[release-announce] [magnum] magnum 3.2.0 (newton)
no-reply at openstack.org
no-reply at openstack.org
Wed May 3 08:48:34 UTC 2017
We joyfully announce the release of:
magnum 3.2.0: Container Management project for OpenStack
This release is part of the newton stable release series.
The source is available from:
** http://git.openstack.org/cgit/openstack/magnum
Download the package from:
https://tarballs.openstack.org/magnum/
Please report issues through launchpad:
** http://bugs.launchpad.net/magnum
For more details, please see below.
3.2.0
^^^^^
New Features
************
* Add Support of LBaaS v2, LBaaS v1 is removed by neutron community
in Newton release. Until now, LBaaS v1 was used by all clusters
created using magnum. This release adds support of LBaaS v2 for all
supported drivers.
Upgrade Notes
*************
* To let clusters communicate directly with OpenStack service other
than Magnum, in the *trust* section of magnum.conf, set
*cluster_user_trust* to True. The default value is False.
Security Issues
***************
* Every magnum cluster is assigned a trustee user and a trustID.
This user is used to allow clusters communicate with the key-manager
service (Barbican) and get the certificate authority of the cluster.
This trust user can be used by other services too. It can be used to
let the cluster authenticate with other OpenStack services like the
Block Storage service, Object Storage service, Load Balancing etc.
The cluster with this user and the trustID has full access to the
trustor's OpenStack project. A new configuration parameter has been
added to restrict the access to other services than Magnum.
Bug Fixes
*********
* Fixes CVE-2016-7404 for newly created clusters. Existing clusters
will have to be re-created to benefit from this fix. Part of this
fix is the newly introduced setting *cluster_user_trust* in the
*trust* section of magnum.conf. This setting defaults to False.
*cluster_user_trust* dictates whether to allow passing a trust ID
into a cluster's instances. For most clusters this capability is not
needed. Clusters with *registry_enabled=True* or
*volume_driver=rexray* will need this capability. Other features
that require this capability may be introduced in the future. To be
able to create such clusters you will need to set
*cluster_user_trust* to True.
Changes in magnum 3.1.1..3.2.0
------------------------------
07f94c0 Install client in install guide instructions
83dd988 Updated from global requirements
96797bf Add reno for cluster_user_trust option
324c8bc Updated from global requirements
2d4e617 Fix CVE-2016-7404
fb67f87 Fix mesos gate
d8ca5ac Fix: InvalidParameterValue Exception not raised correctly
1abcdc9 Fix typo: clustser-->cluster in python_client_base.py
73212db Make cinder volume optional
24994d1 [install] Fix endpoint creation
5b456cd [install] Fix 'host' config param in [api] section
ada6f27 k8s_ironic: fix minion template
d8dadde Reduce security groups # for k8s coreos cluster
c192eff [instll] Update a more simple rabbitmq configuration
93bd547 Fix: k8s cluster creation with lb enabled/fip disabled
7508908 [coreos] Fix: k8s cluster creation with loadbalancer enabled
7521a94 Add missing reno: bp-magnum-lbaasv2-support
3f86cc4 Fix failure of systemd service kube-ui
Diffstat (except docs and test files)
-------------------------------------
devstack/lib/magnum | 1 +
etc/magnum/policy.json | 54 ++++++------
.../source/common/configure_2_edit_magnum_conf.rst | 19 +++--
install-guide/source/common/prerequisites.rst | 15 ++--
install-guide/source/install-obs.rst | 2 +-
install-guide/source/install-rdo.rst | 2 +-
install-guide/source/install-ubuntu.rst | 2 +-
magnum/api/validation.py | 2 +-
magnum/common/keystone.py | 12 +++
magnum/common/policy.py | 12 +++
magnum/conductor/handlers/common/trust_manager.py | 13 ++-
magnum/db/sqlalchemy/api.py | 17 +++-
magnum/drivers/common/k8s_fedora_template_def.py | 20 +++--
magnum/drivers/common/template_def.py | 16 +++-
.../environments/disable_floating_ip.yaml | 2 +-
.../common/templates/environments/no_volume.yaml | 4 +
.../common/templates/environments/with_volume.yaml | 4 +
.../fragments/configure-docker-storage.sh | 46 ++++++-----
.../configure_docker_storage_driver_atomic.sh | 16 ++--
.../fragments/kube-system-namespace-service.sh | 7 +-
.../kubernetes/fragments/kube-ui-service.sh | 20 ++++-
.../kubernetes/fragments/make-cert-client.sh | 5 --
.../templates/kubernetes/fragments/make-cert.sh | 5 --
.../fragments/write-heat-params-master.yaml | 3 +-
.../kubernetes/fragments/write-heat-params.yaml | 3 +-
.../templates/fragments/make-cert-client.yaml | 5 --
.../templates/fragments/make-cert.yaml | 5 --
.../fragments/write-heat-params-master.yaml | 2 +-
.../templates/fragments/write-heat-params.yaml | 2 +-
.../k8s_coreos_v1/templates/kubecluster.yaml | 40 +++++++++
.../k8s_coreos_v1/templates/kubemaster.yaml | 44 ++--------
.../k8s_coreos_v1/templates/kubeminion.yaml | 20 ++---
.../templates/kubecluster.yaml | 2 +-
.../k8s_fedora_atomic_v1/templates/kubemaster.yaml | 5 +-
.../k8s_fedora_atomic_v1/templates/kubeminion.yaml | 5 +-
.../templates/kubecluster.yaml | 4 +-
.../k8s_fedora_ironic_v1/templates/kubemaster.yaml | 7 ++
.../k8s_fedora_ironic_v1/templates/kubeminion.yaml | 9 +-
.../templates/fragments/write-heat-params.yaml | 2 +-
.../drivers/swarm_fedora_atomic_v1/template_def.py | 13 ++-
.../swarm_fedora_atomic_v1/templates/cluster.yaml | 2 +-
.../templates/fragments/make-cert.py | 6 --
.../fragments/write-heat-params-master.yaml | 3 +-
.../fragments/write-heat-params-node.yaml | 3 +-
.../templates/swarmmaster.yaml | 5 +-
.../templates/swarmnode.yaml | 5 +-
.../api/controllers/v1/test_cluster_template.py | 1 -
.../handlers/common/test_trust_manager.py | 3 +-
.../conductor/handlers/test_cluster_conductor.py | 5 ++
.../handlers/test_k8s_cluster_conductor.py | 96 ++++++++++++++++++----
.../handlers/test_mesos_cluster_conductor.py | 9 +-
.../handlers/test_swarm_cluster_conductor.py | 23 ++++--
.../notes/CVE-2016-7404-f53e62a4a40e4d30.yaml | 29 +++++++
...bp-magnum-lbaasv2-support-3e7023c23b7c864e.yaml | 7 ++
requirements.txt | 2 +-
64 files changed, 539 insertions(+), 286 deletions(-)
Requirements updates
--------------------
diff --git a/requirements.txt b/requirements.txt
index e31a5a2..3013f05 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -52 +52 @@ requests>=2.10.0 # Apache-2.0
-setuptools!=24.0.0,>=16.0 # PSF/ZPL
+setuptools!=24.0.0,!=34.0.0,!=34.0.1,!=34.0.2,!=34.0.3,!=34.1.0,!=34.1.1,!=34.2.0,!=34.3.0,!=34.3.1,>=16.0 # PSF/ZPL
More information about the Release-announce
mailing list