We are pleased to announce the release of: openstack-ansible 14.2.9: Ansible playbooks for deploying OpenStack This release is part of the newton stable release series. The source is available from: http://git.openstack.org/cgit/openstack/openstack-ansible Download the package from: https://tarballs.openstack.org/openstack-ansible/ For more details, please see below. 14.2.9 ^^^^^^ New Features ************ * Tags have been added to all of the common tags with the prefix "common-". This has been done to allow a deployer to rapidly run any of the common on a need basis without having to rerun an entire playbook. * Extra headers can be added to Keystone responses by adding items to "keystone_extra_headers". Example: keystone_extra_headers: - parameter: "Access-Control-Expose-Headers" value: "X-Subject-Token" - parameter: "Access-Control-Allow-Headers" value: "Content-Type, X-Auth-Token" - parameter: "Access-Control-Allow-Origin" value: "*" Upgrade Notes ************* * The openstack-ansible-security role is now retired and the ansible- hardening role replaces it. The ansible-hardening role provides the same functionality and will be the maintained hardening role going forward. Bug Fixes ********* * In Ubuntu the "dnsmasq" package actually includes init scripts and service configuration which conflict with LXC and are best not included. The actual dependent package is "dnsmasq-base". The package list has been adjusted and a task added to remove the "dnsmasq" package and purge the related configuration files from all LXC hosts. Changes in openstack-ansible 14.2.8..14.2.9 ------------------------------------------- b057986 Update SHA for os_ironic 0d16b03 Update rabbitmq_server role SHA 9b8f3ff Update SHA for os_tempest dff42ad Switch to use ansible-hardening c351cdb Suppress curl warning w/shell module 6d10e57 Fix LXC container start order fb05ea0 Update role SHA's for online migration fixes 2ac2b48 Added a common tag to the common tasks 01b0f6b Remove cinder online_data_migrations-related play 47ec935 migrate_openstack_vars.py: Correct folder name 566bdb5 Set serial to 100% for nova_compute 71f2a24 Remove global pin for ldappool 838771f Update all SHAs for 14.2.9 Diffstat (except docs and test files) ------------------------------------- ansible-role-requirements.yml | 36 ++++++++--------- .../source/app-advanced-config-security.rst | 6 +-- deploy-guide/source/app-security.rst | 2 +- global-requirement-pins.txt | 6 --- playbooks/common-playbooks/cinder.yml | 2 +- playbooks/common-playbooks/neutron.yml | 2 +- playbooks/common-playbooks/nova.yml | 2 +- playbooks/common-tasks/dynamic-address-fact.yml | 2 + playbooks/common-tasks/dynamic-grouping.yml | 2 + playbooks/common-tasks/mysql-db-user.yml | 4 ++ playbooks/common-tasks/os-log-dir-setup.yml | 4 ++ playbooks/common-tasks/os-lxc-container-setup.yml | 18 ++++++++- playbooks/common-tasks/package-cache-proxy.yml | 11 +++++- playbooks/common-tasks/rabbitmq-vhost-user.yml | 5 +++ playbooks/common-tasks/set-pip-upstream-url.yml | 4 ++ playbooks/common-tasks/set-upper-constraints.yml | 10 +++++ playbooks/defaults/repo_packages/gnocchi.yml | 2 +- .../defaults/repo_packages/openstack_services.yml | 46 +++++++++++----------- playbooks/galera-install.yml | 2 +- playbooks/inventory/group_vars/all.yml | 6 +-- playbooks/inventory/group_vars/nova_all.yml | 1 + playbooks/os-cinder-install.yml | 30 -------------- playbooks/os-keystone-install.yml | 2 +- playbooks/os-nova-install.yml | 2 +- playbooks/os-swift-install.yml | 2 +- playbooks/rabbitmq-install.yml | 2 +- playbooks/rsyslog-install.yml | 2 +- playbooks/security-hardening.yml | 2 +- playbooks/utility-install.yml | 2 + .../notes/common-tags-9763f578ea5fe5b6.yaml | 5 +++ .../dnsmasq-lxc-conflict-fix-c8968f6a16d033c6.yaml | 10 +++++ .../notes/extra-headers-e54a672d3a78dd89.yaml | 15 +++++++ releasenotes/notes/ldappool-e79455337a02b05d.yaml | 4 +- ...itch-to-ansible-hardening-2e59a2ce26db7bbb.yaml | 7 ++++ .../scripts/migrate_openstack_vars.py | 2 +- 35 files changed, 159 insertions(+), 101 deletions(-)