[release-announce] [openstackansible] openstack-ansible-os_keystone 16.0.0 (pike)

14 Sep 2017

We are overjoyed to announce the release of:

openstack-ansible-os_keystone 16.0.0: os_keystone for OpenStack
Ansible

This release is part of the pike release series.

Download the package from:

    https://tarballs.openstack.org/openstack-ansible-os_keystone/

For more details, please see below.

16.0.0
^^^^^^

New Features

* Extra headers can be added to Keystone responses by adding items
  to "keystone_extra_headers". Example:

     keystone_extra_headers:
       - parameter: "Access-Control-Expose-Headers"
         value: "X-Subject-Token"
       - parameter: "Access-Control-Allow-Headers"
         value: "Content-Type, X-Auth-Token"
       - parameter: "Access-Control-Allow-Origin"
         value: "*"

Changes in openstack-ansible-os_keystone 15.0.0.0rc1..16.0.0
------------------------------------------------------------

ede6478 Updated from OpenStack Ansible Tests
bd2bb46 Update vars and test tooling for Pike
95710fc Remove Developer Tools package group
ce3ab6e tasks: keystone_install: Fix virtualenv-tools issue on openSUSE
8fd7b16 Add extra headers for Keystone
094bcf9 Update UPPER_CONSTRAINTS_FILE for stable/pike
e003be1 Update .gitreview for stable/pike
b1ab60a Updated from OpenStack Ansible Tests
31db740 Add dnf support
bd6fd7a Updated from OpenStack Ansible Tests
0ac4f11 Updated from OpenStack Ansible Tests
f57f8ce Updated from global requirements
a9658c2 Update URLs in documents according to document migration
917f2b8 Update URL home-page in documents according to document migration
7fa98de Ensure that keystone restarts after db sync
02b785f Updated from OpenStack Ansible Tests
2bc2986 Updated from OpenStack Ansible Tests
1b8a085 Include init_systemd taskfile once
8c1ebb0 Add support for the openSUSE Leap distributions
f375cac tasks: keystone_apache: Use the apache2_module Ansible module
2276c3f Hedge upgrade process against no software change
6241f5e Fix openstackdocstheme settings
84af640 Switch to using Nginx/uWSGI by default
ce02e0a Use keystone-tempest-plugin repo
0cafcc1 Updated from global requirements
40c91b5 Switch from oslosphinx to openstackdocstheme
2076de5 Use run_once instead of inventory scoping
1b61771 Updated from OpenStack Ansible Tests
43d03a0 Split user create and ssh key generation
aad8144 Implement serialisable rolling upgrade
0b24181 Deprecate rpc_backend option
ed136ef Fix rolling upgrade test
a66bc38 Optimise the distro package installation
2813f42 Updated from global requirements
5342829 Updated from global requirements
04c48b0 Switch to Cryptography over pycrypto
8139c9a Ensure that role tests pin pip/setuptools/wheel
5314dbb Updated from global requirements
93b21c4 Convert old fact format to the new format
559e5a1 Remove {{ in when
64b90c3 Allow the developer constraints to be adjusted
4b6eb7c Revert "Use a custom git checkout in developer mode"
64a01c5 Use command instead of debug for handlers
2a08919 Deprecate rabbit_use_ssl option
359cd83 Add venv_tag local fact
c593873 Use uri module for git sourced configs
d192ebf Updated from global requirements
c0b5e8c Bootstrap Keystone with versionless endpoints
49b1626 Fix for lookup and get_url occuring in different places
2ffe5db Ensure that ansible facts folder exists
05d206f Ensure that policy file has correct group/mode
511d607 Use zuul-cloner for tests repo in OpenStack-CI
16e93ac Rename release note to unique hash
d13e2eb Bypass LB for service setup
fc0ae60 Reduce init restart/kill times
0b11c78 Optimise apt cache update task
4dc9dc2 Standardize test vars
b64ea17 Fix the dead link
43e9c9e Rename reno to avoid conflict on integrated repo
c863134 Use a custom git checkout in developer mode
ffcdaf0 Source template files from git or deploy host
94293c8 Perform an atomic policy file change
cee7a02 Allow the split of install and config
329a781 Ensure the components are isolated from the system
fc214d6 Diagnose common problems with keystone deployments
33e5ca3 Fix double when statements
1b74c30 Fix CentOS pkg for keystone sasl lib.
6e361c7 Revert "Install EPEL for keystone role"
86c42e0 Allow role to run in a serial playbook
15725b7 Ensure the log folder exists
1897a67 Install EPEL for keystone role
b342578 Rebuild credential-key repo during keystone[0] rebuild
19ef4c9 Install python2-pyOpenSSL package on CentOS
eb2354a Updated from global requirements
d2e0001 Conditionally run appropriate db_sync commands
f5adedd Split out Keystone upgrade into it's own script
4253b61 Cap the number of worker threads
aa80b55 Only run token_flush on 1 host
cf72bd0 Update paste, policy and rootwrap configurations 2017-02-13
120172d Updated from global requirements
a65e11e Allow locust benchmarks to use zeromq
1123a9b Add failure condition to upgrade test
d9220c2 Use registered variables for locust commands
9c39427 Reduce number of locust clients
da78b92 Updated from global requirements
509fca6 Remove 3DES from keystone_ssl_cipher_suite
52506b8 Benchmark requests during upgrade testing
d7141ee Work around Trusty CI bindep issue
1e08688 Update upgrade test to use stable/ocata
a4c5811 Implementing stricter permissions on config files
a6ee610 Resolved Keystone Federation bugs
ce733db Install python2 for Ubuntu 16.04 and CentOS 7 in Vagrant
bdf659d Use https instead of http for git.openstack.org
fbd7b20 Update reno for stable/ocata
10204a0 Fix erroneous release note


Diffstat (except docs and test files)
-------------------------------------

.gitignore                                         |   4 +-
.gitreview                                         |   1 +
README.rst                                         |   2 +-
Vagrantfile                                        |  49 ++++-
bindep.txt                                         |  44 ++++-
defaults/main.yml                                  |  71 +++++--
files/sso_callback_template.html                   |  22 ---
handlers/main.yml                                  | 153 ++++++---------
library/keystone_sp                                |   6 +-
meta/main.yml                                      |   7 +-
.../capping_keystone_workers-e284a47fc4dcea38.yaml |   6 +
.../notes/extra-headers-e54a672d3a78dd89.yaml      |  15 ++
.../keystone-endpoints-urls-679748dec6ee6dd7.yaml  |   4 +
...one-init-config-overrides-1857d5e5bc5a905f.yaml |  10 +
.../keystone-nginx-default-e9d91affd646f379.yaml   |  10 +
...one-upstream-config-files-d16f27fc1332ed83.yaml |   9 +
...ystone_init_time_settings-62a1aab4bcfc9779.yaml |  23 +++
...one-zero-downtime-upgrade-5f19ab84183490b9.yaml |   4 +-
...primary-container-rebuild-a2f4d7f33d66c843.yaml |   5 +
.../notes/remove_rpc_backend-187132a35223d295.yaml |   5 +
releasenotes/source/conf.py                        |  11 +-
releasenotes/source/index.rst                      |   1 +
releasenotes/source/ocata.rst                      |   6 +
setup.cfg                                          |   2 +-
setup.py                                           |   2 +-
tasks/keystone_apache.yml                          |  70 +++----
tasks/keystone_cleanup_old_facts.yml               |  34 ++++
tasks/keystone_credential_create.yml               |  61 +++++-
tasks/keystone_db_setup.yml                        |  76 ++++++--
tasks/keystone_federation_sp_setup.yml             |  76 ++++----
tasks/keystone_idp_metadata.yml                    |   5 +-
tasks/keystone_idp_self_signed_create.yml          |   3 +-
tasks/keystone_idp_self_signed_distribute.yml      |   3 +-
tasks/keystone_init_common.yml                     |  24 ---
tasks/keystone_init_systemd.yml                    |  42 +++--
tasks/keystone_install.yml                         | 208 +++++++++------------
tasks/keystone_key_distribute.yml                  |   7 +-
tasks/keystone_ldap_setup.yml                      |  16 +-
tasks/keystone_nginx.yml                           |  21 ++-
tasks/keystone_post_install.yml                    |  54 +++---
tasks/keystone_pre_install.yml                     |  63 ++++---
tasks/keystone_service_setup.yml                   |  74 +++++---
tasks/keystone_ssl_key_create.yml                  |   6 +-
tasks/keystone_ssl_key_distribute.yml              |   6 +
tasks/keystone_ssl_user_provided.yml               |   9 +-
tasks/keystone_token_cleanup.yml                   |   1 +
tasks/keystone_uwsgi.yml                           |  36 +---
tasks/main.yml                                     |  55 +++---
templates/keystone-httpd.conf.j2                   |  27 +--
templates/keystone-paste.ini.j2                    |  97 ----------
templates/keystone-systemd-tempfiles.j2            |   6 +-
templates/keystone-uwsgi_systemd-init.j2           |  21 ++-
templates/keystone.conf.j2                         |   3 +-
templates/keystone_nginx.conf.j2                   |   3 +
templates/policy.json.j2                           | 199 --------------------
test-requirements.txt                              |  11 +-
tox.ini                                            |  40 ++--
vars/main.yml                                      |  49 +++++
vars/redhat-7.yml                                  |  15 +-
vars/suse-42.yml                                   |  93 +++++++++
vars/ubuntu-16.04.yml                              |  19 +-
82 files changed, 1648 insertions(+), 1066 deletions(-)


Requirements updates
--------------------

diff --git a/test-requirements.txt b/test-requirements.txt
index a5433f9..ae8c323 100644
--- a/test-requirements.txt
+++ b/test-requirements.txt
@@ -6 +6 @@ flake8<2.6.0,>=2.5.4 # MIT
-pyasn1 # BSD
+pyasn1!=0.2.3 # BSD
@@ -8 +8 @@ pyOpenSSL>=0.14 # Apache-2.0
-requests!=2.12.2,>=2.10.0 # Apache-2.0
+requests>=2.14.2 # Apache-2.0
@@ -12,3 +12,2 @@ ndg-httpsclient>=0.4.2;python_version<'3.0' # BSD
-sphinx!=1.3b1,<1.4,>=1.2.1 # BSD
-oslosphinx>=4.7.0 # Apache-2.0
-openstackdocstheme>=1.5.0 # Apache-2.0
+sphinx>=1.6.2 # BSD
+openstackdocstheme>=1.16.0 # Apache-2.0
@@ -16 +15 @@ doc8 # Apache-2.0
-reno>=1.8.0 # Apache-2.0
+reno!=2.3.1,>=1.8.0 # Apache-2.0

    

[release-announce] [openstackansible] openstack-ansible-os_keystone 16.0.0 (pike)

no-reply＠openstack.org