We are chuffed to announce the release of: tripleo-common 9.6.0: A common library for TripleO workflows. This release is part of the rocky stable release series. The source is available from: https://opendev.org/openstack/tripleo-common Download the package from: https://tarballs.openstack.org/tripleo-common/ Please report issues through: https://bugs.launchpad.net/tripleo-common/+bugs For more details, please see below. 9.6.0 ^^^^^ New Features ************ * *tripleo-deploy-openshift* script now understands the *--plan* option to run the openshift-ansible playbooks for a deployment named differently than "openshift". * Introduce a *--playbook* option to the *tripleo-deploy-openshift* script in order to be able to run openshift-ansible playbook directly on already deployed servers. Deprecation Notes ***************** * The *--config-download-dir* option to the *tripleo-deploy- openshift* script is deprecated in favor of *--plan*. Security Issues *************** * Fixed a vulnerability where an attacker may cause new Octavia amphorae to run based on any arbitrary image (CVE-2019-3895). Bug Fixes ********* * Ensure [controller_worker]/amp_image_owner_id is set. This configuration option restricts Glance image selection to a specific owner ID. This is a recommended security setting. * Fixes running the baremetal "provide" workflow with node names. Changes in tripleo-common 9.5.0..9.6.0 -------------------------------------- cb2ef256 Remove scenario008 jobs 718a7b17 Handle failed nodes when enabling ssh admin b7da1144 Pass execution_id to tripleo.ansible-playbook. c4c35df0 Add the ability to compute osds number counting lvm devices 375192b1 [CVE-2019-3895] Set image owner id 23371a7a Add passphrase generation for Octavia 4bbd5324 Add new healthchecks for zaqar services b1676eac Remove amp_hw_arch from octavia_post 40fa70be OpenDev Migration Patch d1f1826b scen009 voting on rocky only 74ec63dc Add image_source to containers 5ab3b3de Upgrades: Don't try to publish ansible output in ceph_install 7c4809d3 Fix running the baremetal provide workflow with node names e07dc084 Clean up node registration output. 3658ae99 Option to run osa playbooks from path 4575b64f Pass additional args to tripleo-deploy-openshift as ansible options 201e9793 Add ability to run osa playbooks from tripleo-deploy-openshift 7af813eb Introduce a --plan option to replace --config-download-dir 5ae6367d Don't always validate heat stack when adding parameters ef5bf9de Specify Octavia amphora image hw_architecture property in Glance f965b037 Skip ssh_known_hosts tasks in check mode 7d5ccbe9 Install ipmitool in the mistral_executor image 50c9efc9 Append qemu-img to Mistral executor package list 1e63f067 Stops growth of massive dentry cache growth b897967a Get osa container image from tripleo-common defaults d91f6d99 Add missing queue_name input parameter for listing validations Diffstat (except docs and test files) ------------------------------------- .gitreview | 2 +- container-images/overcloud_containers.yaml | 136 +++++++++++++++++++++ container-images/overcloud_containers.yaml.j2 | 136 +++++++++++++++++++++ .../tripleo_kolla_template_overrides.j2 | 2 +- healthcheck/common.sh | 11 +- healthcheck/zaqar-api | 6 + healthcheck/zaqar-socket | 15 +++ playbooks/octavia-files.yaml | 1 + playbooks/roles/common/defaults/main.yml | 1 + .../octavia-controller-config/tasks/octavia.yml | 12 ++ .../roles/octavia-undercloud/tasks/image_mgmt.yml | 46 ++++++- ...ctavia-set-image-owner-id-adb197d5daae54f1.yaml | 10 ++ .../notes/provide-name-f75b6b61d3d8d693.yaml | 4 + ...eploy-openshift-plan-name-89135e3a68307047.yaml | 10 ++ ...deploy-openshift-playbook-ac8b49a212545c0f.yaml | 6 + roles/tripleo-ssh-known-hosts/tasks/main.yml | 1 + scripts/tripleo-deploy-openshift | 91 +++++++++++--- tripleo_common/actions/parameters.py | 7 +- tripleo_common/constants.py | 1 + tripleo_common/image/kolla_builder.py | 3 + workbooks/access.yaml | 12 +- workbooks/baremetal.yaml | 34 ++---- workbooks/ceph-ansible.yaml | 2 - workbooks/deployment.yaml | 1 + workbooks/derive_params_formulas.yaml | 8 +- workbooks/fernet-key-rotate.yaml | 1 + workbooks/octavia_post.yaml | 2 + workbooks/plan_management.yaml | 4 + workbooks/skydive-ansible.yaml | 1 + workbooks/swift_backup.yaml | 2 + workbooks/swift_ring_rebalance.yaml | 1 + workbooks/validations.yaml | 4 +- zuul.d/layout.yaml | 6 +- 35 files changed, 591 insertions(+), 97 deletions(-)