to_internal_repo`` to
|
||||
``true`` in ``/etc/openstack_deploy/user_variables.yml``.
|
@ -0,0 +1,29 @@
|
||||
---
|
||||
features:
|
||||
- |
|
||||
The ability to support MultiStrOps has been added to the
|
||||
config_template action plugin. This change updates the parser to use
|
||||
the ``set()`` type to determine if values within a given key are to be
|
||||
rendered as ``MultiStrOps``. If an override is used in an INI config
|
||||
file the set type is defined using the standard yaml construct of "?"
|
||||
as the item marker.
|
||||
|
||||
::
|
||||
|
||||
# Example Override Entries
|
||||
Section:
|
||||
typical_list_things:
|
||||
- 1
|
||||
- 2
|
||||
multistrops_things:
|
||||
? a
|
||||
? b
|
||||
|
||||
::
|
||||
|
||||
# Example Rendered Config:
|
||||
[Section]
|
||||
typical_list_things = 1,2
|
||||
multistrops_things = a
|
||||
multistrops_things = b
|
||||
|
@ -0,0 +1,12 @@
|
||||
---
|
||||
upgrade:
|
||||
- |
|
||||
The LXC container cache preparation process now copies package
|
||||
repository configuration from the host instead of implementing
|
||||
its own configuration. The following variables are therefore
|
||||
unnecessary and have been removed:
|
||||
|
||||
* ``lxc_container_template_main_apt_repo``
|
||||
* ``lxc_container_template_security_apt_repo``
|
||||
* ``lxc_container_template_apt_components``
|
||||
|
@ -0,0 +1,6 @@
|
||||
---
|
||||
upgrade:
|
||||
- The LXC container cache preparation process now copies DNS
|
||||
resolution configuration from the host instead of implementing
|
||||
its own configuration. The ``lxc_cache_resolvers`` variable
|
||||
is therefore unnecessary and has been removed.
|
@ -0,0 +1,5 @@
|
||||
---
|
||||
upgrade:
|
||||
- The MariaDB wait_timeout setting is decreased to 1h to match the
|
||||
SQL Alchemy pool recycle timeout, in order to prevent unnecessary
|
||||
database session buildups.
|
@ -0,0 +1,5 @@
|
||||
---
|
||||
deprecations:
|
||||
- The ``rabbitmq_apt_packages`` variable has been deprecated.
|
||||
``rabbitmq_dependencies`` should be used instead to override
|
||||
additional packages to install alongside rabbitmq-server.
|
@ -0,0 +1,5 @@
|
||||
---
|
||||
deprecations:
|
||||
- The ``repo_apt_packages`` variable has been deprecated.
|
||||
``repo_server_packages`` should be used instead to override
|
||||
packages required to install a repo server.
|
4
releasenotes/notes/detect_power-a6a679c8c3dd3262.yaml
Normal file
4
releasenotes/notes/detect_power-a6a679c8c3dd3262.yaml
Normal file
@ -0,0 +1,4 @@
|
||||
---
|
||||
features:
|
||||
- The os_nova role can now detect a PowerNV environment and set the
|
||||
virtualization type to 'kvm'.
|
@ -0,0 +1,9 @@
|
||||
---
|
||||
fixes:
|
||||
- The dictionary-based variables in ``defaults/main.yml`` are now individual
|
||||
variables. The dictionary-based variables could not be changed as the
|
||||
documentation instructed. Instead it was required to override the entire
|
||||
dictionary. Deployers must use the new variable names to enable or disable
|
||||
the security configuration changes applied by the security role. For more
|
||||
information, see
|
||||
`Launchpad Bug 1577944 <https://bugs.launchpad.net/openstack-ansible/+bug/1577944>`_.
|
@ -0,0 +1,6 @@
|
||||
---
|
||||
fixes:
|
||||
- Failed access logging is now disabled by default and can be enabled by
|
||||
changing ``security_audit_failed_access`` to ``yes``. The rsyslog daemon
|
||||
checks for the existence of log files regularly and this audit rule was
|
||||
triggered very frequently, which led to very large audit logs.
|
@ -0,0 +1,7 @@
|
||||
fixes:
|
||||
- |
|
||||
An Ansible task was added to disable the ``netconsole`` service on CentOS
|
||||
systems if the service is installed on the system.
|
||||
|
||||
Deployers can opt-out of this change by setting
|
||||
``security_disable_netconsole`` to ``no``.
|
@ -0,0 +1,9 @@
|
||||
---
|
||||
fixes:
|
||||
- In order to ensure that the appropriate data is delivered to requesters from the repo servers,
|
||||
the slave repo_server web servers are taken offline during the synchronisation process. This
|
||||
ensures that the right data is always delivered to the requesters through the load balancer.
|
||||
security:
|
||||
- A sudoers entry has been added to the repo_servers in order to allow the nginx user to stop and
|
||||
start nginx via the init script. This is implemented in order to ensure that the repo sync
|
||||
process can shut off nginx while synchronising data from the master to the slaves.
|
@ -0,0 +1,8 @@
|
||||
---
|
||||
features:
|
||||
- |
|
||||
An Ansible was added to disable the ``rdisc`` service on CentOS systems if
|
||||
the service is installed on the system.
|
||||
|
||||
Deployers can opt-out of this change by setting ``security_disable_rdisc``
|
||||
to ``no``.
|
14
releasenotes/notes/enable-lsm-bae903e463079a3f.yaml
Normal file
14
releasenotes/notes/enable-lsm-bae903e463079a3f.yaml
Normal file
@ -0,0 +1,14 @@
|
||||
---
|
||||
features:
|
||||
- |
|
||||
The Linux Security Module (LSM) that is appropriate for the Linux
|
||||
distribution in use will be automatically enabled by the security role by
|
||||
default. Deployers can opt out of this change by setting the following
|
||||
Ansible variable:
|
||||
|
||||
.. code-block:: yaml
|
||||
|
||||
security_enable_linux_security_module: False
|
||||
|
||||
The documentation for STIG V-51337 has more information about how each
|
||||
LSM is enabled along with special notes for SELinux.
|
@ -0,0 +1,10 @@
|
||||
---
|
||||
fixes:
|
||||
- |
|
||||
The security role previously set the permissions on all audit log files in
|
||||
``/var/log/audit`` to ``0400``, but this prevents the audit daemon from
|
||||
writing to the active log file. This will prevent ``auditd`` from
|
||||
starting or restarting cleanly.
|
||||
|
||||
The task now removes any permissions that are not allowed by the STIG. Any
|
||||
log files that meet or exceed the STIG requirements will not be modified.
|
@ -0,0 +1,3 @@
|
||||
---
|
||||
features:
|
||||
- The ``os_glance`` role now supports Ubuntu 16.04 and SystemD.
|
@ -0,0 +1,7 @@
|
||||
---
|
||||
fixes:
|
||||
- The security role now handles ``ssh_config`` files that contain
|
||||
``Match`` stanzas. A marker is added to the configuration file and any new
|
||||
configuration items will be added below that marker. In addition, the
|
||||
configuration file is validated for each change to the ssh configuration
|
||||
file.
|
@ -0,0 +1,5 @@
|
||||
---
|
||||
security:
|
||||
- Horizon disables password autocompletion in the browser by default, but
|
||||
deployers can now enable autocompletion by setting
|
||||
``horizon_enable_password_autocomplete`` to ``True``.
|
@ -0,0 +1,3 @@
|
||||
---
|
||||
features:
|
||||
- CentOS 7 support has been added to the ``galera_server`` role.
|
@ -0,0 +1,12 @@
|
||||
---
|
||||
features:
|
||||
- Implemented support for Ubuntu 16.04 Xenial. percona-xtrabackup
|
||||
packages will be installed from distro repositories, instead of
|
||||
upstream percona repositories due to lack of available packages
|
||||
upstream at the time of implementing this feature.
|
||||
deprecations:
|
||||
- galera_package_url changed to percona_package_url for clarity
|
||||
- galera_package_sha256 changed to percona_package_sha256 for clarity
|
||||
- galera_package_path changed to percona_package_path for clarity
|
||||
- galera_package_download_validate_certs changed to
|
||||
percona_package_download_validate_certs for clarity
|
@ -0,0 +1,42 @@
|
||||
---
|
||||
features:
|
||||
- |
|
||||
The ability to support login user domain and login project domain has been added to the
|
||||
keystone module.
|
||||
|
||||
::
|
||||
|
||||
# Example usage
|
||||
- keystone:
|
||||
command: ensure_user
|
||||
endpoint: "{{ keystone_admin_endpoint }}"
|
||||
login_user: admin
|
||||
login_password: admin
|
||||
login_project_name: admin
|
||||
login_user_domain_name: custom
|
||||
login_project_domain_name: custom
|
||||
user_name: demo
|
||||
password: demo
|
||||
project_name: demo
|
||||
domain_name: custom
|
||||
|
||||
fixes:
|
||||
- |
|
||||
The ability to support login user domain and login project domain has been added to the
|
||||
keystone module. This resolves https://bugs.launchpad.net/openstack-ansible/+bug/1574000
|
||||
|
||||
::
|
||||
|
||||
# Example usage
|
||||
- keystone:
|
||||
command: ensure_user
|
||||
endpoint: "{{ keystone_admin_endpoint }}"
|
||||
login_user: admin
|
||||
login_password: admin
|
||||
login_project_name: admin
|
||||
login_user_domain_name: custom
|
||||
login_project_domain_name: custom
|
||||
user_name: demo
|
||||
password: demo
|
||||
project_name: demo
|
||||
domain_name: custom
|
@ -0,0 +1,9 @@
|
||||
---
|
||||
features:
|
||||
- |
|
||||
The new LBaaS v2 dashboard is available in Horizon. Deployers can enable
|
||||
the panel by setting the following Ansible variable:
|
||||
|
||||
.. code-block:: yaml
|
||||
|
||||
horizon_enable_neutron_lbaas: True
|
@ -0,0 +1,29 @@
|
||||
---
|
||||
features:
|
||||
- The ``lxc_container_create`` role will now build a container
|
||||
based on the distro of the host OS.
|
||||
- The ``lxc_container_create`` role now supports Ubuntu 14.04,
|
||||
16.04, and RHEL/CentOS 7
|
||||
upgrade:
|
||||
- The ``lxc_container_create`` role no longer uses the distro specific lxc
|
||||
container create template.
|
||||
- |
|
||||
The following variable changes have been made in the ``lxc_host`` role:
|
||||
|
||||
* **lxc_container_template**: Removed because the template option is now
|
||||
contained within the operating system specific variable file loaded at
|
||||
runtime.
|
||||
* **lxc_container_template_options**: This option was renamed to
|
||||
*lxc_container_download_template_options*. The deprecation filter was not
|
||||
used because the values provided from this option have been
|
||||
fundamentally changed and old overrides will cause problems.
|
||||
* **lxc_container_release**: Removed because image is now tied with the host
|
||||
operating system.
|
||||
* **lxc_container_user_name**: Removed because the default users are no longer
|
||||
created when the cached image is created.
|
||||
* **lxc_container_user_password**: Removed because the default users are no
|
||||
longer created when the cached image is created.
|
||||
* **lxc_container_template_main_apt_repo**: Removed because this option is now
|
||||
being set within the cache creation process and is no longer needed here.
|
||||
* **lxc_container_template_security_apt_repo**: Removed because this option is
|
||||
now being set within the cache creation process and is no longer needed here.
|
@ -0,0 +1,29 @@
|
||||
---
|
||||
features:
|
||||
- The ``lxc_host`` cache prep has been updated to use the LXC download
|
||||
template. This removes the last remaining dependency the project has on
|
||||
the `rpc-trusty-container.tgz image <http://rpc-repo.rackspace.com/container_images/rpc-trusty-container.tgz>`_.
|
||||
- The ``lxc_host`` role will build lxc cache using the download
|
||||
template built from `images found here <https://images.linuxcontainers.org>`_.
|
||||
These images are upstream builds from the greater LXC/D community.
|
||||
- The ``lxc_host`` role introduces support for CentOS 7 and Ubuntu 16.04
|
||||
container types.
|
||||
upgrade:
|
||||
- The ``lxc_host`` role no longer uses the distro specific lxc container
|
||||
create template.
|
||||
- |
|
||||
The following variable changes have been made in the ``lxc_host`` role:
|
||||
|
||||
* **lxc_container_user_password**: Removed because the default lxc
|
||||
container user is no longer created by the lxc container template.
|
||||
* **lxc_container_template_options**: This option was renamed to
|
||||
*lxc_cache_download_template_options*. The deprecation filter was not
|
||||
used because the values provided from this option have been
|
||||
fundamentally changed and potentially old overrides will cause
|
||||
problems.
|
||||
* **lxc_container_base_delete**: Removed because the cache will be
|
||||
refreshed upon role execution.
|
||||
* **lxc_cache_validate_certs**: Removed because the Ansible ``get_url``
|
||||
module is no longer used.
|
||||
* **lxc_container_caches**: Removed because the container create process
|
||||
will build a cached image based on the host OS.
|
@ -0,0 +1,4 @@
|
||||
---
|
||||
features:
|
||||
- Horizon now has a boolean variable named ``horizon_enable_ha_router`` to
|
||||
enable Neutron HA router management.
|
14
releasenotes/notes/make-ipv6-a-toggle-63d9c839e204cdda.yaml
Normal file
14
releasenotes/notes/make-ipv6-a-toggle-63d9c839e204cdda.yaml
Normal file
@ -0,0 +1,14 @@
|
||||
---
|
||||
features:
|
||||
- |
|
||||
Horizon's IPv6 support is now enabled by default. This allows users to
|
||||
manage subnets with IPv6 addresses within the Horizon interface. Deployers
|
||||
can disable IPv6 support in Horizon by setting the following variable:
|
||||
|
||||
.. code-block:: yaml
|
||||
|
||||
horizon_enable_ipv6: False
|
||||
|
||||
Please note: Horizon will still display IPv6 addresses in various panels
|
||||
with IPv6 support disabled. However, it will not allow any direct
|
||||
management of IPv6 configuration.
|
@ -0,0 +1,9 @@
|
||||
---
|
||||
features:
|
||||
- The openstack-ansible-memcached_server role includes
|
||||
a new override,`memcached_connections` which is
|
||||
automatically calculated from the number of memcached
|
||||
connection limit plus additional 1k to configure
|
||||
the OS nofile limit. Without proper nofile limit
|
||||
configuration, memcached will crash in order to support
|
||||
higher parallel connection TCP/Memcache counts.
|
12
releasenotes/notes/multi-distro-add-0e53560f66394691.yaml
Normal file
12
releasenotes/notes/multi-distro-add-0e53560f66394691.yaml
Normal file
@ -0,0 +1,12 @@
|
||||
---
|
||||
features:
|
||||
- CentOS 7 support has been added to the ``galera_client`` role.
|
||||
deprecations:
|
||||
- The variable **galera_client_apt_packages** has been deprecated
|
||||
when deploying the ``galera_client`` role on Ubuntu 14.04. This
|
||||
variable has been replaced with **galera_client_packages** and
|
||||
will be removed in the Ocata release.
|
||||
- The variable **galera_apt_pinned_packages** has been deprecated
|
||||
when deploying the ``galera_client`` role on Ubuntu 14.04. This
|
||||
variable has been replaced with **galera_pinned_packages**
|
||||
and will be removed in the Ocata release.
|
@ -0,0 +1,15 @@
|
||||
---
|
||||
features:
|
||||
- Whether the Neutron DHCP Agent, Metadata Agent or LinuxBridge Agent
|
||||
should be enabled is now dynamically determined based on the
|
||||
``neutron_plugin_type`` and the ``neutron_ml2_mechanism_drivers``
|
||||
that are set. This aims to simplify the configuration of Neutron
|
||||
services and eliminate the need for deployers to override the
|
||||
entire ``neutron_services`` dict variable to disable these services.
|
||||
upgrade:
|
||||
- Whether the Neutron DHCP Agent, Metadata Agent or LinuxBridge Agent
|
||||
should be enabled is now dynamically determined based on the
|
||||
``neutron_plugin_type`` and the ``neutron_ml2_mechanism_drivers``
|
||||
that are set. This aims to simplify the configuration of Neutron
|
||||
services and eliminate the need for deployers to override the
|
||||
entire ``neutron_services`` dict variable to disable these services.
|
@ -0,0 +1,8 @@
|
||||
---
|
||||
upgrade:
|
||||
- As described in the `Mitaka release notes
|
||||
<http://docs.openstack.org/releasenotes/neutron/mitaka.html>`_
|
||||
Neutron now correctly calculates for and advertises the MTU to
|
||||
instances. The default DHCP configuration to advertise an MTU
|
||||
to instances has therefore been removed from the variable
|
||||
``neutron_dhcp_config``.
|
@ -2,7 +2,7 @@
|
||||
features:
|
||||
- Neutron Firewall as a Service (FWaaS) can now optionally be deployed and
|
||||
configured. Please see the `FWaaS Configuration Reference
|
||||
<http://docs.openstack.org/admin-guide/networking_introduction.html#firewall-as-a-service-fwaas-overview>`_
|
||||
<http://docs.openstack.org/admin-guide-cloud/networking_introduction.html#firewall-as-a-service-fwaas-overview>`_
|
||||
for details about the what the service is and what it provides. See the
|
||||
`FWaaS Install Guide <http://docs.openstack.org/developer/openstack-ansible/install-guide/configure-fwaas.html>`_
|
||||
for implementation details.
|
||||
|
@ -0,0 +1,9 @@
|
||||
---
|
||||
upgrade:
|
||||
- As described in the `Mitaka release notes
|
||||
<http://docs.openstack.org/releasenotes/neutron/mitaka.html>`_
|
||||
Neutron now correctly calculates for and advertises the MTU to
|
||||
instances. As such the ``neutron_network_device_mtu`` variable
|
||||
has been removed and the hard-coded values in the templates for
|
||||
``advertise_mtu``, ``path_mtu``, and ``segment_mtu`` have been
|
||||
removed to allow upstream defaults to operate as intended.
|
@ -0,0 +1,10 @@
|
||||
---
|
||||
features:
|
||||
- Deployers can now configure tempest public and private networks by setting
|
||||
the following variables, 'tempest_private_net_provider_type' to either vxlan
|
||||
or vlan and 'tempest_public_net_provider_type' to flat or vlan. Depending on
|
||||
what the deployer sets these variables to, they may also need to update other
|
||||
variables accordingly, this mainly involves 'tempest_public_net_physical_type'
|
||||
and 'tempest_public_net_seg_id'. Please refer to
|
||||
http://docs.openstack.org/mitaka/networking-guide/intro-basic-networking.html
|
||||
for more neutron networking information.
|
@ -0,0 +1,16 @@
|
||||
---
|
||||
features:
|
||||
- The horizon next generation instance management panels have been
|
||||
enabled by default. This changes horizon to use the upstream defaults
|
||||
instead of the legacy panels. `Documentation can be found here <http://docs.openstack.org/developer/horizon/topics/settings.html#launch-instance-ng-enabled>`_.
|
||||
upgrade:
|
||||
- |
|
||||
The default horizon instance launch panels have been changed to the
|
||||
next generation panels. To enable legacy functionality set the following
|
||||
options accordingly:
|
||||
|
||||
.. code-block:: yaml
|
||||
|
||||
horizon_launch_instance_legacy: True
|
||||
horizon_launch_instance_ng: False
|
||||
|
@ -0,0 +1,8 @@
|
||||
---
|
||||
upgrade:
|
||||
- Cleanup tasks are added to remove the nova console git
|
||||
directories ``/usr/share/novnc`` and ``/usr/share/spice-html5``,
|
||||
prior to cloning these inside the nova vnc and spice
|
||||
console playbooks. This is necessary to guarantee
|
||||
that local modifications do not break git clone
|
||||
operations, especially during upgrades.
|
@ -0,0 +1,5 @@
|
||||
---
|
||||
features:
|
||||
- A new configuration parameter ``security_ntp_bind_local_interfaces`` was
|
||||
added to the security role to restrict the network interface to which
|
||||
chronyd will listen for NTP requests.
|
14
releasenotes/notes/openvswitch-support-1b71ae52dde81403.yaml
Normal file
14
releasenotes/notes/openvswitch-support-1b71ae52dde81403.yaml
Normal file
@ -0,0 +1,14 @@
|
||||
---
|
||||
features:
|
||||
- |
|
||||
Open vSwitch driver support has been implemented. This includes the implementation of the
|
||||
appropriate Neutron configuration and package installation. This feature may be activated
|
||||
by setting ``neutron_plugin_type: ml2.ovs`` in ``/etc/openstack_deploy/user_variables.yml``.
|
||||
upgrade:
|
||||
- The variable ``neutron_linuxbridge`` has been removed as it is no longer used.
|
||||
- The variable ``neutron_driver_interface`` has been removed. The appropriate value for
|
||||
``neutron.conf`` is now determined based on the ``neutron_plugin_type``.
|
||||
- The variable ``neutron_driver_firewall`` has been removed. The appropriate value for
|
||||
``neutron.conf`` is now determined based on the ``neutron_plugin_type``.
|
||||
- The variable ``neutron_ml2_mechanism_drivers`` has been removed. The appropriate value for
|
||||
ml2_conf.ini is now determined based on the ``neutron_plugin_type``.
|
@ -0,0 +1,17 @@
|
||||
---
|
||||
features:
|
||||
- |
|
||||
Apache MPM tunable support has been added to the os-keystone
|
||||
role in order to allow MPM thread tuning.
|
||||
Default values reflect the current Ubuntu default settings:
|
||||
|
||||
.. code-block:: yaml
|
||||
|
||||
keystone_httpd_mpm_backend: event
|
||||
keystone_httpd_mpm_start_servers: 2
|
||||
keystone_httpd_mpm_min_spare_threads: 25
|
||||
keystone_httpd_mpm_max_spare_threads: 75
|
||||
keystone_httpd_mpm_thread_limit: 64
|
||||
keystone_httpd_mpm_thread_child: 25
|
||||
keystone_httpd_mpm_max_requests: 150
|
||||
keystone_httpd_mpm_max_conn_child: 0
|
@ -0,0 +1,7 @@
|
||||
---
|
||||
upgrade:
|
||||
- The Neutron L3 Agent configuration for the handle_internal_only_routers
|
||||
variable is removed in order to use the Neutron upstream default setting.
|
||||
The current default for handle_internal_only_routers is True,
|
||||
which does allow Neutron L3 router without external networks attached
|
||||
(as discussed per https://bugs.launchpad.net/neutron/+bug/1572390).
|
@ -0,0 +1,3 @@
|
||||
---
|
||||
other:
|
||||
- Mariadb version upgrade gate checks removed.
|
@ -0,0 +1,7 @@
|
||||
---
|
||||
upgrade:
|
||||
- Percona Xtrabackup has been removed from the Galera client
|
||||
role.
|
||||
deprecations:
|
||||
- The variables ```galera_client_package_*``` and ```galera_client_apt_percona_xtrabackup_*```
|
||||
have been removed from the role as Xtrabackup is no longer deployed.
|
@ -0,0 +1,5 @@
|
||||
---
|
||||
upgrade:
|
||||
- The variable ``verbose`` has been removed. Deployers should rely on the
|
||||
``debug`` var to enable higher levels of memcached logging.
|
||||
|
@ -0,0 +1,5 @@
|
||||
---
|
||||
upgrade:
|
||||
- The database create and user creates have been removed
|
||||
from the ``os_heat`` role. These tasks have been relocated
|
||||
to the playbooks.
|
@ -0,0 +1,5 @@
|
||||
---
|
||||
upgrade:
|
||||
- The database create and user creates have been removed
|
||||
from the ``os_nova`` role. These tasks have been relocated
|
||||
to the playbooks.
|
@ -0,0 +1,5 @@
|
||||
---
|
||||
upgrade:
|
||||
- The database create and user creates have been removed
|
||||
from the ``os_glance`` role. These tasks have been relocated
|
||||
to the playbooks.
|
@ -0,0 +1,5 @@
|
||||
---
|
||||
upgrade:
|
||||
- The database and user creates have been removed from the
|
||||
``os_horizon`` role. These tasks have been relocated to
|
||||
the playbooks.
|
@ -0,0 +1,5 @@
|
||||
---
|
||||
upgrade:
|
||||
- The database create and user creates have been removed
|
||||
from the ``os_cinder`` role. These tasks have been relocated
|
||||
to the playbooks.
|
@ -0,0 +1,5 @@
|
||||
---
|
||||
upgrade:
|
||||
- The database create and user creates have been removed
|
||||
from the ``os_neutron`` role. These tasks have been relocated
|
||||
to the playbooks.
|
@ -0,0 +1,6 @@
|
||||
---
|
||||
features:
|
||||
- |
|
||||
Tasks were added to search for any device files without a proper SELinux
|
||||
label on CentOS systems. If any of these device labels are found, the
|
||||
playbook execution will stop with an error message.
|
@ -0,0 +1,5 @@
|
||||
---
|
||||
fixes:
|
||||
- The check to validate whether an appropriate ssh public key
|
||||
is available to copy into the container cache has been
|
||||
corrected to check the deployment host, not the LXC host.
|
@ -0,0 +1,5 @@
|
||||
---
|
||||
features:
|
||||
- The openstack-ansible-security role supports the application of the Red
|
||||
Hat Enterprise Linux 6 STIG configurations to systems running CentOS 7 and
|
||||
Ubuntu 16.04 LTS.
|
@ -0,0 +1,11 @@
|
||||
---
|
||||
features:
|
||||
- The ``fallocate_reserve` option can now be set (in bytes or as a percentage) for swift
|
||||
by using the ``swift_fallocate_reserve`` variable in
|
||||
``/etc/openstack_deploy/user_variables.yml``. This value is the amount of space to
|
||||
reserve on a disk to prevent a situation where swift is unable to remove objects due
|
||||
to a lack of available disk space to work with. The default value is 1% of the total
|
||||
disk size.
|
||||
upgrade:
|
||||
- The ``swift_fallocate_reserve`` default value has changed from 10737418240
|
||||
(10GB) to 1% in order to match the OpenStack swift default setting.
|
15
releasenotes/notes/swift-pypy-support-9706519c4b88a571.yaml
Normal file
15
releasenotes/notes/swift-pypy-support-9706519c4b88a571.yaml
Normal file
@ -0,0 +1,15 @@
|
||||
---
|
||||
features:
|
||||
- While default python interpreter for swift is cpython, pypy is
|
||||
now an option. This change adds the ability to greatly improve swift
|
||||
performance without the core code modifications. These changes have
|
||||
been implemented using the documentation provided by Intel and
|
||||
Swiftstack. Notes about the performance increase can be seen
|
||||
`here <https://software.intel.com/en-us/blogs/2016/05/06/doubling-the-performance-of-openstack-swift-with-no-code-changes>`_.
|
||||
upgrade:
|
||||
- A new option `swift_pypy_enabled` has been added to enable or
|
||||
disable the pypy interpreter for swift. The default is "false".
|
||||
- A new option `swift_pypy_archive` has been added to allow a pre-built
|
||||
pypy archive to be downloaded and moved into place to support swift
|
||||
running under pypy. This option is a dictionary and contains the URL
|
||||
and SHA256 as keys.
|
@ -0,0 +1,5 @@
|
||||
---
|
||||
fixes:
|
||||
- The XFS filesystem is excluded from the daily mlocate crond job
|
||||
in order to conserve disk IO for large IOPS bursts due to
|
||||
updatedb/mlocate file indexing.
|
@ -0,0 +1,12 @@
|
||||
---
|
||||
features:
|
||||
- Enable rsync module per object server drive by setting
|
||||
the ``swift_rsync_module_per_drive`` setting to ``True``.
|
||||
Set this to configure rsync and swift to utilise individual
|
||||
configuration per drive. This is required when disabling
|
||||
rsyncs to individual disks. For example, in a disk full
|
||||
scenario.
|
||||
upgrade:
|
||||
- The ``swift_max_rsync_connections`` default value has
|
||||
changed from 2 to 4 in order to match the OpenStack swift
|
||||
documented value.
|
@ -0,0 +1,9 @@
|
||||
---
|
||||
features:
|
||||
- The ``os_swift`` role will now include the swift "staticweb" middleware
|
||||
by default.
|
||||
upgrade:
|
||||
- When upgrading a Swift deployment from Mitaka to Newton it should be noted
|
||||
that the enabled middleware list has changed. In Newton the "staticweb"
|
||||
middleware will be loaded by default. While the change adds a feature it is
|
||||
non-disruptive in upgrades.
|
@ -0,0 +1,8 @@
|
||||
---
|
||||
fixes:
|
||||
- The ``/var/lib/libvirt/qemu/save`` directory is now a
|
||||
symlink to ``{{ nova_system_home_folder }}/save`` to
|
||||
resolve an issue where the default location used by the
|
||||
libvirt managed save command can result with the root
|
||||
partitions on compute nodes becoming full when
|
||||
``nova image-create`` is run on large instances.
|
6
releasenotes/notes/ubuntu_ppc64le-581e5fcd5950186e.yaml
Normal file
6
releasenotes/notes/ubuntu_ppc64le-581e5fcd5950186e.yaml
Normal file
@ -0,0 +1,6 @@
|
||||
---
|
||||
features:
|
||||
- Support had been added to allow the functional tests to pass when
|
||||
deploying on ppc64le architecture using the Ubuntu distributions.
|
||||
|
||||
|
@ -0,0 +1,20 @@
|
||||
---
|
||||
upgrade:
|
||||
- |
|
||||
All variables in the security role are now prepended with ``security_`` to
|
||||
avoid collisions with variables in other roles. All deployers who have
|
||||
used the security role in previous releases will need to prepend all
|
||||
security role variables with ``security_``.
|
||||
|
||||
For example, a deployer could have disabled direct root ssh logins with the
|
||||
following variable:
|
||||
|
||||
.. code-block:: yaml
|
||||
|
||||
ssh_permit_root_login: yes
|
||||
|
||||
That variable would become:
|
||||
|
||||
.. code-block:: yaml
|
||||
|
||||
security_ssh_permit_root_login: yes
|
@ -4,7 +4,7 @@ upgrade:
|
||||
names. Deployers should change any customisations to this variable to
|
||||
ensure that the customisation makes use of the short names instead of
|
||||
the full class path.
|
||||
- Database migration tasks have been added for the LBaaS neutron plugins.
|
||||
- Database migration tasks have been added for the LBaaS neutron plugin.
|
||||
deprecations:
|
||||
- The old class path names used within the ``neutron_plugin_base``
|
||||
have been deprecated in favor of the friendly names. Support for the use
|
||||
|
@ -8,5 +8,5 @@ virtualenv>=14.0.0 # Used for Ansible isolation
|
||||
### These pins are updated through the sources-branch-updater script ###
|
||||
###
|
||||
pip==8.1.2
|
||||
setuptools==21.1.0
|
||||
setuptools==22.0.0
|
||||
wheel==0.29.0
|
||||
|
@ -21,7 +21,7 @@ MAX_RETRIES=${MAX_RETRIES:-5}
|
||||
REPORT_DATA=${REPORT_DATA:-""}
|
||||
ANSIBLE_PARAMETERS=${ANSIBLE_PARAMETERS:-""}
|
||||
STARTTIME="${STARTTIME:-$(date +%s)}"
|
||||
PIP_INSTALL_OPTIONS=${PIP_INSTALL_OPTIONS:-'pip==8.1.2 setuptools==21.1.0 wheel==0.29.0 '}
|
||||
PIP_INSTALL_OPTIONS=${PIP_INSTALL_OPTIONS:-'pip==8.1.2 setuptools==22.0.0 wheel==0.29.0 '}
|
||||
|
||||
# The default SSHD configuration has MaxSessions = 10. If a deployer changes
|
||||
# their SSHD config, then the ANSIBLE_FORKS may be set to a higher number. We
|
||||
|
Loading…
Reference in New Issue
Block a user