[release-announce] tripleo-common 11.0.0 (train)

no-reply at openstack.org no-reply at openstack.org
Fri Jun 7 19:56:41 UTC 2019 

We are glad to announce the release of:

tripleo-common 11.0.0: A common library for TripleO workflows.

This release is part of the train release series.

The source is available from:

    https://opendev.org/openstack/tripleo-common

Download the package from:

    https://tarballs.openstack.org/tripleo-common/

Please report issues through:

    https://bugs.launchpad.net/tripleo-common/+bugs

For more details, please see below.

11.0.0
^^^^^^


New Features
************

* If the *AdditionalArchitectures* parameter has entries then the
  container image prepare will prepare images for all architectures
  instead of just the default one. A new boolean field *multi_arch*
  can also be set in *ContainerImagePrepare* entries to determine the
  multi arch behaviour for images in that entry. If any entry sets a
  *multi_arch* value then *AdditionalArchitectures* is ignored.

* tripleo-container-rm is the new role that replaces tripleo-docker-
  rm which is in charge of tearing down containers running in Docker
  or Podman. If the container_cli is Podman, the role takes care of
  systemd cleanup for both the container and its healthcheck if it
  does exist.


Security Issues
***************

* Fixed a vulnerability where an attacker may cause new Octavia
  amphorae to run based on any arbitrary image (CVE-2019-3895).


Bug Fixes
*********

* As of Rocky [1], the nova-consoleauth service has been deprecated
  and cell databases are used for storing token authorizations. All
  new consoles will be supported by the database backend and existing
  consoles will be reset. Console proxies must be run per cell because
  the new console token authorizations are stored in cell databases.

  nova-consoleauth was deprecated in tripleo with:
  I68485a6c4da4476d07ec0ab5e7b5a4c528820a4f

  This change now removes the NovaConsoleauth Service.

  [1] https://docs.openstack.org/releasenotes/nova/rocky.html

* Fixed an issue were amphora load balancers would fail to create.
  The problem was because Octavia certificate files were being created
  in a wrong path and with invalid content.

* Ensure [controller_worker]/amp_image_owner_id is set. This
  configuration option restricts Glance image selection to a specific
  owner ID. This is a recommended security setting.

Changes in tripleo-common 10.7.0..11.0.0
----------------------------------------

7c89493e Add the ability to compute osds number counting lvm devices
f15e6ac3 Overcloud-full image templates for RHEL8
b4d13dc8 Add deployed-server bootstrap tasks to tripleo-bootstrap
ba3891b3 Add tripleo-hieradata role
6b722063 Template each deployment file
e7c5eab7 [CVE-2019-3895] Set image owner id
4de9f78b Fix Octavia certificate file path and content
f3a93bff Fix validations_inputs temporary file name
294f67bd fix 404 when requesting empty tripleo container image catalog
feb49b8c Handle failed neutron-plugin-ml2.yaml lookup
37fc8e31 Stop sending execution object via Zaqar message
c13c9cf5 Enable staging-ovirt (fence_rhevm) fencing agent.
063e4934 Remove NovaConsoleauth Service
5a7081ea Remove duplications of tasks in scale workbook
030ad3e2 workbooks/deployment: add support to choose playbook name
68334a00 workbooks/deployment: add support to filter nodes when running Ansible
5dcad572 Make get_enabled_services() more robust
35cfa6d3 Use a typemap file instead of symlinks for tags
08ae3286 Define the interface for multi arch image prepare
88524377 Add serial option in the inventory
228fadca Add task to read remote pub key
136d8c75 Fix privileges in task fro tripleo-admin
a14bfd9f [Trivial fix]Remove unnecessary slash
13775b8e Introduce tripleo-container-rm
508324b1 Run ansible before scale down
2e54cff0 Use oslo_rootwrap subprocess module in order to gain proper eventlet awareness
878a7727 bootstrap: install network-scripts if EL8
cf86a8d6 tripleo-bootstrap: only enable network, not starting.
d0831dc4 Fix chown command in write_inputs_file function
2d52d467 tripleo-bootstrap: ensure network service is enabled & started
4f5a2750 Add new healthchecks for zaqar services
4c3d5182 Fixup octavia-api healthcheck
f292c839 Remove images that are not in use anymore
2ee6de2b nova: Remove nova-placement images and healthchecks
2f4e72b8 OpenDev Migration Patch
e39577bc Update master for stable/stein
b7618c7c Add missing ws seperator between words
e368e152 docker-rm: check if rpm dependency is actually installed
ab490622 Use 'DEFAULT_VALIDATIONS_BASEDIR' variable from constants.py
05a1f1fa Update default Ceph container image to use to the Nautilus version
9314396e Adds redfish support to 'overcloud generate fencing'.
26967343 Check for file existance in file modification check


Diffstat (except docs and test files)
-------------------------------------

.gitreview                                         |   2 +-
.../container_image_prepare_defaults.yaml          |   2 +-
container-images/overcloud_containers.yaml         |   8 +-
container-images/overcloud_containers.yaml.j2      |  24 -----
.../tripleo_kolla_template_overrides.j2            |  16 +--
healthcheck/common.sh                              |   5 +
healthcheck/nova-consoleauth                       |  14 ---
healthcheck/octavia-api                            |  12 +--
healthcheck/{nova-placement => zaqar-api}          |   2 +-
healthcheck/zaqar-socket                           |  15 +++
image-yaml/overcloud-images-python3.yaml           |   8 +-
image-yaml/overcloud-images-rhel8.yaml             |  19 ++++
lower-constraints.txt                              |   1 +
playbooks/octavia-files.yaml                       |   1 +
.../tasks/certificate.yml                          |   8 +-
.../octavia-controller-config/tasks/octavia.yml    |  12 +++
.../roles/octavia-undercloud/tasks/image_mgmt.yml  |  45 +++++++--
.../notes/multi_arch_image-3c3730cbba95be19.yaml   |   9 ++
...a_remove_nova-consoleauth-95df6d63822ef787.yaml |  15 +++
...ificates-path-and-content-e8acf1e859e75135.yaml |   6 ++
...ctavia-set-image-owner-id-adb197d5daae54f1.yaml |  10 ++
.../tripleo-container-rm-082aa93d2de1e8bc.yaml     |   7 ++
releasenotes/source/index.rst                      |   1 +
releasenotes/source/stein.rst                      |   6 ++
requirements.txt                                   |   1 +
roles/tripleo-bootstrap/defaults/main.yml          |   4 +
roles/tripleo-bootstrap/tasks/main.yml             |  75 ++++++++++++++
roles/tripleo-container-rm/README.md               |  34 +++++++
roles/tripleo-container-rm/defaults/main.yaml      |   2 +
roles/tripleo-container-rm/tasks/docker.yaml       |  21 ++++
roles/tripleo-container-rm/tasks/main.yaml         |   5 +
roles/tripleo-container-rm/tasks/podman.yaml       |  41 ++++++++
roles/tripleo-create-admin/tasks/create_user.yml   |  10 +-
roles/tripleo-docker-rm/README.md                  |   2 +
roles/tripleo-docker-rm/tasks/main.yaml            |  13 +--
roles/tripleo-hieradata/README.md                  |  35 +++++++
roles/tripleo-hieradata/defaults/main.yaml         |   3 +
roles/tripleo-hieradata/tasks/main.yaml            |  27 +++++
roles/tripleo-hieradata/test-playbook.yaml         |   9 ++
sudoers                                            |   1 -
tripleo_common/actions/ansible.py                  |  26 +++--
tripleo_common/actions/parameters.py               |  28 +++++-
tripleo_common/constants.py                        |   6 +-
tripleo_common/image/image_export.py               |  99 ++++++++++++++++--
tripleo_common/image/image_uploader.py             |  24 ++++-
tripleo_common/image/kolla_builder.py              |  27 ++++-
tripleo_common/inventory.py                        |   4 +-
tripleo_common/templates/deployment.j2             |   2 -
tripleo_common/templates/deployments.yaml          |  48 +++++++--
.../ControllerHostEntryDeployment                  |   2 -
.../data/overcloud-controller-0/MyExtraConfigPost  |   2 -
.../utils/data/overcloud-controller-0/MyPostConfig |   2 -
.../data/overcloud-controller-0/NetworkDeployment  |   2 -
.../ComputeHostEntryDeployment                     |   2 -
.../data/overcloud-novacompute-0/MyExtraConfigPost |   2 -
.../data/overcloud-novacompute-0/NetworkDeployment |   2 -
.../ComputeHostEntryDeployment                     |   2 -
.../data/overcloud-novacompute-1/MyExtraConfigPost |   2 -
.../data/overcloud-novacompute-1/NetworkDeployment |   2 -
.../data/overcloud-novacompute-2/AnsibleDeployment |   2 -
.../ComputeHostEntryDeployment                     |   2 -
.../data/overcloud-novacompute-2/MyExtraConfigPost |   2 -
.../data/overcloud-novacompute-2/NetworkDeployment |   2 -
tripleo_common/update.py                           |  29 +++---
tripleo_common/utils/validations.py                |   7 +-
workbooks/deployment.yaml                          |  17 +++-
workbooks/derive_params_formulas.yaml              |   8 +-
workbooks/messaging.yaml                           |   4 +-
workbooks/scale.yaml                               |   8 +-
74 files changed, 932 insertions(+), 230 deletions(-)


Requirements updates
--------------------

diff --git a/requirements.txt b/requirements.txt
index c304a4be..51b6b604 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -11,0 +12 @@ oslo.log>=3.36.0 # Apache-2.0
+oslo.rootwrap>=5.8.0 # Apache-2.0

More information about the Release-announce mailing list