We are pleased to announce the release of: kolla-ansible 15.6.0: Ansible Deployment of Kolla containers This release is part of the zed stable release series. The source is available from: https://opendev.org/openstack/kolla-ansible Download the package from: https://tarballs.openstack.org/kolla-ansible/ Please report issues through: https://bugs.launchpad.net/kolla-ansible/+bugs For more details, please see below. 15.6.0 ^^^^^^ Upgrade Notes ************* * If credentials are updated in "passwords.yml" kolla-ansible is now able to update these credentials in the keystone database and in the on disk config files. The changes to "passwords.yml" are applied once "kolla-ansible -i INVENTORY" reconfigure has been run. If you want to revert to the old behavior - credentials not automatically updating during reconfigure if they changed in "passwords.yml" - you can specify this by setting "update_keystone_service_user_passwords: false" in your globals.yml. Notice that passwords are only changed if you change them in "passwords.yml". This mechanism is not a complete solution for automatic credential rollover. No passwords are changed if you do not change them inside "passwords.yml". Bug Fixes ********* * Fixes mariadb role deployment when using Ansible check mode. LP#2052501 * Updated configuration of service user tokens for all Nova and Cinder services to stop using admin role for service_token and use service role. See LP#[2004555] and LP#[2049762] for more details. * Add Keystone Service role. Keystone is creating service in bootstrap since Bobcat. Service role is needed for SLURP to work from Antelope. This role is also needed in Antelope and Zed for Cinder for proper service token support. LP#2049762 * Changes to service user passwords in "passwords.yml" will now be applied when reconfiguring services. This behaviour can reverted by setting "update_keystone_service_user_passwords: false". Fixes LP#2045990 Changes in kolla-ansible 15.5.0..15.6.0 --------------------------------------- 50d6c16e1 Missing reno for Ic121bf9f90c9865cd4d08890c80247570ef310ae b78ffc182 Add password rotation docs page 7fb7d4c6c Fix gnocchi-metricd when TLS and Swift enabled 47d97bda7 cinder: Stop using admin service token 9a3f44486 Fix mariadb role when used with check mode ec9a30ca9 Keystone: Add service role 3c3f5a292 Update keystone service user passwords 693161e0b stable-only: Drop upgrade testing Diffstat (except docs and test files) ------------------------------------- ansible/group_vars/all.yml | 4 + ansible/roles/cinder/defaults/main.yml | 5 + ansible/roles/cinder/tasks/register.yml | 1 + ansible/roles/cinder/tasks/upgrade.yml | 7 + ansible/roles/cinder/templates/cinder.conf.j2 | 1 - ansible/roles/gnocchi/templates/gnocchi.conf.j2 | 4 + ansible/roles/keystone/defaults/main.yml | 3 + ansible/roles/keystone/tasks/register.yml | 1 + ansible/roles/keystone/tasks/upgrade.yml | 1 + ansible/roles/magnum/tasks/register.yml | 1 + ansible/roles/mariadb/tasks/restart_services.yml | 2 + ansible/roles/nova/defaults/main.yml | 5 + ansible/roles/nova/tasks/register.yml | 1 + ansible/roles/nova/tasks/upgrade.yml | 7 + ansible/roles/service-ks-register/tasks/main.yml | 1 + etc/kolla/globals.yml | 3 + .../notes/bug-2052501-6dfd9e5443fdc6d1.yaml | 5 + .../cve-2023-2088-followup-5081ecd9817bb14f.yaml | 10 + .../keystone-service-role-bbffc258538b07c1.yaml | 9 + ...update-keystone-passwords-7507119213391652.yaml | 29 ++ zuul.d/jobs.yaml | 117 -------- zuul.d/project.yaml | 17 -- 24 files changed, 395 insertions(+), 135 deletions(-)