Open Stack

We are excited to announce the release of:

openstack-ansible 16.0.2: Ansible playbooks for deploying OpenStack

This release is part of the pike release series.

The source is available from:

    https://git.openstack.org/cgit/openstack/openstack-ansible

Download the package from:

    https://tarballs.openstack.org/openstack-ansible/

For more details, please see below.

16.0.2
^^^^^^

Security Issues

* The "net.bridge.bridge-nf-call-*" kernel parameters were set to
  "0" in previous releases to improve performance and it was left up
  to neutron to adjust these parameters when security groups are
  applied. This could cause situations where bridge traffic was not
  sent through iptables and this rendered security groups ineffective.
  This could allow unexpected ingress and egress traffic within the
  cloud.

  These kernel parameters are now set to "1" on all hosts by the
  "openstack_hosts" role, which ensures that bridge traffic is always
  sent through iptables.

Changes in openstack-ansible 16.0.1..16.0.2
-------------------------------------------

a0af9e0 Disable ceph-ansible NFS gateway by default
448a7a0 Manually bump nova role
190bb85 Update all SHAs for 16.0.1
4bfa6c5 Fix zuul clonemap


Diffstat (except docs and test files)
-------------------------------------

ansible-role-requirements.yml                      | 22 ++++----
group_vars/ceph_all.yml                            |  5 ++
.../defaults/repo_packages/openstack_services.yml  | 60 +++++++++++-----------
...ity-groups-always-applied-eb6e3bdc7b77f022.yaml | 13 +++++
5 files changed, 60 insertions(+), 42 deletions(-)