We are jazzed to announce the release of: kolla-ansible 17.3.0: Ansible Deployment of Kolla containers This release is part of the bobcat release series. The source is available from: https://opendev.org/openstack/kolla-ansible Download the package from: https://tarballs.openstack.org/kolla-ansible/ Please report issues through: https://bugs.launchpad.net/kolla-ansible/+bugs For more details, please see below. 17.3.0 ^^^^^^ Upgrade Notes ************* * If credentials are updated in "passwords.yml" kolla-ansible is now able to update these credentials in the keystone database and in the on disk config files. The changes to "passwords.yml" are applied once "kolla-ansible -i INVENTORY" reconfigure has been run. If you want to revert to the old behavior - credentials not automatically updating during reconfigure if they changed in "passwords.yml" - you can specify this by setting "update_keystone_service_user_passwords: false" in your globals.yml. Notice that passwords are only changed if you change them in "passwords.yml". This mechanism is not a complete solution for automatic credential rollover. No passwords are changed if you do not change them inside "passwords.yml". Bug Fixes ********* * Fixes configuration of nova-compute and nova-compute-ironic, that will enable exposing vendordata over configdrive. LP#2049607 * Fixes mariadb role deployment when using Ansible check mode. LP#2052501 * Updated configuration of service user tokens for all Nova and Cinder services to stop using admin role for service_token and use service role. See LP#[2004555] and LP#[2049762] for more details. * Changes to service user passwords in "passwords.yml" will now be applied when reconfiguring services. This behaviour can reverted by setting "update_keystone_service_user_passwords: false". Fixes LP#2045990 Changes in kolla-ansible 17.2.0..17.3.0 --------------------------------------- c67aee482 Configure missing nova services to expose vendordata over configdrive 2874a4a17 Missing reno for Ic121bf9f90c9865cd4d08890c80247570ef310ae 281e3e912 Add password rotation docs page fc84fa51a Fix gnocchi-metricd when TLS and Swift enabled 847bcd436 cinder: Stop using admin service token 73c3ca99f Fix mariadb role when used with check mode 3fda8eb56 Update keystone service user passwords Diffstat (except docs and test files) ------------------------------------- ansible/group_vars/all.yml | 4 + ansible/roles/cinder/defaults/main.yml | 5 + ansible/roles/cinder/tasks/register.yml | 1 + ansible/roles/cinder/tasks/upgrade.yml | 7 + ansible/roles/cinder/templates/cinder.conf.j2 | 1 - ansible/roles/gnocchi/templates/gnocchi.conf.j2 | 4 + ansible/roles/magnum/tasks/register.yml | 1 + ansible/roles/mariadb/tasks/restart_services.yml | 2 + ansible/roles/nova-cell/tasks/config.yml | 31 +++ .../templates/nova-compute-ironic.json.j2 | 6 + .../roles/nova-cell/templates/nova-compute.json.j2 | 6 + ansible/roles/nova-cell/templates/nova.conf.j2 | 5 + ansible/roles/nova/defaults/main.yml | 5 + ansible/roles/nova/tasks/register.yml | 1 + ansible/roles/nova/tasks/upgrade.yml | 7 + ansible/roles/service-ks-register/tasks/main.yml | 1 + etc/kolla/globals.yml | 3 + .../notes/bug-2049607-fb79ea2960b91bde.yaml | 6 + .../notes/bug-2052501-6dfd9e5443fdc6d1.yaml | 5 + .../cve-2023-2088-followup-5081ecd9817bb14f.yaml | 10 + ...update-keystone-passwords-7507119213391652.yaml | 29 ++ 23 files changed, 435 insertions(+), 1 deletion(-)