[release-announce] [openstackansible] openstack-ansible 15.1.10 (ocata)
no-reply at openstack.org
no-reply at openstack.org
Thu Oct 26 23:13:34 UTC 2017
We exuberantly announce the release of:
openstack-ansible 15.1.10: Ansible playbooks for deploying OpenStack
This release is part of the ocata release series.
The source is available from:
http://git.openstack.org/cgit/openstack/openstack-ansible
Download the package from:
https://tarballs.openstack.org/openstack-ansible/
For more details, please see below.
15.1.10
^^^^^^^
New Features
************
* Extra headers can be added to Keystone responses by adding items
to "keystone_extra_headers". Example:
keystone_extra_headers:
- parameter: "Access-Control-Expose-Headers"
value: "X-Subject-Token"
- parameter: "Access-Control-Allow-Headers"
value: "Content-Type, X-Auth-Token"
- parameter: "Access-Control-Allow-Origin"
value: "*"
* The default ulimit for RabbitMQ is now 65536. Deployers can still
adjust this limit using the "rabbitmq_ulimit" Ansible variable.
Security Issues
***************
* The "net.bridge.bridge-nf-call-*" kernel parameters were set to
"0" in previous releases to improve performance and it was left up
to neutron to adjust these parameters when security groups are
applied. This could cause situations where bridge traffic was not
sent through iptables and this rendered security groups ineffective.
This could allow unexpected ingress and egress traffic within the
cloud.
These kernel parameters are now set to "1" on all hosts by the
"openstack_hosts" role, which ensures that bridge traffic is always
sent through iptables.
Bug Fixes
*********
* The sysctl configuration task was not skipping configurations
where "enabled" was set to "no". Instead, it was removing
configurations when "enabled: no" was set.
There is now a fix in place that ensures any sysctl configuration
with "enabled: no" will be skipped and the configuration will be
left unaltered on the system.
Changes in openstack-ansible 15.1.9..15.1.10
--------------------------------------------
8a0b84a Update all SHAs for 15.1.10
7954dc4 Fix Aodh's health checks (ocata backport)
Diffstat (except docs and test files)
-------------------------------------
ansible-role-requirements.yml | 60 +++++++++++-----------
.../defaults/repo_packages/openstack_services.yml | 60 +++++++++++-----------
playbooks/inventory/group_vars/all.yml | 2 +-
playbooks/vars/configs/haproxy_config.yml | 2 -
...ity-groups-always-applied-eb6e3bdc7b77f022.yaml | 13 +++++
.../notes/extra-headers-e54a672d3a78dd89.yaml | 15 ++++++
...skip-sysctl-when-disabled-b32eca48df5b1437.yaml | 10 ++++
.../ulimit-increased-65536-50b418d8e8ca4eef.yaml | 5 ++
8 files changed, 104 insertions(+), 63 deletions(-)
More information about the Release-announce
mailing list