[release-announce] [openstackansible] openstack-ansible 16.0.5 (pike)
no-reply at openstack.org
no-reply at openstack.org
Fri Dec 8 22:17:37 UTC 2017
We are excited to announce the release of:
openstack-ansible 16.0.5: Ansible playbooks for deploying OpenStack
This release is part of the pike release series.
The source is available from:
https://git.openstack.org/cgit/openstack/openstack-ansible
Download the package from:
https://tarballs.openstack.org/openstack-ansible/
For more details, please see below.
16.0.5
^^^^^^
New Features
************
* FWaaS V2 has been added to neutron. To enable this service simply
add "firewall_v2" to the "neutron_plugin_base" list.
* The maximum amount of time to wait until forcibly failing the LXC
cache preparation process is now configurable using the
"lxc_cache_prep_timeout" variable. The value is specified in
seconds, with the default being 10 minutes.
* A new LXC container template has been added which will allow us to
better manage containers on the host machines we support. The new
template uses the *machinectl* command to create container rootfs
using the existing cache. This in-turn will provide easier
management of container images, faster build times, and the ability
to instantly clone a container (or a given variant) without
impacting a containers state. This new lxc container create
template, and the features it provides, will only impact new
containers created allowing deployers to safely adopt this change in
any existing environment.
* The tag options when creating an LXC container have been
simplified. The two tags now supported by the *lxc_container_create*
role are **lxc-{create,config}**.
* The "security_sshd_permit_root_login" setting can now be set to
change the "PermitRootLogin" setting in "/etc/ssh/sshd_config" to
any of the possible options. Set "security_sshd_permit_root_login"
to one of "without-password", "prohibit-password", "forced-commands-
only", "yes" or "no".
* Searching for world-writable files is now disabled by default. The
search causes delays in playbook runs and it can consume a
significant amount of CPU and I/O resources. Deployers can re-enable
the search by setting "security_find_world_writable_dirs" to "yes".
Upgrade Notes
*************
* The glance registry service for the v2 API is now disabled by
default as it is not required and is scheduled to be removed in the
future. The service can be enabled by setting
"glance_enable_v2_registry" to "True". As the glance v1 API is still
enabled by default, and it requires the registry service, the
glance-registry service will still remain running and operational as
before. If the variable "glance_enable_v1_api" is set to "False"
then both the v1 API and the registry service will be disabled and
removed.
* The LXC container create option *lxc_container_backing_store* is
now defined by default and has a value of "dir". Prior to this
release the backend store option was using several auto-detection
methods to try and guess the store type based on facts fed into the
role and derived from the physical host. While the auto-detection
methods worked, they created a cumbersome set of conditionals and
limited our ability to leverage additional container stores. Having
this option be a default allows deployers to mix and match container
stores to suit the needs of the deployment. Existing deployments
should set this option within group or user variables to ensure
there's no change in the backend store when new container be
provisioned.
Deprecation Notes
*****************
* The "glance_enable_v1_registry" variable has been removed. When
using the glance v1 API the registry service is required, so having
a variable to disable it makes little sense. The service is now
enabled/disabled for the v1 API using the "glance_enable_v1_api"
variable.
Bug Fixes
*********
* When the "glance_enable_v2_registry" variable is set to "True" the
corresponding "data_api" setting is now correctly set. Previously it
was not set and therefore the API service was not correctly informed
that the registry was operating.
Other Notes
***********
* The LXC container create role will now check for the LXC volume
group if the option *lxc_container_backing_store* is set to "lvm".
If this volume group is not found, the role will halt and instruct
the deployer to update their configuration options and inspect their
host setup.
Changes in openstack-ansible 16.0.4..16.0.5
-------------------------------------------
fa2ddbb Do not source openstack-ansible.rc when pulling roles
6836c7f Bump roles SHA
dcf6443 Use 'PermitRootLogin 'without-password''
5fb6357 Update all SHAs for 16.0.5
f3a5d6e scripts: scripts-library.sh: Use pgrep -f to find the dstat process
527cbf7 Use tests repo for all lint tests
e113e19 Do not force using the remote "origin" when testing upgrades
6e917e4 Do not implement reload for novnc/spice service
Diffstat (except docs and test files)
-------------------------------------
ansible-role-requirements.yml | 46 ++++----
group_vars/all/all.yml | 2 +-
group_vars/hosts.yml | 2 +-
playbooks/defaults/repo_packages/gnocchi.yml | 2 +-
.../defaults/repo_packages/openstack_services.yml | 66 ++++++------
playbooks/os-nova-install.yml | 23 ++--
.../notes/fwaasv2-added-ab9ba18c8b98a83e.yaml | 4 +
.../notes/glance-v2-api-only-0d4a61b0d4dade18.yaml | 23 ++++
.../lxc-cache-prep-timeout-97dc18882f7b1e76.yaml | 7 ++
.../lxc-machinectl-template-9e65779a94cb767f.yaml | 11 ++
...c_container_backing_store-e0a77c48da3a57b2.yaml | 21 ++++
.../permitrootlogin_options-a62e33ccc4a69657.yaml | 8 ++
...able-file-search-optional-7420269230a0e22f.yaml | 7 ++
scripts/bootstrap-ansible.sh | 2 +-
scripts/gate-check-commit.sh | 2 +-
scripts/scripts-library.sh | 2 +-
tox.ini | 110 ++++++++-----------
18 files changed, 317 insertions(+), 138 deletions(-)
More information about the Release-announce
mailing list