[release-announce] [openstackansible] openstack-ansible 16.0.5 (pike)

no-reply at openstack.org no-reply at openstack.org
Fri Dec 8 22:17:37 UTC 2017


We are excited to announce the release of:

openstack-ansible 16.0.5: Ansible playbooks for deploying OpenStack

This release is part of the pike release series.

The source is available from:

    https://git.openstack.org/cgit/openstack/openstack-ansible

Download the package from:

    https://tarballs.openstack.org/openstack-ansible/

For more details, please see below.

16.0.5
^^^^^^


New Features
************

* FWaaS V2 has been added to neutron. To enable this service simply
  add "firewall_v2" to the "neutron_plugin_base" list.

* The maximum amount of time to wait until forcibly failing the LXC
  cache preparation process is now configurable using the
  "lxc_cache_prep_timeout" variable. The value is specified in
  seconds, with the default being 10 minutes.

* A new LXC container template has been added which will allow us to
  better manage containers on the host machines we support. The new
  template uses the *machinectl* command to create container rootfs
  using the existing cache. This in-turn will provide easier
  management of container images, faster build times, and the ability
  to instantly clone a container (or a given variant) without
  impacting a containers state. This new lxc container create
  template, and the features it provides, will only impact new
  containers created allowing deployers to safely adopt this change in
  any existing environment.

* The tag options when creating an LXC container have been
  simplified. The two tags now supported by the *lxc_container_create*
  role are **lxc-{create,config}**.

* The "security_sshd_permit_root_login" setting can now be set to
  change the "PermitRootLogin" setting in "/etc/ssh/sshd_config" to
  any of the possible options. Set "security_sshd_permit_root_login"
  to one of "without-password", "prohibit-password", "forced-commands-
  only", "yes" or "no".

* Searching for world-writable files is now disabled by default. The
  search causes delays in playbook runs and it can consume a
  significant amount of CPU and I/O resources. Deployers can re-enable
  the search by setting "security_find_world_writable_dirs" to "yes".


Upgrade Notes
*************

* The glance registry service for the v2 API is now disabled by
  default as it is not required and is scheduled to be removed in the
  future. The service can be enabled by setting
  "glance_enable_v2_registry" to "True". As the glance v1 API is still
  enabled by default, and it requires the registry service, the
  glance-registry service will still remain running and operational as
  before. If the variable "glance_enable_v1_api" is set to "False"
  then both the v1 API and the registry service will be disabled and
  removed.

* The LXC container create option *lxc_container_backing_store* is
  now defined by default and has a value of "dir". Prior to this
  release the backend store option was using several auto-detection
  methods to try and guess the store type based on facts fed into the
  role and derived from the physical host. While the auto-detection
  methods worked, they created a cumbersome set of conditionals and
  limited our ability to leverage additional container stores. Having
  this option be a default allows deployers to mix and match container
  stores to suit the needs of the deployment. Existing deployments
  should set this option within group or user variables to ensure
  there's no change in the backend store when new container be
  provisioned.


Deprecation Notes
*****************

* The "glance_enable_v1_registry" variable has been removed. When
  using the glance v1 API the registry service is required, so having
  a variable to disable it makes little sense. The service is now
  enabled/disabled for the v1 API using the "glance_enable_v1_api"
  variable.


Bug Fixes
*********

* When the "glance_enable_v2_registry" variable is set to "True" the
  corresponding "data_api" setting is now correctly set. Previously it
  was not set and therefore the API service was not correctly informed
  that the registry was operating.


Other Notes
***********

* The LXC container create role will now check for the LXC volume
  group if the option *lxc_container_backing_store* is set to "lvm".
  If this volume group is not found, the role will halt and instruct
  the deployer to update their configuration options and inspect their
  host setup.

Changes in openstack-ansible 16.0.4..16.0.5
-------------------------------------------

fa2ddbb Do not source openstack-ansible.rc when pulling roles
6836c7f Bump roles SHA
dcf6443 Use 'PermitRootLogin 'without-password''
5fb6357 Update all SHAs for 16.0.5
f3a5d6e scripts: scripts-library.sh: Use pgrep -f to find the dstat process
527cbf7 Use tests repo for all lint tests
e113e19 Do not force using the remote "origin" when testing upgrades
6e917e4 Do not implement reload for novnc/spice service


Diffstat (except docs and test files)
-------------------------------------

ansible-role-requirements.yml                      |  46 ++++----
group_vars/all/all.yml                             |   2 +-
group_vars/hosts.yml                               |   2 +-
playbooks/defaults/repo_packages/gnocchi.yml       |   2 +-
.../defaults/repo_packages/openstack_services.yml  |  66 ++++++------
playbooks/os-nova-install.yml                      |  23 ++--
.../notes/fwaasv2-added-ab9ba18c8b98a83e.yaml      |   4 +
.../notes/glance-v2-api-only-0d4a61b0d4dade18.yaml |  23 ++++
.../lxc-cache-prep-timeout-97dc18882f7b1e76.yaml   |   7 ++
.../lxc-machinectl-template-9e65779a94cb767f.yaml  |  11 ++
...c_container_backing_store-e0a77c48da3a57b2.yaml |  21 ++++
.../permitrootlogin_options-a62e33ccc4a69657.yaml  |   8 ++
...able-file-search-optional-7420269230a0e22f.yaml |   7 ++
scripts/bootstrap-ansible.sh                       |   2 +-
scripts/gate-check-commit.sh                       |   2 +-
scripts/scripts-library.sh                         |   2 +-
tox.ini                                            | 110 ++++++++-----------
18 files changed, 317 insertions(+), 138 deletions(-)







More information about the Release-announce mailing list