- OpenStack-announce - lists.openstack.org

[new][manila] manila-ui 2.5.1 release (newton)
by no-reply＠openstack.org 04 Oct '16

04 Oct '16

We are joyful to announce the release of: manila-ui 2.5.1: Manila Management Dashboard This release is part of the newton stable release series. With source available at: http://git.openstack.org/cgit/openstack/manila-ui Please report issues through launchpad: http://bugs.launchpad.net/manila-ui For more details, please see below. Changes in manila-ui 2.5.0..2.5.1 --------------------------------- 61c5b00 Fix display of Delete share replica button 832c751 Change Create Replica button availability eed69d6 Fix metadata_to_str function code injection vulnerability 55188e5 Fix broken unit tests fb0ce55 Imported Translations from Zanata Diffstat (except docs and test files) ------------------------------------- manila_ui/api/manila.py | 10 +- .../dashboards/admin/shares/replicas/tables.py | 16 +- manila_ui/dashboards/admin/shares/tabs.py | 8 +- .../dashboards/project/shares/replicas/forms.py | 4 +- .../dashboards/project/shares/replicas/tables.py | 20 +- .../dashboards/project/shares/shares/tables.py | 4 +- manila_ui/dashboards/project/shares/shares/tabs.py | 10 +- manila_ui/dashboards/utils.py | 24 +- manila_ui/locale/zh_CN/LC_MESSAGES/django.po | 271 ++++++++++++++++++++- 19 files changed, 484 insertions(+), 128 deletions(-)

1 0

[new][telemetry] gnocchi 2.2.1 release
by no-reply＠openstack.org 04 Oct '16

04 Oct '16

We are overjoyed to announce the release of: gnocchi 2.2.1: Metric as a Service For more details, please see below. Changes in gnocchi 2.2.0..2.2.1 ------------------------------- c92e986 ceph: Fix metricd start f102131 ceph: fix setup extra 2e39260 Update .gitreview for stable/2.2 Diffstat (except docs and test files) ------------------------------------- .gitreview | 1 + devstack/gate/post_test_hook.sh | 2 +- gnocchi/storage/ceph.py | 8 ++++++-- setup.cfg | 4 ++-- 4 files changed, 10 insertions(+), 5 deletions(-)

1 0

[new][packaging-rpm] pymod2pkg 0.6.0 release
by no-reply＠openstack.org 04 Oct '16

04 Oct '16

We are stoked to announce the release of: pymod2pkg 0.6.0: python module name to package name map For more details, please see below. Changes in pymod2pkg 0.5.4..0.6.0 --------------------------------- 13c1646 Fix cloudkittyclient to cloudkitty 637473d Updated from global requirements af44d9b More exceptions for python-*client naming on SUSE e10889b Updated from global requirements 8e583df Add additional mappings for new clients 58a12b9 Add mapping for OpenStack project names Diffstat (except docs and test files) ------------------------------------- pymod2pkg/__init__.py | 48 ++++++++++++++++++++++++++++++++++++++---------- test-requirements.txt | 4 ++-- 4 files changed, 55 insertions(+), 14 deletions(-) Requirements updates -------------------- diff --git a/test-requirements.txt b/test-requirements.txt index 143c765..4da89ca 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -9,2 +9,2 @@ testtools>=1.4.0 # MIT -sphinx!=1.3b1,<1.3,>=1.2.1 # BSD -oslosphinx!=3.4.0,>=2.5.0 # Apache-2.0 +sphinx!=1.3b1,<1.4,>=1.2.1 # BSD +oslosphinx>=4.7.0 # Apache-2.0

1 0

[new][cloudkitty] cloudkitty 0.6.1 release (newton)
by no-reply＠openstack.org 30 Sep '16

30 Sep '16

We are pumped to announce the release of: cloudkitty 0.6.1: Rating as a Service component for OpenStack This release is part of the newton release series. For more details, please see below. Changes in cloudkitty 0.6.0..0.6.1 ---------------------------------- aa5d895 Update outputs in "Hashmap rating module" 5a04789 Fix consistency on gnocchi storage commit d3ee522 Fix typo in the file 015546e ceilometer network.* collector are not JSON serializable b921e7f Update hashmap documentation 1124e4d Fix typos in docstrings b99f97b Add volume_type attribute to volume when gnocchi collector c457f31 Change git url to openstack git in devstack doc f93aa0a Fix the image size unit from 'image' to 'MB' 302bb43 Specifies gabbi version in test-requirements.txt efa5f06 Fix state tracking in gnocchi storage 0296672 modify the home-page info with the developer documentation Diffstat (except docs and test files) ------------------------------------- cloudkitty/collector/ceilometer.py | 5 +- cloudkitty/collector/gnocchi.py | 5 +- cloudkitty/rating/__init__.py | 2 +- .../models/f8c799db4aa0_fix_unnamed_constraints.py | 4 +- cloudkitty/rating/hash/db/sqlalchemy/api.py | 2 +- cloudkitty/rating/hash/db/sqlalchemy/models.py | 4 +- cloudkitty/rating/pyscripts/db/api.py | 2 +- cloudkitty/storage/gnocchi/__init__.py | 188 +++++++++++++-------- cloudkitty/storage/gnocchi_hybrid/models.py | 2 +- cloudkitty/transformer/__init__.py | 1 + cloudkitty/transformer/ceilometer.py | 34 ++++ cloudkitty/transformer/gnocchi.py | 1 + setup.cfg | 2 +- test-requirements.txt | 2 +- 18 files changed, 321 insertions(+), 122 deletions(-) Requirements updates -------------------- diff --git a/test-requirements.txt b/test-requirements.txt index b761433..e455d2a 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -7 +7 @@ discover # BSD -gabbi>=1.11.0 # Apache-2.0 +gabbi>=1.11.0,<=1.25.0 # Apache-2.0

1 0

[new][cloudkitty] cloudkitty-dashboard 0.6.1 release (newton)
by no-reply＠openstack.org 30 Sep '16

30 Sep '16

We are jazzed to announce the release of: cloudkitty-dashboard 0.6.1: CloudKitty Horizon dashboard This release is part of the newton release series. With package available at: https://pypi.python.org/pypi/cloudkitty-dashboard For more details, please see below. Changes in cloudkitty-dashboard 0.6.0..0.6.1 -------------------------------------------- 6b2ea6e TrivialFix: Fix typo in README file Diffstat (except docs and test files) ------------------------------------- README.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)

1 0

[new][nova] nova 12.0.5 release (liberty)
by no-reply＠openstack.org 30 Sep '16

30 Sep '16

We are ecstatic to announce the release of: nova 12.0.5: Cloud computing fabric controller This release is part of the liberty stable release series. For more details, please see below. 12.0.5 ^^^^^^ Security Issues * The qemu-img tool now has resource limits applied which prevent it from using more than 1GB of address space or more than 2 seconds of CPU time. This provides protection against denial of service attacks from maliciously crafted or corrupted disk images. oslo.concurrency>=2.6.1 is required for this fix. Changes in nova 12.0.4..12.0.5 ------------------------------ 6bc37dc virt: set address space & CPU time limits when running qemu-img 15cfd03 Refresh info_cache after deleting floating IP bedee79 Updated from global requirements 9ab10b8 Fix booting fail when unlimited project quota 53fffe0 Update instance host in post live migration even when exception occurs 3e1a0db Updated from global requirements 0e1bb7e Fix duplicate lines in policy.json Diffstat (except docs and test files) ------------------------------------- etc/nova/policy.json | 3 - nova/compute/manager.py | 40 ++++--- nova/db/sqlalchemy/api.py | 11 +- nova/network/neutronv2/api.py | 14 ++- nova/virt/images.py | 16 ++- .../apply-limits-to-qemu-img-8813f7a333ebdf69.yaml | 8 ++ requirements.txt | 4 +- test-requirements.txt | 2 +- 15 files changed, 242 insertions(+), 126 deletions(-) Requirements updates -------------------- diff --git a/requirements.txt b/requirements.txt index 050091e..c1fd413 100644 --- a/requirements.txt +++ b/requirements.txt @@ -35 +35 @@ stevedore>=1.5.0 # Apache-2.0 -setuptools>=16.0 +setuptools!=24.0.0,>=16.0 @@ -54 +54 @@ alembic>=0.8.0 -os-brick>=0.4.0 # Apache-2.0 +os-brick!=1.4.0,>=0.4.0 # Apache-2.0 diff --git a/test-requirements.txt b/test-requirements.txt index 074337d..4e33195 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -11 +11 @@ psycopg2>=2.5 -PyMySQL>=0.6.2 # MIT License +PyMySQL!=0.7.7,>=0.6.2 # MIT License

1 0

[new][openstackansible] openstack-ansible 12.2.4 release
by no-reply＠openstack.org 29 Sep '16

29 Sep '16

We are glad to announce the release of: openstack-ansible 12.2.4: Ansible playbooks for deploying OpenStack With source available at: http://git.openstack.org/cgit/openstack/openstack-ansible For more details, please see below. 12.2.4 ^^^^^^ New Features ************ * AIDE is configured to skip the entire "/var" directory when it does the database initialization and when it performs checks. This reduces disk I/O and allows these jobs to complete faster. This also allows the initialization to become a blocking process and Ansible will wait for the initialization to complete prior to running the next task. * Although the STIG requires martian packets to be logged, the logging is now disabled by default. The logs can quickly fill up a syslog server or make a physical console unusable. Deployers that need this logging enabled will need to set the following Ansible variable: security_sysctl_enable_martian_logging: yes Upgrade Notes ************* * The upgrade playbook *nova-flavor-migration.yml* will perform a migration of nova flavor data. This will need to be completed prior to upgrading to Liberty. It is recommended that Kilo be deployed from the *eol-kilo* tag prior to upgrading to Liberty to ensure that this task is completed successfully. This upgrade task is related to bug 1594584 (https://bugs.launchpad.net/openstack-ansible/+bug/1594584). * All of the discretionary access control (DAC) auditing is now disabled by default. This reduces the amount of logs generated during deployments and minor upgrades. The following variables are now set to "no": security_audit_DAC_chmod: no security_audit_DAC_chown: no security_audit_DAC_lchown: no security_audit_DAC_fchmod: no security_audit_DAC_fchmodat: no security_audit_DAC_fchown: no security_audit_DAC_fchownat: no security_audit_DAC_fremovexattr: no security_audit_DAC_lremovexattr: no security_audit_DAC_fsetxattr: no security_audit_DAC_lsetxattr: no security_audit_DAC_setxattr: no * New overrides are provided to allow for better customization around logfile retention and rate limiting for UDP/TCP sockets. "rsyslog_server_logrotation_window" defaults to 14 days "rsyslog_server_ratelimit_interval" defaults to 0 seconds "rsyslog_server_ratelimit_burst" defaults to 10000 * The rsyslog.conf is now using v7+ style configuration settings Bug Fixes ********* * The "/run" directory is excluded from AIDE checks since the files and directories there are only temporary and often change when services start and stop. * AIDE initialization is now always run on subsequent playbook runs when "initialize_aide" is set to "yes". The initialization will be skipped if AIDE isn't installed or if the AIDE database already exists. See bug 1616281 (https://launchpad.net/bugs/1616281) for more details. * The auditd rules for auditing V-38568 (filesystem mounts) were incorrectly labeled in the auditd logs with the key of "export-V-38568". They are now correctly logged with the key "filesystem_mount-V-38568". Changes in openstack-ansible 12.2.3..12.2.4 ------------------------------------------- 5cbbe80 Add upgrade playbook to force nova flavor migrate 2d9cd36 Separate remote rsyslog stream from local f1536d8 Update all SHAs for 12.2.4 296a89a Point auditor service at the replicator config 555d506 Add collect_statistics_interval, rates_mode in rabbitmq.config template Diffstat (except docs and test files) ------------------------------------- ansible-role-requirements.yml | 2 +- global-requirement-pins.txt | 2 +- .../defaults/repo_packages/openstack_services.yml | 26 +++++----- playbooks/inventory/group_vars/all.yml | 2 +- playbooks/inventory/group_vars/hosts.yml | 2 +- .../os_swift/tasks/swift_storage_hosts_account.yml | 29 ++++++++--- .../tasks/swift_storage_hosts_container.yml | 29 ++++++++--- .../os_swift/tasks/swift_storage_hosts_object.yml | 29 ++++++++--- .../templates/account-server-replicator.conf.j2 | 3 ++ .../os_swift/templates/account-server.conf.j2 | 2 +- .../templates/container-server-replicator.conf.j2 | 3 ++ .../os_swift/templates/container-server.conf.j2 | 6 +-- .../templates/object-server-replicator.conf.j2 | 3 ++ .../roles/os_swift/templates/object-server.conf.j2 | 6 +-- playbooks/roles/rabbitmq_server/defaults/main.yml | 6 +++ .../rabbitmq_server/templates/rabbitmq.config.j2 | 4 +- playbooks/roles/rsyslog_server/defaults/main.yml | 7 +++ .../templates/os_aggregate_storage.j2 | 2 +- .../roles/rsyslog_server/templates/rsyslog.conf.j2 | 59 ++++++++++------------ .../notes/aide-exclude-run-4d3c97a2d08eb373.yaml | 6 +++ .../aide-initialization-fix-16ab0223747d7719.yaml | 17 +++++++ ...figurable-martian-logging-370ede40b036db0b.yaml | 13 +++++ ...grade-nova-flavor-migrate-05402ab6faf1df1c.yaml | 11 ++++ .../reduce-auditd-logging-633677a74aee5481.yaml | 25 +++++++++ ...log-remote-log-separation-76de4b64f0c18edb.yaml | 8 +++ scripts/run-upgrade.sh | 1 + scripts/scripts-library.sh | 2 +- .../playbooks/nova-flavor-migration.yml | 30 +++++++++++ 29 files changed, 270 insertions(+), 76 deletions(-)

1 0

[new][openstackansible] openstack-ansible-security 12.2.4 release
by no-reply＠openstack.org 29 Sep '16

29 Sep '16

We are glad to announce the release of: openstack-ansible-security 12.2.4: Security hardening role for openstack-ansible For more details, please see below. 12.2.4 ^^^^^^ New Features ************ * AIDE is configured to skip the entire "/var" directory when it does the database initialization and when it performs checks. This reduces disk I/O and allows these jobs to complete faster. This also allows the initialization to become a blocking process and Ansible will wait for the initialization to complete prior to running the next task. * Although the STIG requires martian packets to be logged, the logging is now disabled by default. The logs can quickly fill up a syslog server or make a physical console unusable. Deployers that need this logging enabled will need to set the following Ansible variable: security_sysctl_enable_martian_logging: yes Upgrade Notes ************* * All of the discretionary access control (DAC) auditing is now disabled by default. This reduces the amount of logs generated during deployments and minor upgrades. The following variables are now set to "no": security_audit_DAC_chmod: no security_audit_DAC_chown: no security_audit_DAC_lchown: no security_audit_DAC_fchmod: no security_audit_DAC_fchmodat: no security_audit_DAC_fchown: no security_audit_DAC_fchownat: no security_audit_DAC_fremovexattr: no security_audit_DAC_lremovexattr: no security_audit_DAC_fsetxattr: no security_audit_DAC_lsetxattr: no security_audit_DAC_setxattr: no Bug Fixes ********* * The "/run" directory is excluded from AIDE checks since the files and directories there are only temporary and often change when services start and stop. * AIDE initialization is now always run on subsequent playbook runs when "initialize_aide" is set to "yes". The initialization will be skipped if AIDE isn't installed or if the AIDE database already exists. See bug 1616281 (https://launchpad.net/bugs/1616281) for more details. * The auditd rules for auditing V-38568 (filesystem mounts) were incorrectly labeled in the auditd logs with the key of "export-V-38568". They are now correctly logged with the key "filesystem_mount-V-38568". Changes in openstack-ansible-security 12.2.3..12.2.4 ---------------------------------------------------- 77eaaf2 Disable DAC change auditing 31a8ff5 Disable martian logging by default e7373c4 Exclude /run from AIDE checks 6c9eb50 Ensure AIDE initializes on subsequent runs 23fe90b Fix numbering on V-38583 Diffstat (except docs and test files) ------------------------------------- defaults/main.yml | 22 +++--- handlers/main.yml | 6 -- .../notes/aide-exclude-run-4d3c97a2d08eb373.yaml | 6 ++ .../aide-initialization-fix-16ab0223747d7719.yaml | 17 +++++ ...figurable-martian-logging-370ede40b036db0b.yaml | 13 ++++ .../reduce-auditd-logging-633677a74aee5481.yaml | 25 +++++++ tasks/aide.yml | 86 ++++++++++++++++++++++ tasks/boot.yml | 4 +- tasks/kernel.yml | 2 +- tasks/main.yml | 1 + tasks/misc.yml | 49 ------------ templates/osas-auditd.j2 | 8 +- 22 files changed, 293 insertions(+), 94 deletions(-)

1 0

[new][openstackansible] openstack-ansible-os_neutron 13.3.4 release
by no-reply＠openstack.org 29 Sep '16

29 Sep '16

We are thrilled to announce the release of: openstack-ansible-os_neutron 13.3.4: os_neutron role for OpenStack- Ansible For more details, please see below. Changes in openstack-ansible-os_neutron 13.3.1..13.3.4 ------------------------------------------------------ f8b0389 Update plumgrid plugin installation from pip to deb 5a53856 Disable stderr logging Diffstat (except docs and test files) ------------------------------------- defaults/main.yml | 3 -- tasks/plumgrid_config.yml | 88 ++++++++++------------------------------------- templates/neutron.conf.j2 | 2 ++ 3 files changed, 20 insertions(+), 73 deletions(-)

1 0

[new][openstackansible] openstack-ansible-rabbitmq_server 13.3.4 release
by no-reply＠openstack.org 29 Sep '16

29 Sep '16

We are overjoyed to announce the release of: openstack-ansible-rabbitmq_server 13.3.4: rabbitmq_server for OpenStack Ansible For more details, please see below. Changes in openstack-ansible-rabbitmq_server 13.3.3..13.3.4 ----------------------------------------------------------- 7ac8e58 Add collect_statistics_interval, rates_mode in rabbitmq.config template Diffstat (except docs and test files) ------------------------------------- defaults/main.yml | 6 ++++++ templates/rabbitmq.config.j2 | 4 +++- 2 files changed, 9 insertions(+), 1 deletion(-)

1 0