We are gleeful to announce the release of: kolla 13.1.0: Kolla OpenStack Deployment This release is part of the xena stable release series. The source is available from: https://opendev.org/openstack/kolla Download the package from: https://tarballs.openstack.org/kolla/ Please report issues through: https://bugs.launchpad.net/kolla/+bugs For more details, please see below. 13.1.0 ^^^^^^ New Features ************ * Added a container image for Prometheus libvirt exporter, to be used for monitoring deployments which provide VMs with libvirt. * Adds Cyrus SASL packages necessary for the DIGEST-MD5 and SCRAM- SHA-256 mechanisms. These can be used for libvirt SASL authentication. LP#1964013 * Quiet mode (enabled with "--quiet" argument) can be combined with " --logs-dir" option now. Console output will be quiet as expected while building output will be stored in separate log files. Upgrade Notes ************* * The Debian and Ubuntu images use rabbitmq and erlang from cloudsmith now. Operators might want to mirror/proxy this new source as it provides the correct set of packages unlike the previous combination. Security Issues *************** * Adds mitigation for Apache Log4j 2 Remote Code Execution (RCE) vulnerabilities CVE-2021-44228 and CVE-2021-45046 to Apache Storm. Bug Fixes ********* * Fixes an issue with Ironic deployments using UEFI and iPXE, where the default UEFI iPXE bootloader in Ironic was not available in the TFTP server. This affects all Kolla releases on CentOS, and Xena on Debian/Ubuntu. LP#1959203 * Installs "glusterfs-client" in Debian and Ubuntu "manila-share" images to support GlusterFS across supported distributions. LP#1964140 * Latest version of the elasticsearch gem no longer works with older (OSS) versions of Elasticsearch. This is fixed by capping the version of the elasticsearch gem installed into the fluentd container. LP#1954759 * Fixes an issue when older version of Python OpenvSwitch bindings package was used, than the running OpenvSwitch code. LP#1961874 * Fix AArch64 ubuntu ironic-python-agent images UEFI PXE booting failure. Also fix x86_64 lacking of GRUB efi files issue. LP#1879265 * Fixes an issue building images that use a source with a "type" of "git", when using a git that includes the fix for CVE-2022-24765 (2.35.2 or later). By default, this includes the "gnocchi-base" image, but may include other images with a non-default configuration. LP#837710 * Fixes disabling the use of the "curlrc" configuration file in "healthcheck_curl". LP#1967272 * Fixes an issue seen when using Jinja2 3.1.0. * Fixes an issue with missing Magnum Keystone auth default policy. LP#1957159 * Fixes the Debian and Ubuntu images to use rabbitmq and erlang from cloudsmith so that the images are still buildable and use proper versions. * Fixes set_configs.py configuring same permission for directories and files, causing directories lacking execute permission if not set for files. Changes in kolla 13.0.1..13.1.0 ------------------------------- 6298c0e07 Fix Ubuntu image builds 6a6fce5bf [bifrost] Force Bifrost to use the correct u-c 0e54080e6 Fix local sources of git repositories 0009ffb7e masakari: add Cyrus SASL packages to monitors image cfd0fb0f2 cloudkitty: disable building for ubuntu/binary 52375aeea prometheus-libvirt-exporter: fix build with newer Go 6e3381b0e enable logging to file for quiet mode 164cda1c4 Revert "CI: add templated Dockerfiles to build logs" 6b88dc0f0 Fix image builds with sources using a type=git cd58db65e Emit log when copying file/directory permissions 531dd4444 elasticsearch: install Java first on CentOS too 58f83d7ea cloudkitty-api: make sure that we install packages 5197793d9 Fix disabling of curlrc in healthcheck_curl 8c29f15ca macros/pip: revert to old setuptools way 3a6a17970 Use jinja2.pass_context instead of contextfilter 292e78312 libvirt: add Cyrus SASL packages for DIGEST-MD5 c80522274 Install glusterfs-client in Debuntu aa6286efe [CI] Test Ironic on Debian 2b605d3b9 Add Prometheus libvirt exporter image bc2544b8e pin out some package from Debian OpenStack Team repos 6760c2a98 Use python3-openvswitch from distro 2b6785dfd [CI] Add K-A Octavia jobs to the experimental pipeline df5115822 Add qemu-img also in nova-libvirt image b77912895 Ensure set_configs sets execute bit on directories b38582b48 erlang: use packages from Erlang Solutions on AArch64 47aac3c69 collectd: pcie-errors is x86-64 only now af092df6a ironic: Fix UEFI & iPXE bootloader filenames 5c6eb1739 Unpin td-agent and cap elasticsearch gem c6a972e5d Remove missing collectd packages 2171f0a7b Use distro provided GRUB efi fdd9506de Mitigate two Log4j vulnerabilities in Apache Storm 9f5755fe4 magnum: fix issue with keystone auth default policy c8d370943 Fix variable name Diffstat (except docs and test files) ------------------------------------- .zuul.d/base.yaml | 1 - .zuul.d/centos.yaml | 2 + .zuul.d/debian.yaml | 2 + .zuul.d/ubuntu.yaml | 2 + .../prometheus-libvirt-exporter/Dockerfile.j2 | 47 ++++++++++++++++++ kolla/common/utils.py | 34 ++++++++----- kolla/image/build.py | 16 +++++- kolla/template/filters.py | 9 +++- kolla/template/methods.py | 8 ++- kolla/template/repos.yaml | 24 +++++---- ...ometheus-libvirt-exporter-8d505dc8b74f8625.yaml | 4 ++ .../notes/bug-1959203-1bb695e052248d78.yaml | 8 +++ .../notes/bug-1964140-57b433329bab067e.yaml | 6 +++ ...cap-fluentd-elasticsearch-18c0ca8e90c1234c.yaml | 7 +++ .../notes/distro-python-ovs-df705d1e59f16cde.yaml | 6 +++ ...n-agent-pxe-booting-issue-95adaf9249207d5b.yaml | 6 +++ .../git-security-fix-fix-ea56c0071585237d.yaml | 9 ++++ ...check-curl-disable-curlrc-0f85aad47379e2a5.yaml | 5 ++ .../jinja2-pass-context-3f3febcd944e3a51.yaml | 4 ++ .../notes/libvirt-sasl-07a8a1a25d2450c6.yaml | 6 +++ ...stone-auth-default-policy-e16f7bb558aa4b14.yaml | 5 ++ .../quiet-mode-with-logs-0abafc07923945ac.yaml | 6 +++ ...abbitmq-erlang-cloudsmith-c837bf4a450dd802.yaml | 10 ++++ ...ectory-execute-permission-8ab919b7b17025d2.yaml | 5 ++ ...-vulnerability-mitigation-6746a8a0bb329485.yaml | 5 ++ 51 files changed, 360 insertions(+), 115 deletions(-)