We are excited to announce the release of: openstack-ansible 16.0.2: Ansible playbooks for deploying OpenStack This release is part of the pike release series. The source is available from: https://git.openstack.org/cgit/openstack/openstack-ansible Download the package from: https://tarballs.openstack.org/openstack-ansible/ For more details, please see below. 16.0.2 ^^^^^^ Security Issues * The "net.bridge.bridge-nf-call-*" kernel parameters were set to "0" in previous releases to improve performance and it was left up to neutron to adjust these parameters when security groups are applied. This could cause situations where bridge traffic was not sent through iptables and this rendered security groups ineffective. This could allow unexpected ingress and egress traffic within the cloud. These kernel parameters are now set to "1" on all hosts by the "openstack_hosts" role, which ensures that bridge traffic is always sent through iptables. Changes in openstack-ansible 16.0.1..16.0.2 ------------------------------------------- a0af9e0 Disable ceph-ansible NFS gateway by default 448a7a0 Manually bump nova role 190bb85 Update all SHAs for 16.0.1 4bfa6c5 Fix zuul clonemap Diffstat (except docs and test files) ------------------------------------- ansible-role-requirements.yml | 22 ++++---- group_vars/ceph_all.yml | 5 ++ .../defaults/repo_packages/openstack_services.yml | 60 +++++++++++----------- ...ity-groups-always-applied-eb6e3bdc7b77f022.yaml | 13 +++++ 5 files changed, 60 insertions(+), 42 deletions(-)