[openstack-announce] [new][openstackansible] openstack-ansible-os_keystone 14.0.0 release (newton)
no-reply at openstack.org
no-reply at openstack.org
Thu Oct 20 18:27:27 UTC 2016
We are jubilant to announce the release of:
openstack-ansible-os_keystone 14.0.0: os_keystone for OpenStack
Ansible
This release is part of the newton release series.
Download the package from:
https://tarballs.openstack.org/openstack-ansible-os_keystone/
For more details, please see below.
14.0.0
^^^^^^
New Features
************
* Added keystone_apache_custom_log_format tunable for changing
CustomLog format. Default is "combined".
* Apache MPM tunable support has been added to the os-keystone role
in order to allow MPM thread tuning. Default values reflect the
current Ubuntu default settings:
keystone_httpd_mpm_backend: event
keystone_httpd_mpm_start_servers: 2
keystone_httpd_mpm_min_spare_threads: 25
keystone_httpd_mpm_max_spare_threads: 75
keystone_httpd_mpm_thread_limit: 64
keystone_httpd_mpm_thread_child: 25
keystone_httpd_mpm_max_requests: 150
keystone_httpd_mpm_max_conn_child: 0
* Introduced option to deploy Keystone under Uwsgi. A new variable
"keystone_mod_wsgi_enabled" is introduced to toggle this behavior.
The default is "true" which continues to deploy with mod_wsgi for
Apache. The ports used by Uwsgi for socket and http connection for
both public and admin Keystone services are configurable (see also
the "keystone_uwsgi_ports" dictionary variable). Other Uwsgi
configuration can be overridden by using the
"keystone_uwsgi_ini_overrides" variable as documented under
"Overriding OpenStack configuration defaults" in the OpenStack-
Ansible Install Guide. Federation features should be considered
_experimental_ with this configuration at this time.
* Introduced option to deploy Keystone behind Nginx. A new variable
"keystone_apache_enabled" is introduced to toggle this behavior. The
default is "true" which continues to deploy with Apache. Additional
configuration can be delivered to Nginx through the use of the
"keystone_nginx_extra_conf" list variable. Federation features are
not supported with this configuration at this time. Use of this
option requires "keystone_mod_wsgi_enabled" to be set to "false"
which will deploy Keystone under Uwsgi.
* CentOS7/RHEL support has been added to the os_keystone role.
* The os_keystone role now supports the ability to configure whether
apt/yum tasks install the latest available package, or just ensure
that the package is present. The default action is to ensure that
the latest package is present. The action taken may be changed to
only ensure that the package is present by setting
"keystone_package_state" to "present".
Upgrade Notes
*************
* Installation of keystone and its dependent pip packages will now
only occur within a Python virtual environment. The
"keystone_venv_enabled" variable has been removed.
* The variable "keystone_apt_packages" has been renamed to
"keystone_distro_packages".
* The variable "keystone_idp_apt_packages" has been renamed to
"keystone_idp_distro_packages".
* The variable "keystone_sp_apt_packages" has been renamed to
"keystone_sp_distro_packages".
* The variable "keystone_developer_apt_packages" has been renamed to
"keystone_developer_mode_distro_packages".
* The os_keystone role always checks whether the latest package is
installed when executed. If a deployer wishes to change the check to
only validate the presence of the package, the option
"keystone_package_state" should be set to "present".
Security Issues
***************
* The admin_token_auth middleware presents a potential security risk
and will be removed in a future release of keystone. Its use can be
removed by setting the "keystone_keystone_paste_ini_overrides"
variable.
keystone_keystone_paste_ini_overrides:
pipeline:public_api:
pipeline: cors sizelimit osprofiler url_normalize request_id build_auth_context token_auth json_body ec2_extension public_service
pipeline:admin_api:
pipeline: cors sizelimit osprofiler url_normalize request_id build_auth_context token_auth json_body ec2_extension s3_extension admin_service
pipeline:api_v3:
pipeline: cors sizelimit osprofiler url_normalize request_id build_auth_context token_auth json_body ec2_extension_v3 s3_extension service_v3
Changes in openstack-ansible-os_keystone 13.0.0..14.0.0
-------------------------------------------------------
ceabcef Remove 'ignore_errors: true' in favor of 'failed_when: false'
c71a7bc Fix bare variable in handler
34bc598 Update tox.ini tests target for stable/newton
449e3a1 Update UPPER_CONSTRAINTS_FILE for stable/newton
a2adb12 Update .gitreview for stable/newton
4d77b28 Update default git branch to stable/newton
40ea292 Update ansible-role-requirements to stable/newton
fa5b5f9 Use centralised test scripts
0bbacf6 Revert dynamic includes for inventory-based conditionals
7872b49 Force Ansible to use dynamic includes
e21be41 Update home page link in cfg file
8d836da Remove testing vars present in test repo
a74af47 Address ansible_ssh_* var deprecation
3614448 Update testing bits for consistency
01e1299 Remove unrequired messaging setup task file
1bfcd10 Add role linking to tox tests
05892b5 Ansible 2.1.1 role testing
9411414 Fix depreciation "Using bare variables"
0750972 Compress test execution logs
2fd095b Update paste, policy and rootwrap configurations 2016-09-08
f0ed20d Re-activate service catalog caching
fbd9535 Add credential_setup for keystone
a0d71d6 Add tempest to keystone role tests
42cef50 Fix nginx SCRIPT_NAME uwsgi_param
d0e5097 Use the central test repository for Keystone
38dbd42 Fix apache + uwsgi for keystone
15733bb Fix nginx to work with RedHat/CentOS
b6f914a Shorten tox target names
3b47fc7 Allow Uwsgi configuration overrides
52b1a71 Configure Apache to proxy for Uwsgi
db7248b Isolate mod_wsgi from Apache install
30bd479 Correct developer mode package var name
2b8aa07 Rename package lists (and related vars) appropriately
4edb378 Install and configure Nginx
0de819e Implement CentOS 7 support in os_keystone
61759e7 Work around Ansible vcpu fact bug on ppc64le
7e5548e Add a test Scenario for uwsgi & nginx
9082c79 Install and configure uWSGI
b1c2f9c Isolate Apache components
39faeb0 Make all linting tests use upper-constraints
9fd8ff0 Adding Vagrantfile for local testing/dev
3122ff6 Add SNI support via OS packages for os_keystone
50730da Add apt-get update to run_tests
b9e799b Force a restart of all the apache nodes during upgrade
e047979 Updated from global requirements
8d046aa Update the keystone WSGI application locations
53e3df2 Add python packages for SNI support in tests
c0fa231 [DOCS] Move keystone federation role docs
2cb8866 Move other-requirements.txt to bindep.txt
0a51854 Include ansible commands for ansible linting
866c153 Disable stderr logging
5637fec Add project group to role
9bd40cc Add ability to change apt/yum package state
2d8fa3d Fix bug in RPC config that broke Rabbit SSL support
418ebd6 Ensure that doc linting is included in the linters test
61848d3 Provide default for rabbitmq telemetry password
7bb3cd0 Allow configuration of multiple rabbit clusters
aced6b5 Remove openstack_hosts from test requirements
0425d1c Optimise pip install tasks
986d1d8 Use keystone_system_user_name in fernet rotation cron entry.
22afe01 Use plugins repo version of the human_log callback plugin
98b19d8 Updated from global requirements
4d983d8 Remove duplicates from .gitignore
ca10c41 Implement doc8 checks for docs
ad7919e Update sphinx configuration
d208029 Ansible 2.x - Address deprecation warning of bare variables
86a545d Update the virtualenv paths only when we have a new venv
b786654 Update tox configuration
44d053c Only install to virtual environment
6c8a9b9 Update paste, policy and rootwrap configurations 2016-07-01
325db1a Clean up container cache prep in tests
d8802f3 Pin test-requirements to match OpenStack requirements
1396dda Update paste, policy and rootwrap configurations 2016-06-17
d27d055 Add note on admin_token_auth deprecation
85a9202 Minimum example playbook could let suppose db creation
c82a089 Add support for CustomLog format modification
f244e1c Remove pip_lock_down dependency
bbc645c Consistency for multi-os in the includes
b6fbd99 Skip unavailable hosts when distributing keys
cdb5259 Grammar: requires -> required
8797fc7 Cleanup/standardize usage of tags
ebdcb34 Implement 16.04 support in Keystone
06d7fb5 Use ansible-lint 2.7.0
4f9caaa Verbose option has been deprecated from oslo.log
994bb0f Fix keystone tests
7704d94 Add support to tune the keystone apache MPM settings
57e3390 Add .swp files to .gitignore
b3cca27 Change pip install task state to 'latest'
78e6744 Remove py_from_git role
cc29aa4 Add dependencies for paramiko 2.0
20db79e Update paste, policy and rootwrap configurations 2016-04-22
3695699 Remove Liberty releasenote index
1635737 Change pip install task state to 'latest'
eb3ce0f Fail fast when required secrets are not present
dfd80ea Fix server/hostname for RFC 1034/1035
59ffe5e blacklist Ansible 1.9.6
36486b1 Remove venv activation code
7e14932 Use ansible facts for distributing SSL certs/keys
7b1543d Update min_ansible_version to 1.9
df164fb Add reno scaffolding for release notes management
0a6737c Switch defaults/tests to use master branch
42998df removed duplicate key
Diffstat (except docs and test files)
-------------------------------------
.gitignore | 9 +
.gitreview | 1 +
README.rst | 68 +----
Vagrantfile | 12 +
bindep.txt | 41 +++
defaults/main.yml | 99 ++++++--
examples/playbook.yml | 48 ++++
handlers/main.yml | 32 ++-
manual-test.rc | 33 +++
meta/main.yml | 13 +-
other-requirements.txt | 16 --
releasenotes/notes/.placeholder | 0
...in-token-auth-deprecation-24e84a18f8a56814.yaml | 17 ++
...apache-log-format-support-7232177f835222ee.yaml | 4 +
...pache-mpm-tunable-support-1c72f2f99cd502bc.yaml | 17 ++
...eystone-only-install-venv-b766568ee8d40354.yaml | 5 +
...e-uwsgi-and-nginx-options-2157f8e40a7a8156.yaml | 22 ++
..._keystone-centos7-support-0a5d97f81ac42e44.yaml | 4 +
...package-list-name-changes-007cacee4faf8ee6.yaml | 10 +
.../notes/package-state-711a1eb4814311cc.yaml | 13 +
releasenotes/source/_static/.placeholder | 0
releasenotes/source/_templates/.placeholder | 0
releasenotes/source/conf.py | 281 +++++++++++++++++++++
releasenotes/source/index.rst | 9 +
releasenotes/source/mitaka.rst | 6 +
releasenotes/source/unreleased.rst | 5 +
setup.cfg | 2 +-
setup.py | 11 +-
tasks/keystone_apache.yml | 104 +++++---
tasks/keystone_credential.yml | 22 ++
tasks/keystone_credential_autorotate.yml | 47 ++++
tasks/keystone_credential_create.yml | 46 ++++
tasks/keystone_credential_distribute.yml | 25 ++
tasks/keystone_db_setup.yml | 5 -
tasks/keystone_federation_sp_idp_setup.yml | 38 +--
tasks/keystone_federation_sp_setup.yml | 21 +-
tasks/keystone_fernet.yml | 6 +-
tasks/keystone_fernet_keys_autorotate.yml | 10 +-
tasks/keystone_fernet_keys_create.yml | 9 -
tasks/keystone_fernet_keys_distribute.yml | 6 +-
tasks/keystone_idp_metadata.yml | 8 +-
tasks/keystone_idp_self_signed_create.yml | 6 +-
tasks/keystone_idp_self_signed_distribute.yml | 5 +-
tasks/keystone_idp_self_signed_store.yml | 2 -
tasks/keystone_idp_setup.yml | 13 +-
tasks/keystone_idp_sp_setup.yml | 4 +-
tasks/keystone_init_common.yml | 27 ++
tasks/keystone_init_systemd.yml | 48 ++++
tasks/keystone_init_upstart.yml | 31 +++
tasks/keystone_install.yml | 134 +++-------
tasks/keystone_install_apt.yml | 86 +++++--
tasks/keystone_install_yum.yml | 154 +++++++++++
tasks/keystone_key_distribute.yml | 6 +-
tasks/keystone_key_populate.yml | 6 -
tasks/keystone_key_setup.yml | 6 -
tasks/keystone_ldap_setup.yml | 16 +-
tasks/keystone_messaging_setup.yml | 37 ---
tasks/keystone_nginx.yml | 51 ++++
tasks/keystone_post_install.yml | 40 +--
tasks/keystone_pre_install.yml | 32 +--
tasks/keystone_service_setup.yml | 41 +--
tasks/keystone_ssl.yml | 11 +-
tasks/keystone_ssl_key_create.yml | 20 +-
tasks/keystone_ssl_key_distribute.yml | 42 +--
tasks/keystone_ssl_key_store.yml | 32 +--
tasks/keystone_ssl_self_signed.yml | 9 +-
tasks/keystone_ssl_user_provided.yml | 18 +-
tasks/keystone_token_cleanup.yml | 2 -
tasks/keystone_uwsgi.yml | 58 +++++
tasks/main.yml | 116 ++++++++-
templates/keystone-credential-rotate.sh.j2 | 67 +++++
templates/keystone-fernet-rotate.sh.j2 | 2 +-
templates/keystone-httpd-mpm.conf.j2 | 9 +
templates/keystone-httpd.conf.j2 | 38 ++-
templates/keystone-paste.ini.j2 | 16 +-
templates/keystone-systemd-tempfiles.j2 | 4 +
templates/keystone-uwsgi.ini.j2 | 20 ++
templates/keystone-uwsgi_systemd-init.j2 | 25 ++
templates/keystone-uwsgi_upstart.conf.j2 | 44 ++++
templates/keystone-wsgi.py.j2 | 48 ----
templates/keystone.conf.j2 | 40 ++-
templates/keystone_nginx.conf.j2 | 34 +++
templates/policy.json.j2 | 8 +-
test-requirements.txt | 19 +-
tox.ini | 197 ++++++++++-----
vars/redhat-7.yml | 77 ++++++
vars/ubuntu-14.04.yml | 45 +++-
vars/ubuntu-16.04.yml | 70 +++++
110 files changed, 3044 insertions(+), 1156 deletions(-)
Requirements updates
--------------------
diff --git a/test-requirements.txt b/test-requirements.txt
index 3422d65..8fdd8d8 100644
--- a/test-requirements.txt
+++ b/test-requirements.txt
@@ -1,4 +1,9 @@
-ansible-lint<=2.3.9
-ansible>=1.9.1,<2.0.0
-bashate
-flake8
+# The order of packages is significant, because pip processes them in the order
+# of appearance. Changing the order has an impact on the overall integration
+# process, which may cause wedges in the gate later.
+bashate>=0.2 # Apache-2.0
+flake8<2.6.0,>=2.5.4 # MIT
+pyasn1 # BSD
+pyOpenSSL>=0.14 # Apache-2.0
+requests>=2.10.0 # Apache-2.0
+ndg-httpsclient>=0.4.2;python_version<'3.0' # BSD
@@ -7,2 +12,4 @@ flake8
-sphinx!=1.2.0,!=1.3b1,<1.3,>=1.1.2
-oslosphinx>=2.5.0 # Apache-2.0
+sphinx!=1.3b1,<1.3,>=1.2.1 # BSD
+oslosphinx!=3.4.0,>=2.5.0 # Apache-2.0
+doc8 # Apache-2.0
+reno>=1.8.0 # Apache2
More information about the OpenStack-announce
mailing list