[release-announce] [openstackansible] openstack-ansible 15.1.10 (ocata)

no-reply at openstack.org no-reply at openstack.org
Thu Oct 26 23:13:34 UTC 2017 

We exuberantly announce the release of:

openstack-ansible 15.1.10: Ansible playbooks for deploying OpenStack

This release is part of the ocata release series.

The source is available from:

    http://git.openstack.org/cgit/openstack/openstack-ansible

Download the package from:

    https://tarballs.openstack.org/openstack-ansible/

For more details, please see below.

15.1.10
^^^^^^^


New Features
************

* Extra headers can be added to Keystone responses by adding items
  to "keystone_extra_headers". Example:

     keystone_extra_headers:
       - parameter: "Access-Control-Expose-Headers"
         value: "X-Subject-Token"
       - parameter: "Access-Control-Allow-Headers"
         value: "Content-Type, X-Auth-Token"
       - parameter: "Access-Control-Allow-Origin"
         value: "*"

* The default ulimit for RabbitMQ is now 65536. Deployers can still
  adjust this limit using the "rabbitmq_ulimit" Ansible variable.


Security Issues
***************

* The "net.bridge.bridge-nf-call-*" kernel parameters were set to
  "0" in previous releases to improve performance and it was left up
  to neutron to adjust these parameters when security groups are
  applied. This could cause situations where bridge traffic was not
  sent through iptables and this rendered security groups ineffective.
  This could allow unexpected ingress and egress traffic within the
  cloud.

  These kernel parameters are now set to "1" on all hosts by the
  "openstack_hosts" role, which ensures that bridge traffic is always
  sent through iptables.


Bug Fixes
*********

* The sysctl configuration task was not skipping configurations
  where "enabled" was set to "no". Instead, it was removing
  configurations when "enabled: no" was set.

  There is now a fix in place that ensures any sysctl configuration
  with "enabled: no" will be skipped and the configuration will be
  left unaltered on the system.

Changes in openstack-ansible 15.1.9..15.1.10
--------------------------------------------

8a0b84a Update all SHAs for 15.1.10
7954dc4 Fix Aodh's health checks (ocata backport)


Diffstat (except docs and test files)
-------------------------------------

ansible-role-requirements.yml                      | 60 +++++++++++-----------
.../defaults/repo_packages/openstack_services.yml  | 60 +++++++++++-----------
playbooks/inventory/group_vars/all.yml             |  2 +-
playbooks/vars/configs/haproxy_config.yml          |  2 -
...ity-groups-always-applied-eb6e3bdc7b77f022.yaml | 13 +++++
.../notes/extra-headers-e54a672d3a78dd89.yaml      | 15 ++++++
...skip-sysctl-when-disabled-b32eca48df5b1437.yaml | 10 ++++
.../ulimit-increased-65536-50b418d8e8ca4eef.yaml   |  5 ++
8 files changed, 104 insertions(+), 63 deletions(-)

More information about the Release-announce mailing list