We are stoked to announce the release of: openstack-ansible 22.1.0: Ansible playbooks for deploying OpenStack This release is part of the victoria stable release series. The source is available from: https://opendev.org/openstack/openstack-ansible Download the package from: https://tarballs.openstack.org/openstack-ansible/ Please report issues through: https://bugs.launchpad.net/openstack-ansible/+bugs For more details, please see below. 22.1.0 ^^^^^^ New Features ************ * Added variable "security_rhel7_enable_aide" that is designed to avoid installation and initialization of the aide related STIGs * Created series of variables "haproxy_*_service" that contain specific to the service haproxy configuration block. This allows deployers to selectively adjust haproxy frontend/backend configuration for specific service only, without need to override whole haproxy_default_services. Upgrade Notes ************* * For Barbican in "[simple_crypto_plugin]" section of the barbican.conf kek has been hardcoded. Now it's dynamically generated in secrets.yml and unique per deployment. However, before upgrade you must set "barbican_simple_crypto_key" to the current value, which is passed through base64 decoding first. Most likely decoded value will be *abcdefghijklmnopqrstuvwxyz123456* since that value has been hardcoded in the template. Upgrade script will set the value of "barbican_simple_crypto_key" in user_secrets.yml to the *abcdefghijklmnopqrstuvwxyz123456* unless variable has been already defined. So everyone who used overrides to modify kek for simple_crypto_plugin should manually define valid barbican_simple_crypto_key in user_secrets.yml Changes in openstack-ansible 22.0.1..22.1.0 ------------------------------------------- fb71a1bb8 Bump SHAs for stable/victoria ad8ba55bd Workaround nova bug f52bc689c Trigger deploy guide rebuild on a-r-r update e7b5fcf85 Do not apply force flag to git.reset 88272b4ae Add reno about barbican_simple_crypto_key 27fab0980 Do not use tempestconf for ironic role tests 67bd81e24 Add barbican-ui repo package and zuul repo e55defe9f Add haproxy_*_service variables Diffstat (except docs and test files) ------------------------------------- ansible-role-requirements.yml | 26 +- inventory/group_vars/haproxy/haproxy.yml | 993 +++++++++++---------- playbooks/defaults/repo_packages/gnocchi.yml | 2 +- playbooks/defaults/repo_packages/nova_consoles.yml | 4 +- .../defaults/repo_packages/openstack_services.yml | 110 +-- playbooks/library/git_requirements.py | 3 +- .../barbican_simple_kek-17c81aac3282c707.yaml | 15 + .../notes/enable_aide-d9783c50675cb80f.yaml | 5 + ...haproxy_service_variables-ffd7958b20dfe92e.yaml | 7 + scripts/get-ansible-role-requirements.yml | 2 +- .../upgrade-utilities/deploy-config-changes.yml | 10 + .../templates/user_variables_ironic.yml.j2 | 1 - .../templates/user_variables_octavia.yml.j2 | 1 + zuul.d/jobs.yaml | 1 + zuul.d/project.yaml | 2 +- 15 files changed, 648 insertions(+), 534 deletions(-)