We are jazzed to announce the release of: kolla-ansible 16.5.0: Ansible Deployment of Kolla containers This release is part of the antelope release series. The source is available from: https://opendev.org/openstack/kolla-ansible Download the package from: https://tarballs.openstack.org/kolla-ansible/ Please report issues through: https://bugs.launchpad.net/kolla-ansible/+bugs For more details, please see below. 16.5.0 ^^^^^^ Upgrade Notes ************* * If credentials are updated in "passwords.yml" kolla-ansible is now able to update these credentials in the keystone database and in the on disk config files. The changes to "passwords.yml" are applied once "kolla-ansible -i INVENTORY" reconfigure has been run. If you want to revert to the old behavior - credentials not automatically updating during reconfigure if they changed in "passwords.yml" - you can specify this by setting "update_keystone_service_user_passwords: false" in your globals.yml. Notice that passwords are only changed if you change them in "passwords.yml". This mechanism is not a complete solution for automatic credential rollover. No passwords are changed if you do not change them inside "passwords.yml". Bug Fixes ********* * Fixes mariadb role deployment when using Ansible check mode. LP#2052501 * Updated configuration of service user tokens for all Nova and Cinder services to stop using admin role for service_token and use service role. See LP#[2004555] and LP#[2049762] for more details. * Add Keystone Service role. Keystone is creating service in bootstrap since Bobcat. Service role is needed for SLURP to work from Antelope. This role is also needed in Antelope and Zed for Cinder for proper service token support. LP#2049762 * Changes to service user passwords in "passwords.yml" will now be applied when reconfiguring services. This behaviour can reverted by setting "update_keystone_service_user_passwords: false". Fixes LP#2045990 Changes in kolla-ansible 16.4.0..16.5.0 --------------------------------------- 2cabbcc21 Missing reno for Ic121bf9f90c9865cd4d08890c80247570ef310ae 5f73b58b0 Add password rotation docs page 1a15012d4 Fix gnocchi-metricd when TLS and Swift enabled ffcf271f5 cinder: Stop using admin service token 8f5f3867c Fix mariadb role when used with check mode 01c359665 Keystone: Add service role 07fad991d Update keystone service user passwords 003555445 Revert "CI: retry smoke tests and instance creation" Diffstat (except docs and test files) ------------------------------------- ansible/group_vars/all.yml | 4 + ansible/roles/cinder/defaults/main.yml | 5 + ansible/roles/cinder/tasks/register.yml | 1 + ansible/roles/cinder/tasks/upgrade.yml | 7 + ansible/roles/cinder/templates/cinder.conf.j2 | 1 - ansible/roles/gnocchi/templates/gnocchi.conf.j2 | 4 + ansible/roles/keystone/defaults/main.yml | 3 + ansible/roles/keystone/tasks/register.yml | 1 + ansible/roles/keystone/tasks/upgrade.yml | 1 + ansible/roles/magnum/tasks/register.yml | 1 + ansible/roles/mariadb/tasks/restart_services.yml | 2 + ansible/roles/nova/defaults/main.yml | 5 + ansible/roles/nova/tasks/register.yml | 1 + ansible/roles/nova/tasks/upgrade.yml | 7 + ansible/roles/service-ks-register/tasks/main.yml | 1 + etc/kolla/globals.yml | 3 + .../notes/bug-2052501-6dfd9e5443fdc6d1.yaml | 5 + .../cve-2023-2088-followup-5081ecd9817bb14f.yaml | 10 + .../keystone-service-role-bbffc258538b07c1.yaml | 9 + ...update-keystone-passwords-7507119213391652.yaml | 29 ++ 23 files changed, 406 insertions(+), 65 deletions(-)