We exuberantly announce the release of: openstack-ansible 15.1.10: Ansible playbooks for deploying OpenStack This release is part of the ocata release series. The source is available from: http://git.openstack.org/cgit/openstack/openstack-ansible Download the package from: https://tarballs.openstack.org/openstack-ansible/ For more details, please see below. 15.1.10 ^^^^^^^ New Features ************ * Extra headers can be added to Keystone responses by adding items to "keystone_extra_headers". Example: keystone_extra_headers: - parameter: "Access-Control-Expose-Headers" value: "X-Subject-Token" - parameter: "Access-Control-Allow-Headers" value: "Content-Type, X-Auth-Token" - parameter: "Access-Control-Allow-Origin" value: "*" * The default ulimit for RabbitMQ is now 65536. Deployers can still adjust this limit using the "rabbitmq_ulimit" Ansible variable. Security Issues *************** * The "net.bridge.bridge-nf-call-*" kernel parameters were set to "0" in previous releases to improve performance and it was left up to neutron to adjust these parameters when security groups are applied. This could cause situations where bridge traffic was not sent through iptables and this rendered security groups ineffective. This could allow unexpected ingress and egress traffic within the cloud. These kernel parameters are now set to "1" on all hosts by the "openstack_hosts" role, which ensures that bridge traffic is always sent through iptables. Bug Fixes ********* * The sysctl configuration task was not skipping configurations where "enabled" was set to "no". Instead, it was removing configurations when "enabled: no" was set. There is now a fix in place that ensures any sysctl configuration with "enabled: no" will be skipped and the configuration will be left unaltered on the system. Changes in openstack-ansible 15.1.9..15.1.10 -------------------------------------------- 8a0b84a Update all SHAs for 15.1.10 7954dc4 Fix Aodh's health checks (ocata backport) Diffstat (except docs and test files) ------------------------------------- ansible-role-requirements.yml | 60 +++++++++++----------- .../defaults/repo_packages/openstack_services.yml | 60 +++++++++++----------- playbooks/inventory/group_vars/all.yml | 2 +- playbooks/vars/configs/haproxy_config.yml | 2 - ...ity-groups-always-applied-eb6e3bdc7b77f022.yaml | 13 +++++ .../notes/extra-headers-e54a672d3a78dd89.yaml | 15 ++++++ ...skip-sysctl-when-disabled-b32eca48df5b1437.yaml | 10 ++++ .../ulimit-increased-65536-50b418d8e8ca4eef.yaml | 5 ++ 8 files changed, 104 insertions(+), 63 deletions(-)