[release-announce] [magnum] magnum 4.1.1 (ocata)
no-reply at openstack.org
no-reply at openstack.org
Mon May 1 15:01:33 UTC 2017
We are tickled pink to announce the release of:
magnum 4.1.1: Container Management project for OpenStack
This release is part of the ocata stable release series.
The source is available from:
** http://git.openstack.org/cgit/openstack/magnum
Download the package from:
https://tarballs.openstack.org/magnum/
Please report issues through launchpad:
** http://bugs.launchpad.net/magnum
For more details, please see below.
4.1.1
^^^^^
Upgrade Notes
*************
* To let clusters communicate directly with OpenStack service other
than Magnum, in the *trust* section of magnum.conf, set
*cluster_user_trust* to True. The default value is False.
Security Issues
***************
* Every magnum cluster is assigned a trustee user and a trustID.
This user is used to allow clusters communicate with the key-manager
service (Barbican) and get the certificate authority of the cluster.
This trust user can be used by other services too. It can be used to
let the cluster authenticate with other OpenStack services like the
Block Storage service, Object Storage service, Load Balancing etc.
The cluster with this user and the trustID has full access to the
trustor's OpenStack project. A new configuration parameter has been
added to restrict the access to other services than Magnum.
Bug Fixes
*********
* Fixes CVE-2016-7404 for newly created clusters. Existing clusters
will have to be re-created to benefit from this fix. Part of this
fix is the newly introduced setting *cluster_user_trust* in the
*trust* section of magnum.conf. This setting defaults to False.
*cluster_user_trust* dictates whether to allow passing a trust ID
into a cluster's instances. For most clusters this capability is not
needed. Clusters with *registry_enabled=True* or
*volume_driver=rexray* will need this capability. Other features
that require this capability may be introduced in the future. To be
able to create such clusters you will need to set
*cluster_user_trust* to True.
Changes in magnum 4.1.0..4.1.1
------------------------------
7be95f2 Update Fedora images
9b93f3a Install client in install guide instructions
aaa94e1 Add reno for cluster_user_trust option
9f6296e Pass 'context' to create_client_files method
1ff12b0 Pin images for ocata
1e07c37 Missing root-ca-file parameter for proper service account support
0748029 Fix mesos gate
0c7625f Fix CVE-2016-7404
6c9ef67 Update UPPER_CONSTRAINTS_FILE for stable/ocata
8fd822a Update .gitreview for stable/ocata
Diffstat (except docs and test files)
-------------------------------------
.gitreview | 1 +
devstack/lib/magnum | 1 +
devstack/plugin.sh | 2 +-
etc/magnum/policy.json | 54 +++++++++++-----------
install-guide/source/install-obs.rst | 2 +-
install-guide/source/install-rdo.rst | 2 +-
install-guide/source/install-ubuntu.rst | 2 +-
install-guide/source/launch-instance.rst | 14 +++---
magnum/common/docker_utils.py | 2 +-
magnum/common/keystone.py | 1 +
magnum/common/policy.py | 12 +++++
magnum/conductor/handlers/common/trust_manager.py | 13 ++++--
magnum/conf/trust.py | 11 +++++
magnum/db/sqlalchemy/api.py | 17 ++++++-
.../fragments/configure-kubernetes-master.sh | 2 +-
.../kubernetes/fragments/make-cert-client.sh | 5 --
.../templates/kubernetes/fragments/make-cert.sh | 5 --
.../fragments/write-heat-params-master.yaml | 2 +-
.../kubernetes/fragments/write-heat-params.yaml | 2 +-
.../common/templates/swarm/fragments/make-cert.py | 6 ---
.../swarm/fragments/write-heat-params-master.yaml | 2 +-
.../swarm/fragments/write-heat-params-node.yaml | 2 +-
.../swarm/fragments/write-swarm-agent-service.sh | 2 +-
.../swarm/fragments/write-swarm-master-service.sh | 2 +-
magnum/drivers/heat/template_def.py | 16 ++++++-
.../templates/fragments/make-cert-client.yaml | 5 --
.../templates/fragments/make-cert.yaml | 5 --
.../fragments/write-heat-params-master.yaml | 2 +-
.../templates/fragments/write-heat-params.yaml | 2 +-
.../templates/kubecluster.yaml | 2 +-
.../image/kubernetes/Readme.md | 10 ++--
.../image/kubernetes/package-installs.yaml | 3 +-
.../templates/kubecluster.yaml | 2 +-
.../templates/fragments/write-heat-params.yaml | 2 +-
.../handlers/common/test_trust_manager.py | 3 +-
.../conductor/handlers/test_cluster_conductor.py | 5 ++
.../handlers/test_k8s_cluster_conductor.py | 14 ++++--
.../handlers/test_mesos_cluster_conductor.py | 9 ++--
.../handlers/test_swarm_cluster_conductor.py | 8 +++-
.../notes/CVE-2016-7404-f53e62a4a40e4d30.yaml | 29 ++++++++++++
tox.ini | 2 +-
47 files changed, 244 insertions(+), 117 deletions(-)
More information about the Release-announce
mailing list