We are thrilled to announce the release of: kolla 12.2.0: Kolla OpenStack Deployment This release is part of the wallaby stable release series. The source is available from: https://opendev.org/openstack/kolla Download the package from: https://tarballs.openstack.org/kolla/ Please report issues through: https://bugs.launchpad.net/kolla/+bugs For more details, please see below. 12.2.0 ^^^^^^ New Features ************ * Adds Cyrus SASL packages necessary for the DIGEST-MD5 and SCRAM- SHA-256 mechanisms. These can be used for libvirt SASL authentication. LP#1964013 * Quiet mode (enabled with "--quiet" argument) can be combined with " --logs-dir" option now. Console output will be quiet as expected while building output will be stored in separate log files. Upgrade Notes ************* * The Debian and Ubuntu images use rabbitmq and erlang from cloudsmith now. Operators might want to mirror/proxy this new source as it provides the correct set of packages unlike the previous combination. Security Issues *************** * Adds mitigation for Apache Log4j 2 Remote Code Execution (RCE) vulnerabilities CVE-2021-44228 and CVE-2021-45046 to Apache Storm. Bug Fixes ********* * Fixes an issue with Ironic deployments using UEFI and iPXE, where the default UEFI iPXE bootloader in Ironic was not available in the TFTP server. This affects all Kolla releases on CentOS, and Xena on Debian/Ubuntu. LP#1959203 * Installs "glusterfs-client" in Debian and Ubuntu "manila-share" images to support GlusterFS across supported distributions. LP#1964140 * Latest version of the elasticsearch gem no longer works with older (OSS) versions of Elasticsearch. This is fixed by capping the version of the elasticsearch gem installed into the fluentd container. LP#1954759 * Fixes an issue when older version of Python OpenvSwitch bindings package was used, than the running OpenvSwitch code. LP#1961874 * Fix AArch64 ubuntu ironic-python-agent images UEFI PXE booting failure. Also fix x86_64 lacking of GRUB efi files issue. LP#1879265 * Fixes an issue building images that use a source with a "type" of "git", when using a git that includes the fix for CVE-2022-24765 (2.35.2 or later). By default, this includes the "gnocchi-base" image, but may include other images with a non-default configuration. LP#837710 * Fixes disabling the use of the "curlrc" configuration file in "healthcheck_curl". LP#1967272 * Fixes an issue seen when using Jinja2 3.1.0. * Fixes an issue with missing Magnum Keystone auth default policy. LP#1957159 * Fixes the Debian and Ubuntu images to use rabbitmq and erlang from cloudsmith so that the images are still buildable and use proper versions. * Fixes set_configs.py configuring same permission for directories and files, causing directories lacking execute permission if not set for files. Changes in kolla 12.1.0..12.2.0 ------------------------------- b0517b356 Fix Ubuntu image builds 8ffdee926 Fix local sources of git repositories 444bdffcc masakari: add Cyrus SASL packages to monitors image cfc365520 cloudkitty: disable building for ubuntu/binary 42c79cdd4 enable logging to file for quiet mode 43dce2cf0 Revert "CI: add templated Dockerfiles to build logs" 7fb3ecb18 Fix image builds with sources using a type=git 5943f32af Emit log when copying file/directory permissions 6a39d8e3d elasticsearch: install Java first on CentOS too 30fbbadd5 Restore use of contextfunction decorator d8708b713 cloudkitty-api: make sure that we install packages f3a066673 Fix disabling of curlrc in healthcheck_curl 4ac3ae718 macros/pip: revert to old setuptools way 41b43807b Use jinja2.pass_context instead of contextfilter cbd2bc7e1 libvirt: add Cyrus SASL packages for DIGEST-MD5 d1cd4e91a Install glusterfs-client in Debuntu a3fab9d6a Add qemu-img also in nova-libvirt image 76d2e589d [CI] Test Ironic on Debian b3e2bcdc2 Use python3-openvswitch from distro 4c893661f CI: Drop Ceph stream override 94cecf86e Ensure set_configs sets execute bit on directories 50b1f117a erlang: use packages from Erlang Solutions on AArch64 a29648baf collectd: pcie-errors is x86-64 only now 7f38bce81 base: Drop usage of Ceph Nautilus from RDO 1ac4662c1 ironic: Fix UEFI & iPXE bootloader filenames 3bbc5b329 Unpin td-agent and cap elasticsearch gem f439afa42 Remove missing collectd packages 67e4f50bf Use distro provided GRUB efi 5ba4fb275 openstack-base: drop anyjson 4835d402f Mitigate two Log4j vulnerabilities in Apache Storm 59adcfd80 magnum: fix issue with keystone auth default policy 320fcbdce Fix variable name Diffstat (except docs and test files) ------------------------------------- .zuul.d/base.yaml | 1 - .zuul.d/debian.yaml | 2 + kolla/common/utils.py | 34 ++++++++----- kolla/image/build.py | 16 +++++- kolla/template/filters.py | 9 +++- kolla/template/methods.py | 8 ++- kolla/template/repos.yaml | 21 ++++---- .../notes/bug-1959203-1bb695e052248d78.yaml | 8 +++ .../notes/bug-1964140-57b433329bab067e.yaml | 6 +++ ...cap-fluentd-elasticsearch-18c0ca8e90c1234c.yaml | 7 +++ .../notes/distro-python-ovs-df705d1e59f16cde.yaml | 6 +++ ...n-agent-pxe-booting-issue-95adaf9249207d5b.yaml | 6 +++ .../git-security-fix-fix-ea56c0071585237d.yaml | 9 ++++ ...check-curl-disable-curlrc-0f85aad47379e2a5.yaml | 5 ++ .../jinja2-pass-context-3f3febcd944e3a51.yaml | 4 ++ .../notes/libvirt-sasl-07a8a1a25d2450c6.yaml | 6 +++ ...stone-auth-default-policy-e16f7bb558aa4b14.yaml | 5 ++ .../quiet-mode-with-logs-0abafc07923945ac.yaml | 6 +++ ...abbitmq-erlang-cloudsmith-c837bf4a450dd802.yaml | 10 ++++ ...ectory-execute-permission-8ab919b7b17025d2.yaml | 5 ++ ...-vulnerability-mitigation-6746a8a0bb329485.yaml | 5 ++ 46 files changed, 308 insertions(+), 122 deletions(-)