We are gleeful to announce the release of: tripleo-common 10.8.0: A common library for TripleO workflows. This release is part of the stein stable release series. The source is available from: https://opendev.org/openstack/tripleo-common Download the package from: https://tarballs.openstack.org/tripleo-common/ Please report issues through: https://bugs.launchpad.net/tripleo-common/+bugs For more details, please see below. 10.8.0 ^^^^^^ Security Issues *************** * Fixed a vulnerability where an attacker may cause new Octavia amphorae to run based on any arbitrary image (CVE-2019-3895). Bug Fixes ********* * Fixed an issue were amphora load balancers would fail to create. The problem was because Octavia certificate files were being created in a wrong path and with invalid content. * Ensure [controller_worker]/amp_image_owner_id is set. This configuration option restricts Glance image selection to a specific owner ID. This is a recommended security setting. Changes in tripleo-common 10.7.0..10.8.0 ---------------------------------------- f48331f3 Fix tripleo-upgrade-hiera key deleting 783a6924 remove plotnetcfg from overcloud image yaml 6763c998 Overcloud-full image templates for RHEL8 f08c6058 Update the Undercloud Services list in the inventory. 5cdd4692 Increase timeout of temp swift URLs from 1 to 4 hours c258f87e Remove scenario008 jobs 277902e6 Fix bare variable usage in ansible 571422a1 Add the ability to compute osds number counting lvm devices 728e59ed [CVE-2019-3895] Set image owner id c93be003 Adds redfish support to 'overcloud generate fencing'. 71c099f2 Fix Octavia certificate file path and content f38d89e7 fix 404 when requesting empty tripleo container image catalog af719c4c Fix validations_inputs temporary file name 93314d98 [Stein-Only] Switch container images to stein namespace 4ed86885 Add task to read remote pub key a9e05d47 Make get_enabled_services() more robust fac2c32d bootstrap: install network-scripts if EL8 6f55c891 Use oslo_rootwrap subprocess module in order to gain proper eventlet awareness 59738bd5 Use 'DEFAULT_VALIDATIONS_BASEDIR' variable from constants.py 27a4322b Fix chown command in write_inputs_file function 787ec853 Add new healthchecks for zaqar services 5de8867b tripleo-bootstrap: only enable network, not starting. 24c55464 tripleo-bootstrap: ensure network service is enabled & started 83d05ffc Update default Ceph container image to use to the Nautilus version f19863f3 docker-rm: check if rpm dependency is actually installed 992749c6 Check for file existance in file modification check 83526f8a OpenDev Migration Patch b90b0e61 Update UPPER_CONSTRAINTS_FILE for stable/stein 0917a3e6 Update .gitreview for stable/stein Diffstat (except docs and test files) ------------------------------------- .gitreview | 3 +- .../container_image_prepare_defaults.yaml | 4 +- container-images/overcloud_containers.yaml | 210 ++++++++++----------- .../tripleo_kolla_template_overrides.j2 | 4 +- healthcheck/common.sh | 5 + healthcheck/zaqar-api | 6 + healthcheck/zaqar-socket | 15 ++ image-yaml/overcloud-hardened-images-uefi.yaml | 1 - image-yaml/overcloud-hardened-images.yaml | 1 - image-yaml/overcloud-images-python3.yaml | 9 +- image-yaml/overcloud-images-rhel8.yaml | 19 ++ image-yaml/overcloud-images.yaml | 1 - image-yaml/overcloud-realtime-compute.yaml | 1 - lower-constraints.txt | 1 + playbooks/octavia-files.yaml | 1 + .../tasks/certificate.yml | 8 +- .../octavia-controller-config/tasks/octavia.yml | 12 ++ .../roles/octavia-undercloud/tasks/image_mgmt.yml | 45 ++++- ...ificates-path-and-content-e8acf1e859e75135.yaml | 6 + ...ctavia-set-image-owner-id-adb197d5daae54f1.yaml | 10 + requirements.txt | 1 + roles/tripleo-bootstrap/tasks/main.yml | 23 +++ roles/tripleo-create-admin/tasks/create_user.yml | 7 +- roles/tripleo-docker-rm/tasks/main.yaml | 13 +- roles/tripleo-upgrade-hiera/tasks/remove.yml | 12 +- sudoers | 1 - tox.ini | 2 +- tripleo_common/actions/ansible.py | 26 +-- tripleo_common/actions/parameters.py | 14 +- tripleo_common/image/image_uploader.py | 11 +- tripleo_common/image/kolla_builder.py | 6 + tripleo_common/inventory.py | 6 +- tripleo_common/templates/deployments.yaml | 20 +- tripleo_common/utils/validations.py | 7 +- workbooks/deployment.yaml | 2 +- workbooks/derive_params_formulas.yaml | 8 +- zuul.d/layout.yaml | 5 - 42 files changed, 500 insertions(+), 263 deletions(-) Requirements updates -------------------- diff --git a/requirements.txt b/requirements.txt index c304a4be..51b6b604 100644 --- a/requirements.txt +++ b/requirements.txt @@ -11,0 +12 @@ oslo.log>=3.36.0 # Apache-2.0 +oslo.rootwrap>=5.8.0 # Apache-2.0