[release-announce] tripleo-common 10.8.0 (stein)

no-reply at openstack.org no-reply at openstack.org
Fri Jul 5 13:06:34 UTC 2019 

We are gleeful to announce the release of:

tripleo-common 10.8.0: A common library for TripleO workflows.

This release is part of the stein stable release series.

The source is available from:

    https://opendev.org/openstack/tripleo-common

Download the package from:

    https://tarballs.openstack.org/tripleo-common/

Please report issues through:

    https://bugs.launchpad.net/tripleo-common/+bugs

For more details, please see below.

10.8.0
^^^^^^


Security Issues
***************

* Fixed a vulnerability where an attacker may cause new Octavia
  amphorae to run based on any arbitrary image (CVE-2019-3895).


Bug Fixes
*********

* Fixed an issue were amphora load balancers would fail to create.
  The problem was because Octavia certificate files were being created
  in a wrong path and with invalid content.

* Ensure [controller_worker]/amp_image_owner_id is set. This
  configuration option restricts Glance image selection to a specific
  owner ID. This is a recommended security setting.

Changes in tripleo-common 10.7.0..10.8.0
----------------------------------------

f48331f3 Fix tripleo-upgrade-hiera key deleting
783a6924 remove plotnetcfg from overcloud image yaml
6763c998 Overcloud-full image templates for RHEL8
f08c6058 Update the Undercloud Services list in the inventory.
5cdd4692 Increase timeout of temp swift URLs from 1 to 4 hours
c258f87e Remove scenario008 jobs
277902e6 Fix bare variable usage in ansible
571422a1 Add the ability to compute osds number counting lvm devices
728e59ed [CVE-2019-3895] Set image owner id
c93be003 Adds redfish support to 'overcloud generate fencing'.
71c099f2 Fix Octavia certificate file path and content
f38d89e7 fix 404 when requesting empty tripleo container image catalog
af719c4c Fix validations_inputs temporary file name
93314d98 [Stein-Only] Switch container images to stein namespace
4ed86885 Add task to read remote pub key
a9e05d47 Make get_enabled_services() more robust
fac2c32d bootstrap: install network-scripts if EL8
6f55c891 Use oslo_rootwrap subprocess module in order to gain proper eventlet awareness
59738bd5 Use 'DEFAULT_VALIDATIONS_BASEDIR' variable from constants.py
27a4322b Fix chown command in write_inputs_file function
787ec853 Add new healthchecks for zaqar services
5de8867b tripleo-bootstrap: only enable network, not starting.
24c55464 tripleo-bootstrap: ensure network service is enabled & started
83d05ffc Update default Ceph container image to use to the Nautilus version
f19863f3 docker-rm: check if rpm dependency is actually installed
992749c6 Check for file existance in file modification check
83526f8a OpenDev Migration Patch
b90b0e61 Update UPPER_CONSTRAINTS_FILE for stable/stein
0917a3e6 Update .gitreview for stable/stein


Diffstat (except docs and test files)
-------------------------------------

.gitreview                                         |   3 +-
.../container_image_prepare_defaults.yaml          |   4 +-
container-images/overcloud_containers.yaml         | 210 ++++++++++-----------
.../tripleo_kolla_template_overrides.j2            |   4 +-
healthcheck/common.sh                              |   5 +
healthcheck/zaqar-api                              |   6 +
healthcheck/zaqar-socket                           |  15 ++
image-yaml/overcloud-hardened-images-uefi.yaml     |   1 -
image-yaml/overcloud-hardened-images.yaml          |   1 -
image-yaml/overcloud-images-python3.yaml           |   9 +-
image-yaml/overcloud-images-rhel8.yaml             |  19 ++
image-yaml/overcloud-images.yaml                   |   1 -
image-yaml/overcloud-realtime-compute.yaml         |   1 -
lower-constraints.txt                              |   1 +
playbooks/octavia-files.yaml                       |   1 +
.../tasks/certificate.yml                          |   8 +-
.../octavia-controller-config/tasks/octavia.yml    |  12 ++
.../roles/octavia-undercloud/tasks/image_mgmt.yml  |  45 ++++-
...ificates-path-and-content-e8acf1e859e75135.yaml |   6 +
...ctavia-set-image-owner-id-adb197d5daae54f1.yaml |  10 +
requirements.txt                                   |   1 +
roles/tripleo-bootstrap/tasks/main.yml             |  23 +++
roles/tripleo-create-admin/tasks/create_user.yml   |   7 +-
roles/tripleo-docker-rm/tasks/main.yaml            |  13 +-
roles/tripleo-upgrade-hiera/tasks/remove.yml       |  12 +-
sudoers                                            |   1 -
tox.ini                                            |   2 +-
tripleo_common/actions/ansible.py                  |  26 +--
tripleo_common/actions/parameters.py               |  14 +-
tripleo_common/image/image_uploader.py             |  11 +-
tripleo_common/image/kolla_builder.py              |   6 +
tripleo_common/inventory.py                        |   6 +-
tripleo_common/templates/deployments.yaml          |  20 +-
tripleo_common/utils/validations.py                |   7 +-
workbooks/deployment.yaml                          |   2 +-
workbooks/derive_params_formulas.yaml              |   8 +-
zuul.d/layout.yaml                                 |   5 -
42 files changed, 500 insertions(+), 263 deletions(-)


Requirements updates
--------------------

diff --git a/requirements.txt b/requirements.txt
index c304a4be..51b6b604 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -11,0 +12 @@ oslo.log>=3.36.0 # Apache-2.0
+oslo.rootwrap>=5.8.0 # Apache-2.0

More information about the Release-announce mailing list