[release-announce] puppet-tripleo 8.3.4 (queens)
no-reply at openstack.org
no-reply at openstack.org
Thu Jul 5 17:33:49 UTC 2018
We contentedly announce the release of:
puppet-tripleo 8.3.4: Puppet module for OpenStack TripleO
This release is part of the queens stable release series.
The source is available from:
http://git.openstack.org/cgit/openstack/puppet-tripleo
Download the package from:
https://tarballs.openstack.org/puppet-tripleo/
Please report issues through launchpad:
http://bugs.launchpad.net/tripleo (tag: puppet)
For more details, please see below.
8.3.4
^^^^^
New Features
************
* Add the ability to deploy an NFS backend for the Cinder Backup
service.
* Added support to IPV6 and SSL parameters for Dell EMC Unity manila
backend.
Upgrade Notes
*************
* Rotated logs of containerized services in /var/log/containers will
be purged with the next containerized logrotate run triggered via
cron, if the rotated logs have been kept longer than
*purge_after_days* (defaults to a 14 days).
The logrotate maxage parameter is set to *purge_after_days* as well.
The size parameter does not honor time-based constraints and is
disabled as not GDPR compliant. From now on, it configures maxsize
instead. Minsize is set to a 1 byte to put all /var/log/containers
logs under the containerized logrotate control.
New param *rotation* additionally allows to alter logrotate rotation
interval, like 'hourly' or 'weekly'.
Security Issues
***************
* Retention rules of files in /var/log/containers additionally
defined in the containerized logrotate postrotate script and based
on any of the listed criteria met:
* time of last access of contents (atime) exceeds
*purge_after_days*,
* time of last modification of contents (mtime) exceeds
*purge_after_days*,
* time of last modification of the inode (metadata, ctime) exceeds
*purge_after_days*.
Expired files will be purged forcibly with each containerized
logrotate run triggered via cron. Note that the files creation time
(the Birth attribute) is not taken into account as it cannot be
accessed normally by system operators (depends on FS type).
Retention policies based on the creation time must be managed
elsewhere.
Bug Fixes
*********
* Fixes an issue where OVS may be missing flows post-deployment with
OpenDaylight. For more information see
https://bugs.launchpad.net/tripleo/+bug/1775436
Changes in puppet-tripleo 8.3.3..8.3.4
--------------------------------------
15a81ad Prepare 8.3.4 (queens)
668480d Update DellEMC Manila Unity driver
2ac899c Update DellEMC Manila VNX driver
2268bd1 Ensure appropriate ACL mask is set on CephX keyrings
bd33028 Remove share_backend_name from Dell-EMC manila backends
8235401 Fix logrotate_crond issues
2095275 Handle renaming of Cinder VNX backend parameter
58c881a Add NFS backend for cinder-backup service
f7de6e7 Adds check and resyncs ODL/OVS OF pipeline
c8a6413 Add keystone only job for queens
5b1ff75 Disallow SSLv2, SSLv3 and TLS1.0 in rabbitmq for FedRAMP compliance
a8de6dc Neutron sidecar wrappers use netns they were invoked with
0bde3cd Lower the default stunnel log level
f90011d Fix up property names in case of mixed case hostnames
33b406d Add missing nfs_mount_options for Cinder Netapp backend
d255260 Fix duplicate entries in /etc/sysconfig/iptables
6de9374 Rework GDPR compliant logrotate config
f814414 Force GDPR compliance of containers logs
Diffstat (except docs and test files)
-------------------------------------
lib/puppet/functions/synchronize_odl_ovs_flows.rb | 53 +++++++++++++++++++
manifests/firewall.pp | 4 +-
manifests/profile/base/cinder/backup/nfs.pp | 36 +++++++++++++
manifests/profile/base/cinder/volume.pp | 5 ++
.../profile/base/cinder/volume/dellemc_vnx.pp | 7 ++-
manifests/profile/base/cinder/volume/netapp.pp | 1 +
manifests/profile/base/glance/api.pp | 5 ++
manifests/profile/base/gnocchi/api.pp | 5 ++
manifests/profile/base/logging/logrotate.pp | 30 +++++++++--
manifests/profile/base/manila/share.pp | 15 ++++--
.../profile/base/neutron/dhcp_agent_wrappers.pp | 1 -
.../profile/base/neutron/l3_agent_wrappers.pp | 3 --
.../base/neutron/plugins/ovs/opendaylight.pp | 8 +++
manifests/profile/base/neutron/wrappers/haproxy.pp | 5 --
.../profile/base/neutron/wrappers/keepalived.pp | 5 --
.../neutron/wrappers/keepalived_state_change.pp | 5 --
.../profile/base/nova/compute_libvirt_shared.pp | 5 ++
manifests/profile/base/rabbitmq.pp | 32 +++++++++++-
.../profile/pacemaker/cinder/backup_bundle.pp | 2 +-
.../profile/pacemaker/cinder/volume_bundle.pp | 2 +-
.../profile/pacemaker/database/mysql_bundle.pp | 2 +-
.../profile/pacemaker/database/redis_bundle.pp | 2 +-
manifests/profile/pacemaker/haproxy_bundle.pp | 2 +-
manifests/profile/pacemaker/manila/share_bundle.pp | 2 +-
manifests/profile/pacemaker/ovn_dbs_bundle.pp | 2 +-
manifests/profile/pacemaker/rabbitmq_bundle.pp | 2 +-
manifests/stunnel.pp | 5 ++
metadata.json | 2 +-
...cinder-backup-nfs-backend-59bf771a58af65f6.yaml | 4 ++
.../fix-odl-ovs-flows-sync-7b2cb7a29f0c89ec.yaml | 6 +++
...ogrotate-containers-purge-56143a979ba80b51.yaml | 38 ++++++++++++++
.../notes/unity_driver_aba347d073cd11e7.yaml | 4 ++
.../notes/vnx_driver_cea44d073cd161e7.yaml | 4 ++
.../tripleo_profile_base_cinder_backup_nfs_spec.rb | 59 ++++++++++++++++++++++
.../tripleo_profile_base_cinder_volume_spec.rb | 1 +
.../tripleo_profile_base_gnocchi_api_spec.rb | 1 +
...o_profile_base_neutron_wrappers_haproxy_spec.rb | 3 +-
...rofile_base_neutron_wrappers_keepalived_spec.rb | 1 -
...eutron_wrappers_keepalived_state_change_spec.rb | 3 +-
spec/fixtures/hieradata/default.yaml | 1 +
spec/fixtures/hieradata/step4.yaml | 1 +
templates/logrotate/containers_logrotate.conf.erb | 20 ++++++--
templates/neutron/dibbler-client.epp | 7 +--
templates/neutron/dnsmasq.epp | 6 +--
templates/neutron/haproxy.epp | 9 ++--
templates/neutron/keepalived.epp | 8 +--
.../neutron/neutron-keepalived-state-change.epp | 8 +--
templates/stunnel/foreground.erb | 1 +
zuul.d/layout.yaml | 26 ++++++++++
49 files changed, 393 insertions(+), 66 deletions(-)
More information about the Release-announce
mailing list