[release-announce] [magnum] magnum 3.2.0 (newton)

no-reply at openstack.org no-reply at openstack.org
Wed May 3 08:48:34 UTC 2017 

We joyfully announce the release of:

magnum 3.2.0: Container Management project for OpenStack

This release is part of the newton stable release series.

The source is available from:

    ** http://git.openstack.org/cgit/openstack/magnum

Download the package from:

    https://tarballs.openstack.org/magnum/

Please report issues through launchpad:

    ** http://bugs.launchpad.net/magnum

For more details, please see below.

3.2.0
^^^^^


New Features
************

* Add Support of LBaaS v2, LBaaS v1 is removed by neutron community
  in Newton release. Until now, LBaaS v1 was used by all clusters
  created using magnum. This release adds support of LBaaS v2 for all
  supported drivers.


Upgrade Notes
*************

* To let clusters communicate directly with OpenStack service other
  than Magnum, in the *trust* section of magnum.conf, set
  *cluster_user_trust* to True. The default value is False.


Security Issues
***************

* Every magnum cluster is assigned a trustee user and a trustID.
  This user is used to allow clusters communicate with the key-manager
  service (Barbican) and get the certificate authority of the cluster.
  This trust user can be used by other services too. It can be used to
  let the cluster authenticate with other OpenStack services like the
  Block Storage service, Object Storage service, Load Balancing etc.
  The cluster with this user and the trustID has full access to the
  trustor's OpenStack project. A new configuration parameter has been
  added to restrict the access to other services than Magnum.


Bug Fixes
*********

* Fixes CVE-2016-7404 for newly created clusters. Existing clusters
  will have to be re-created to benefit from this fix. Part of this
  fix is the newly introduced setting *cluster_user_trust* in the
  *trust* section of magnum.conf. This setting defaults to False.
  *cluster_user_trust* dictates whether to allow passing a trust ID
  into a cluster's instances. For most clusters this capability is not
  needed. Clusters with *registry_enabled=True* or
  *volume_driver=rexray* will need this capability. Other features
  that require this capability may be introduced in the future. To be
  able to create such clusters you will need to set
  *cluster_user_trust* to True.

Changes in magnum 3.1.1..3.2.0
------------------------------

07f94c0 Install client in install guide instructions
83dd988 Updated from global requirements
96797bf Add reno for cluster_user_trust option
324c8bc Updated from global requirements
2d4e617 Fix CVE-2016-7404
fb67f87 Fix mesos gate
d8ca5ac Fix: InvalidParameterValue Exception not raised correctly
1abcdc9 Fix typo: clustser-->cluster in python_client_base.py
73212db Make cinder volume optional
24994d1 [install] Fix endpoint creation
5b456cd [install] Fix 'host' config param in [api] section
ada6f27 k8s_ironic: fix minion template
d8dadde Reduce security groups # for k8s coreos cluster
c192eff [instll] Update a more simple rabbitmq configuration
93bd547 Fix: k8s cluster creation with lb enabled/fip disabled
7508908 [coreos] Fix: k8s cluster creation with loadbalancer enabled
7521a94 Add missing reno: bp-magnum-lbaasv2-support
3f86cc4 Fix failure of systemd service kube-ui


Diffstat (except docs and test files)
-------------------------------------

devstack/lib/magnum                                |  1 +
etc/magnum/policy.json                             | 54 ++++++------
.../source/common/configure_2_edit_magnum_conf.rst | 19 +++--
install-guide/source/common/prerequisites.rst      | 15 ++--
install-guide/source/install-obs.rst               |  2 +-
install-guide/source/install-rdo.rst               |  2 +-
install-guide/source/install-ubuntu.rst            |  2 +-
magnum/api/validation.py                           |  2 +-
magnum/common/keystone.py                          | 12 +++
magnum/common/policy.py                            | 12 +++
magnum/conductor/handlers/common/trust_manager.py  | 13 ++-
magnum/db/sqlalchemy/api.py                        | 17 +++-
magnum/drivers/common/k8s_fedora_template_def.py   | 20 +++--
magnum/drivers/common/template_def.py              | 16 +++-
.../environments/disable_floating_ip.yaml          |  2 +-
.../common/templates/environments/no_volume.yaml   |  4 +
.../common/templates/environments/with_volume.yaml |  4 +
.../fragments/configure-docker-storage.sh          | 46 ++++++-----
.../configure_docker_storage_driver_atomic.sh      | 16 ++--
.../fragments/kube-system-namespace-service.sh     |  7 +-
.../kubernetes/fragments/kube-ui-service.sh        | 20 ++++-
.../kubernetes/fragments/make-cert-client.sh       |  5 --
.../templates/kubernetes/fragments/make-cert.sh    |  5 --
.../fragments/write-heat-params-master.yaml        |  3 +-
.../kubernetes/fragments/write-heat-params.yaml    |  3 +-
.../templates/fragments/make-cert-client.yaml      |  5 --
.../templates/fragments/make-cert.yaml             |  5 --
.../fragments/write-heat-params-master.yaml        |  2 +-
.../templates/fragments/write-heat-params.yaml     |  2 +-
.../k8s_coreos_v1/templates/kubecluster.yaml       | 40 +++++++++
.../k8s_coreos_v1/templates/kubemaster.yaml        | 44 ++--------
.../k8s_coreos_v1/templates/kubeminion.yaml        | 20 ++---
.../templates/kubecluster.yaml                     |  2 +-
.../k8s_fedora_atomic_v1/templates/kubemaster.yaml |  5 +-
.../k8s_fedora_atomic_v1/templates/kubeminion.yaml |  5 +-
.../templates/kubecluster.yaml                     |  4 +-
.../k8s_fedora_ironic_v1/templates/kubemaster.yaml |  7 ++
.../k8s_fedora_ironic_v1/templates/kubeminion.yaml |  9 +-
.../templates/fragments/write-heat-params.yaml     |  2 +-
.../drivers/swarm_fedora_atomic_v1/template_def.py | 13 ++-
.../swarm_fedora_atomic_v1/templates/cluster.yaml  |  2 +-
.../templates/fragments/make-cert.py               |  6 --
.../fragments/write-heat-params-master.yaml        |  3 +-
.../fragments/write-heat-params-node.yaml          |  3 +-
.../templates/swarmmaster.yaml                     |  5 +-
.../templates/swarmnode.yaml                       |  5 +-
.../api/controllers/v1/test_cluster_template.py    |  1 -
.../handlers/common/test_trust_manager.py          |  3 +-
.../conductor/handlers/test_cluster_conductor.py   |  5 ++
.../handlers/test_k8s_cluster_conductor.py         | 96 ++++++++++++++++++----
.../handlers/test_mesos_cluster_conductor.py       |  9 +-
.../handlers/test_swarm_cluster_conductor.py       | 23 ++++--
.../notes/CVE-2016-7404-f53e62a4a40e4d30.yaml      | 29 +++++++
...bp-magnum-lbaasv2-support-3e7023c23b7c864e.yaml |  7 ++
requirements.txt                                   |  2 +-
64 files changed, 539 insertions(+), 286 deletions(-)


Requirements updates
--------------------

diff --git a/requirements.txt b/requirements.txt
index e31a5a2..3013f05 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -52 +52 @@ requests>=2.10.0 # Apache-2.0
-setuptools!=24.0.0,>=16.0 # PSF/ZPL
+setuptools!=24.0.0,!=34.0.0,!=34.0.1,!=34.0.2,!=34.0.3,!=34.1.0,!=34.1.1,!=34.2.0,!=34.3.0,!=34.3.1,>=16.0 # PSF/ZPL

More information about the Release-announce mailing list