We are satisfied to announce the release of: kolla-ansible 17.5.0: Ansible Deployment of Kolla containers This release is part of the bobcat release series. The source is available from: https://opendev.org/openstack/kolla-ansible Download the package from: https://tarballs.openstack.org/kolla-ansible/ Please report issues through: https://bugs.launchpad.net/kolla-ansible/+bugs For more details, please see below. 17.5.0 ^^^^^^ New Features ************ * Modifies public API firewalld rules to be applied immediately to a running firewalld service. This requires firewalld to be running, but avoids reloading firewalld, which is disruptive due to the way in which firewalld builds its firewall chains. Bug Fixes ********* * Fixes an deploy opensearch with enable TLS on the internal VIP. * Fixes handling of openvswitch on "manila-share" nodes. LP#1993285 * Fixes behaviour of Change Password screen in Horizon until bug #2073639 is resolved. LP#2073159 * Fixes the Python requests library issue when using custom CA by adding the REQUESTS_CA environment variable to the kolla-toolbox container. See LP#1967132 * Fixes configuration of CloudKitty when internal TLS is enabled. LP#1998831 * Fixes the detection of the Nova Compute Ironic service when a custom *host* option is set in the service config file. See LP#2056571 * Removes the default */tmp/* mountpoint from the horizon container. This change is made to harden the container and prevent potential security issues. For more information, see the Bug Report: LP#2068126. * Fixes an issue where OVN northbound or southbound database deployment could fail when a new leader is elected. LP#2059124 Changes in kolla-ansible 17.4.0..17.5.0 --------------------------------------- 127db7678 Apply public firewalld rules immediately 5b076458a Add REQUESTS_CA_BUNDLE to kolla-toolbox container b0bb8bc56 hardening horizon: don't mount hosts /tmp 1517c547c Fix issue with Swift Recon middleware 2f1984f91 Fix post-config of OVS for manila-share servers 5eda8fd79 Work around OVN DB leader election race condition d5d3ae3a0 Restart OVS container after hw-offload change d2d846f6f Add /v3 suffix to OPENSTACK_KEYSTONE_URL cfa27ee1d fix flake8 error in database_shards.py 79532d598 Support custom Nova Compute Ironic host names d7ef05780 Support CloudKitty deployment with internal TLS 0594a284c Add ca_path for module uri in opensearch role Diffstat (except docs and test files) ------------------------------------- ansible/roles/cloudkitty/defaults/main.yml | 8 ++-- ansible/roles/cloudkitty/tasks/bootstrap.yml | 3 ++ ansible/roles/common/defaults/main.yml | 1 + ansible/roles/haproxy-config/tasks/main.yml | 7 ++-- ansible/roles/horizon/defaults/main.yml | 1 - ansible/roles/horizon/templates/local_settings.j2 | 3 +- ansible/roles/loadbalancer/handlers/main.yml | 6 --- .../nova-cell/tasks/wait_discover_computes.yml | 2 +- ansible/roles/nova-cell/templates/nova.conf.j2 | 2 +- ansible/roles/opensearch/handlers/main.yml | 2 + ansible/roles/opensearch/tasks/post-config.yml | 4 ++ ansible/roles/openvswitch/tasks/post-config.yml | 4 ++ ansible/roles/ovn-db/defaults/main.yml | 2 + ansible/roles/ovn-db/tasks/bootstrap-db.yml | 10 +++++ ansible/roles/swift/tasks/start.yml | 2 + kolla_ansible/database_shards.py | 4 +- .../notes/add-opensearch-uri-68a657c55ce9c9f1.yaml | 4 ++ .../notes/bug-1993285-127fe764e461465a.yaml | 5 +++ .../notes/bug-2073159-c54c773c72c8fb11.yaml | 6 +++ .../notes/bug-923105-d451a78930973a82.yaml | 7 ++++ .../cloudkitty-internal-tls-c3e18be2a9f95c5d.yaml | 5 +++ .../firewalld-immediate-c2abf09977c455a9.yaml | 7 ++++ ...ompute-ironic-host-option-a7a3f6ae095f5201.yaml | 6 +++ .../harden_horizon_tmp_usage-0d690e49645b99a8.yaml | 6 +++ ...round-ovn-leader-election-f7f75e93e9300d96.yaml | 6 +++ 26 files changed, 136 insertions(+), 20 deletions(-)