diff --git a/ansible-role-requirements.yml b/ansible-role-requirements.yml index 98198a707b..aee9864291 100644 --- a/ansible-role-requirements.yml +++ b/ansible-role-requirements.yml @@ -1,196 +1,196 @@ - name: ansible-hardening scm: git src: https://git.openstack.org/openstack/ansible-hardening - version: master + version: 0635fb840aafc914f2ffdfedc4548dc1abb37c7a - name: apt_package_pinning scm: git src: https://git.openstack.org/openstack/openstack-ansible-apt_package_pinning - version: master + version: af87185d6d9a2ed066db85a9e6e2bec4d047089b - name: pip_install scm: git src: https://git.openstack.org/openstack/openstack-ansible-pip_install - version: master + version: faf690dffb820104c9ad707fe11ca646b7b78098 - name: galera_client scm: git src: https://git.openstack.org/openstack/openstack-ansible-galera_client - version: master + version: ccafe5e816694907869c6591b5121fc59074934c - name: galera_server scm: git src: https://git.openstack.org/openstack/openstack-ansible-galera_server - version: master + version: dfb3d59dfb87eedb84a3e7b0bafb3764dd8a2cfa - name: ceph_client scm: git src: https://git.openstack.org/openstack/openstack-ansible-ceph_client - version: master + version: ab68c5e925e086c91b1ad4064cb406cc736bdb23 - name: haproxy_server scm: git src: https://git.openstack.org/openstack/openstack-ansible-haproxy_server - version: master + version: 212e9bd262ee8fb9c635597516d56879ac817c7c - name: keepalived scm: git src: https://github.com/evrardjp/ansible-keepalived - version: master + version: 2b4a1f36c29b06b832bc4e6d112ca5559a98fd4a - name: lxc_container_create scm: git src: https://git.openstack.org/openstack/openstack-ansible-lxc_container_create - version: master + version: 87353ebc316286b1f883124c45860a021e518889 - name: lxc_hosts scm: git src: https://git.openstack.org/openstack/openstack-ansible-lxc_hosts - version: master + version: 0c6d6c89acda8db63d93e6514359a03e782089aa - name: memcached_server scm: git src: https://git.openstack.org/openstack/openstack-ansible-memcached_server - version: master + version: 0e526d63e68c9318dbe249ffcb355672c401268a - name: openstack_hosts scm: git src: https://git.openstack.org/openstack/openstack-ansible-openstack_hosts - version: master + version: 3e64936b228593d3dd59bf3b3203023b4c6e554c - name: os_keystone scm: git src: https://git.openstack.org/openstack/openstack-ansible-os_keystone - version: master + version: 17f702aa093579e61b482c7496e2a1f056819483 - name: openstack_openrc scm: git src: https://git.openstack.org/openstack/openstack-ansible-openstack_openrc - version: master + version: 735e066ba19caebb9299aaab163f5082d2b04bd4 - name: os_aodh scm: git src: https://git.openstack.org/openstack/openstack-ansible-os_aodh - version: master + version: 492ff856886ab096329dee337728e7c88482e9f9 - name: os_barbican scm: git src: https://git.openstack.org/openstack/openstack-ansible-os_barbican - version: master + version: bb2b7264292e7a957c66b95ac412a94c0d8e407d - name: os_ceilometer scm: git src: https://git.openstack.org/openstack/openstack-ansible-os_ceilometer - version: master + version: 0b88342fa352f2bc048104f66c9476f465d1d23d - name: os_cinder scm: git src: https://git.openstack.org/openstack/openstack-ansible-os_cinder - version: master + version: 782c27cf60aa57cc2168ca51b6a8a7f2b43acfc6 - name: os_designate scm: git src: https://git.openstack.org/openstack/openstack-ansible-os_designate - version: master + version: e9c1d198a4dcb645f7c1f3cff22e98dab180315a - name: os_glance scm: git src: https://git.openstack.org/openstack/openstack-ansible-os_glance - version: master + version: 6c5c8d3d915f506a60b89251bd5caaba3b383ef0 - name: os_gnocchi scm: git src: https://git.openstack.org/openstack/openstack-ansible-os_gnocchi - version: master + version: 4891d9bdfb4569f3097373f2fb2e677795663a52 - name: os_heat scm: git src: https://git.openstack.org/openstack/openstack-ansible-os_heat - version: master + version: dda5325225213c095c7c5697f30df8c41bcd9d4e - name: os_horizon scm: git src: https://git.openstack.org/openstack/openstack-ansible-os_horizon - version: master + version: ec13e3b9e0c46616812c9278ddd606fdd3082682 - name: os_ironic scm: git src: https://git.openstack.org/openstack/openstack-ansible-os_ironic - version: master + version: 5b7f9f342f2346aa38f69204936d0d428800afed - name: os_magnum scm: git src: https://git.openstack.org/openstack/openstack-ansible-os_magnum - version: master + version: 1d55c75816b7eed495806e1793cbe130804af8fc - name: os_molteniron scm: git src: https://git.openstack.org/openstack/openstack-ansible-os_molteniron - version: master + version: 07c6cdc462a56e6c76e5071414d35da3878aa14f - name: os_neutron scm: git src: https://git.openstack.org/openstack/openstack-ansible-os_neutron - version: master + version: 2f6066c0786aefda9d61d06d8810e39eaac8f0b9 - name: os_nova scm: git src: https://git.openstack.org/openstack/openstack-ansible-os_nova - version: master + version: d0154df0818cb1b97537e1d65409818959a021d4 - name: os_octavia scm: git src: https://git.openstack.org/openstack/openstack-ansible-os_octavia - version: master + version: 23ad1f1828c5ab1737cbaf48cd4b4a83f67a45d4 - name: os_rally scm: git src: https://git.openstack.org/openstack/openstack-ansible-os_rally - version: master + version: 6c4e344def546adf76545d741a6ef24e5cbf7daa - name: os_sahara scm: git src: https://git.openstack.org/openstack/openstack-ansible-os_sahara - version: master + version: 06c328e1872cdce959bfa1e5c6cedf3c4cde65a6 - name: os_swift scm: git src: https://git.openstack.org/openstack/openstack-ansible-os_swift - version: master + version: 37eb776041ad324a01bc673da0eb7894566f419d - name: os_tacker scm: git src: https://git.openstack.org/openstack/openstack-ansible-os_tacker - version: master + version: 68305ee8e03885967c95520614e50ba84176f5c1 - name: os_tempest scm: git src: https://git.openstack.org/openstack/openstack-ansible-os_tempest - version: master + version: 48d9b6d46965462aa01ef353ca06ffdbc5b55c33 - name: os_trove scm: git src: https://git.openstack.org/openstack/openstack-ansible-os_trove - version: master + version: a63122f8fdffdf19719788911999fdb0e3b13fa5 - name: plugins scm: git src: https://git.openstack.org/openstack/openstack-ansible-plugins - version: master + version: a9ee4932cb30522549db4866148ef066e2e2ab7d - name: rabbitmq_server scm: git src: https://git.openstack.org/openstack/openstack-ansible-rabbitmq_server - version: master + version: 52f3b38b630b54eb45e81a8f0b5348f72ffa967d - name: repo_build scm: git src: https://git.openstack.org/openstack/openstack-ansible-repo_build - version: master + version: 1948d899a5c76143cf24c1a8ae162906a8e1faf1 - name: repo_server scm: git src: https://git.openstack.org/openstack/openstack-ansible-repo_server - version: master + version: 0a3b993bf18f82fdf6199769302d971d917a8595 - name: rsyslog_client scm: git src: https://git.openstack.org/openstack/openstack-ansible-rsyslog_client - version: master + version: 6576a296328c7c2eeeec360978133913d81fb647 - name: rsyslog_server scm: git src: https://git.openstack.org/openstack/openstack-ansible-rsyslog_server - version: master + version: 3e1db84f1a9be6473bfbb8f80495f747b406e8ef - name: sshd scm: git src: https://github.com/willshersystems/ansible-sshd - version: master + version: 537b9b2bc2fd7f23301222098344727f8161993c - name: bird scm: git src: https://github.com/logan2211/ansible-bird - version: master + version: 21d7d8de5af9e73c0853d3434a4b3d3f8dd39a70 - name: etcd scm: git src: https://github.com/logan2211/ansible-etcd - version: master + version: 3933355dfe51477822db517d3c07ad561fb61318 - name: unbound scm: git src: https://github.com/logan2211/ansible-unbound - version: master + version: 7be67d6b60718896f0c17a7d4a14b912f72a59ae - name: resolvconf scm: git src: https://github.com/logan2211/ansible-resolvconf - version: master + version: d48dd3eea22094b6ecc6aa6ea07279c8e68e28b5 - name: ceph-ansible scm: git src: https://github.com/ceph/ceph-ansible - version: master + version: 0be60456ce98d11ca6acf73d7f7a76c4f9dc5309 - name: opendaylight scm: git src: https://github.com/opendaylight/integration-packaging-ansible-opendaylight - version: master + version: 4aabce0605ef0f51eef4d6564cc7d779630706c5 - name: haproxy_endpoints scm: git src: https://github.com/logan2211/ansible-haproxy-endpoints - version: master + version: 49901861b16b8afaa9bccdbc649ac956610ff22b diff --git a/global-requirement-pins.txt b/global-requirement-pins.txt index 78e23633f0..fd401854c2 100644 --- a/global-requirement-pins.txt +++ b/global-requirement-pins.txt @@ -10,5 +10,5 @@ ### These pins are updated through the sources-branch-updater script ### ### pip==9.0.1 -setuptools==38.2.4 +setuptools==38.5.1 wheel==0.30.0 diff --git a/inventory/group_vars/all/all.yml b/inventory/group_vars/all/all.yml index d598b1af3e..67a8772614 100644 --- a/inventory/group_vars/all/all.yml +++ b/inventory/group_vars/all/all.yml @@ -14,7 +14,7 @@ # limitations under the License. ## OpenStack Source Code Release -openstack_release: master +openstack_release: 17.0.0 ## Verbosity Options debug: False diff --git a/releasenotes/notes/PermitRootLogin-chages-7ce97df6d612223e.yaml b/releasenotes/notes/PermitRootLogin-chages-7ce97df6d612223e.yaml new file mode 100644 index 0000000000..1f19b29194 --- /dev/null +++ b/releasenotes/notes/PermitRootLogin-chages-7ce97df6d612223e.yaml @@ -0,0 +1,7 @@ +--- +security: + - The PermitRootLogin in sshd_config changed from 'yes' + to 'prohibit-password' in the containers. By default + there is no password set in the containers but the ssh + pub key from the deployment host is injected in the + targets nodes authorized_keys. diff --git a/releasenotes/notes/deprecated-memcached-and-backend-caching-vars-88c48117b232b37e.yaml b/releasenotes/notes/deprecated-memcached-and-backend-caching-vars-88c48117b232b37e.yaml new file mode 100644 index 0000000000..aba321217f --- /dev/null +++ b/releasenotes/notes/deprecated-memcached-and-backend-caching-vars-88c48117b232b37e.yaml @@ -0,0 +1,6 @@ +--- +deprecations: + - | + The variables ``keystone_memcached_servers`` and + ``keystone_cache_backend_argument`` have been deprecated in favor of + ``keystone_cache_servers``, a list of servers for caching purposes. diff --git a/releasenotes/notes/disable-list-extend-3a9547de9034f9ba.yaml b/releasenotes/notes/disable-list-extend-3a9547de9034f9ba.yaml index 5d414c54e2..25ba2be76a 100644 --- a/releasenotes/notes/disable-list-extend-3a9547de9034f9ba.yaml +++ b/releasenotes/notes/disable-list-extend-3a9547de9034f9ba.yaml @@ -3,8 +3,8 @@ features: - Yaml files used for ceilometer configuration will now allow a deployer to override a given list. If an override is provided that matches an already defined list in one of the ceilometer default yaml files the entire list - will be replaced by the provided override. Previously, a nested lists of - lists within the default ceilometer configration files would extend should + will be replaced by the provided override. Previously, a nested list of + lists within the default ceilometer configuration files would extend should a deployer provide an override matching an existing pipeline. The extension of the defaults had a high probability to cause undesirable outcomes and was very unpredictable. diff --git a/releasenotes/notes/drop-ceilometer-api-b6d87ceddf34af81.yaml b/releasenotes/notes/drop-ceilometer-api-b6d87ceddf34af81.yaml new file mode 100644 index 0000000000..fd453cb93b --- /dev/null +++ b/releasenotes/notes/drop-ceilometer-api-b6d87ceddf34af81.yaml @@ -0,0 +1,5 @@ +--- +deprecations: + - The Ceilometer API is no longer available in the Queens release of + OpenStack, this patch removes all references to API related configurations + as they are no longer needed. diff --git a/releasenotes/notes/nova-placement-database-a8735a1df0c4566f.yaml b/releasenotes/notes/nova-placement-database-a8735a1df0c4566f.yaml new file mode 100644 index 0000000000..77e7c83676 --- /dev/null +++ b/releasenotes/notes/nova-placement-database-a8735a1df0c4566f.yaml @@ -0,0 +1,15 @@ +--- +deprecations: + - | + The nova_placement database which was implemented in the ocata release of + OpenStack-Ansible was never actually used for anything due to reverts in + the upstream code. The database should be empty and can be deleted. With + this the following variables also no longer have any function and have + been removed. + + * ``nova_placement_galera_user`` + * ``nova_placement_galera_database`` + * ``nova_placement_db_max_overflow`` + * ``nova_placement_db_max_pool_size`` + * ``nova_placement_db_pool_timeout`` + diff --git a/releasenotes/notes/persistend-systemd-journals-c1874b52ad666744.yaml b/releasenotes/notes/persistend-systemd-journals-c1874b52ad666744.yaml new file mode 100644 index 0000000000..1a0107e801 --- /dev/null +++ b/releasenotes/notes/persistend-systemd-journals-c1874b52ad666744.yaml @@ -0,0 +1,10 @@ +--- +features: + - | + Persistent systemd journals are now enabled. This allows deployers to keep + older systemd journals on disk for review. The disk space requirements are + extremely low since the journals are stored in binary format. The default + location for persistent journals is in ``/var/log/journal``. + + Deployers can opt out of this change by setting + ``openstack_host_keep_journals`` to ``no``. diff --git a/releasenotes/notes/selinux-neutron-bare-metal-c89174daf6f8b273.yaml b/releasenotes/notes/selinux-neutron-bare-metal-c89174daf6f8b273.yaml new file mode 100644 index 0000000000..63f7a18a15 --- /dev/null +++ b/releasenotes/notes/selinux-neutron-bare-metal-c89174daf6f8b273.yaml @@ -0,0 +1,6 @@ +--- +fixes: + - | + SELinux policy for neutron on CentOS 7 is now provided to fix SELinux + AVCs that occur when neutron's agents attempt to start daemons such as + haproxy and dnsmasq.