[release-announce] [openstackansible] openstack-ansible 16.0.2 (pike)
no-reply at openstack.org
no-reply at openstack.org
Thu Oct 26 23:54:27 UTC 2017
We are excited to announce the release of:
openstack-ansible 16.0.2: Ansible playbooks for deploying OpenStack
This release is part of the pike release series.
The source is available from:
https://git.openstack.org/cgit/openstack/openstack-ansible
Download the package from:
https://tarballs.openstack.org/openstack-ansible/
For more details, please see below.
16.0.2
^^^^^^
Security Issues
* The "net.bridge.bridge-nf-call-*" kernel parameters were set to
"0" in previous releases to improve performance and it was left up
to neutron to adjust these parameters when security groups are
applied. This could cause situations where bridge traffic was not
sent through iptables and this rendered security groups ineffective.
This could allow unexpected ingress and egress traffic within the
cloud.
These kernel parameters are now set to "1" on all hosts by the
"openstack_hosts" role, which ensures that bridge traffic is always
sent through iptables.
Changes in openstack-ansible 16.0.1..16.0.2
-------------------------------------------
a0af9e0 Disable ceph-ansible NFS gateway by default
448a7a0 Manually bump nova role
190bb85 Update all SHAs for 16.0.1
4bfa6c5 Fix zuul clonemap
Diffstat (except docs and test files)
-------------------------------------
ansible-role-requirements.yml | 22 ++++----
group_vars/ceph_all.yml | 5 ++
.../defaults/repo_packages/openstack_services.yml | 60 +++++++++++-----------
...ity-groups-always-applied-eb6e3bdc7b77f022.yaml | 13 +++++
5 files changed, 60 insertions(+), 42 deletions(-)
More information about the Release-announce
mailing list