From 68fa3f459720c3ca45c0a06f6b126287ddb5c774 Mon Sep 17 00:00:00 2001 From: Jean-Philippe Evrard Date: Sat, 10 Feb 2018 16:43:55 +0000 Subject: [PATCH] Update all SHAs for 17.0.0 This patch updates all the roles to the latest available stable SHA's, copies the release notes from the updated roles into the integrated repo. The OpenStack services SHA's will be manually updated in another patch. Change-Id: I78d85f33926bc979f7d0df0adc8e8245bf1223ad --- ansible-role-requirements.yml | 98 +++++++++---------- global-requirement-pins.txt | 2 +- inventory/group_vars/all/all.yml | 2 +- ...rmitRootLogin-chages-7ce97df6d612223e.yaml | 7 ++ ...backend-caching-vars-88c48117b232b37e.yaml | 6 ++ .../disable-list-extend-3a9547de9034f9ba.yaml | 4 +- .../drop-ceilometer-api-b6d87ceddf34af81.yaml | 5 + ...a-placement-database-a8735a1df0c4566f.yaml | 15 +++ ...end-systemd-journals-c1874b52ad666744.yaml | 10 ++ ...x-neutron-bare-metal-c89174daf6f8b273.yaml | 6 ++ 10 files changed, 102 insertions(+), 53 deletions(-) create mode 100644 releasenotes/notes/PermitRootLogin-chages-7ce97df6d612223e.yaml create mode 100644 releasenotes/notes/deprecated-memcached-and-backend-caching-vars-88c48117b232b37e.yaml create mode 100644 releasenotes/notes/drop-ceilometer-api-b6d87ceddf34af81.yaml create mode 100644 releasenotes/notes/nova-placement-database-a8735a1df0c4566f.yaml create mode 100644 releasenotes/notes/persistend-systemd-journals-c1874b52ad666744.yaml create mode 100644 releasenotes/notes/selinux-neutron-bare-metal-c89174daf6f8b273.yaml diff --git a/ansible-role-requirements.yml b/ansible-role-requirements.yml index 98198a707b..aee9864291 100644 --- a/ansible-role-requirements.yml +++ b/ansible-role-requirements.yml @@ -1,196 +1,196 @@ - name: ansible-hardening scm: git src: https://git.openstack.org/openstack/ansible-hardening - version: master + version: 0635fb840aafc914f2ffdfedc4548dc1abb37c7a - name: apt_package_pinning scm: git src: https://git.openstack.org/openstack/openstack-ansible-apt_package_pinning - version: master + version: af87185d6d9a2ed066db85a9e6e2bec4d047089b - name: pip_install scm: git src: https://git.openstack.org/openstack/openstack-ansible-pip_install - version: master + version: faf690dffb820104c9ad707fe11ca646b7b78098 - name: galera_client scm: git src: https://git.openstack.org/openstack/openstack-ansible-galera_client - version: master + version: ccafe5e816694907869c6591b5121fc59074934c - name: galera_server scm: git src: https://git.openstack.org/openstack/openstack-ansible-galera_server - version: master + version: dfb3d59dfb87eedb84a3e7b0bafb3764dd8a2cfa - name: ceph_client scm: git src: https://git.openstack.org/openstack/openstack-ansible-ceph_client - version: master + version: ab68c5e925e086c91b1ad4064cb406cc736bdb23 - name: haproxy_server scm: git src: https://git.openstack.org/openstack/openstack-ansible-haproxy_server - version: master + version: 212e9bd262ee8fb9c635597516d56879ac817c7c - name: keepalived scm: git src: https://github.com/evrardjp/ansible-keepalived - version: master + version: 2b4a1f36c29b06b832bc4e6d112ca5559a98fd4a - name: lxc_container_create scm: git src: https://git.openstack.org/openstack/openstack-ansible-lxc_container_create - version: master + version: 87353ebc316286b1f883124c45860a021e518889 - name: lxc_hosts scm: git src: https://git.openstack.org/openstack/openstack-ansible-lxc_hosts - version: master + version: 0c6d6c89acda8db63d93e6514359a03e782089aa - name: memcached_server scm: git src: https://git.openstack.org/openstack/openstack-ansible-memcached_server - version: master + version: 0e526d63e68c9318dbe249ffcb355672c401268a - name: openstack_hosts scm: git src: https://git.openstack.org/openstack/openstack-ansible-openstack_hosts - version: master + version: 3e64936b228593d3dd59bf3b3203023b4c6e554c - name: os_keystone scm: git src: https://git.openstack.org/openstack/openstack-ansible-os_keystone - version: master + version: 17f702aa093579e61b482c7496e2a1f056819483 - name: openstack_openrc scm: git src: https://git.openstack.org/openstack/openstack-ansible-openstack_openrc - version: master + version: 735e066ba19caebb9299aaab163f5082d2b04bd4 - name: os_aodh scm: git src: https://git.openstack.org/openstack/openstack-ansible-os_aodh - version: master + version: 492ff856886ab096329dee337728e7c88482e9f9 - name: os_barbican scm: git src: https://git.openstack.org/openstack/openstack-ansible-os_barbican - version: master + version: bb2b7264292e7a957c66b95ac412a94c0d8e407d - name: os_ceilometer scm: git src: https://git.openstack.org/openstack/openstack-ansible-os_ceilometer - version: master + version: 0b88342fa352f2bc048104f66c9476f465d1d23d - name: os_cinder scm: git src: https://git.openstack.org/openstack/openstack-ansible-os_cinder - version: master + version: 782c27cf60aa57cc2168ca51b6a8a7f2b43acfc6 - name: os_designate scm: git src: https://git.openstack.org/openstack/openstack-ansible-os_designate - version: master + version: e9c1d198a4dcb645f7c1f3cff22e98dab180315a - name: os_glance scm: git src: https://git.openstack.org/openstack/openstack-ansible-os_glance - version: master + version: 6c5c8d3d915f506a60b89251bd5caaba3b383ef0 - name: os_gnocchi scm: git src: https://git.openstack.org/openstack/openstack-ansible-os_gnocchi - version: master + version: 4891d9bdfb4569f3097373f2fb2e677795663a52 - name: os_heat scm: git src: https://git.openstack.org/openstack/openstack-ansible-os_heat - version: master + version: dda5325225213c095c7c5697f30df8c41bcd9d4e - name: os_horizon scm: git src: https://git.openstack.org/openstack/openstack-ansible-os_horizon - version: master + version: ec13e3b9e0c46616812c9278ddd606fdd3082682 - name: os_ironic scm: git src: https://git.openstack.org/openstack/openstack-ansible-os_ironic - version: master + version: 5b7f9f342f2346aa38f69204936d0d428800afed - name: os_magnum scm: git src: https://git.openstack.org/openstack/openstack-ansible-os_magnum - version: master + version: 1d55c75816b7eed495806e1793cbe130804af8fc - name: os_molteniron scm: git src: https://git.openstack.org/openstack/openstack-ansible-os_molteniron - version: master + version: 07c6cdc462a56e6c76e5071414d35da3878aa14f - name: os_neutron scm: git src: https://git.openstack.org/openstack/openstack-ansible-os_neutron - version: master + version: 2f6066c0786aefda9d61d06d8810e39eaac8f0b9 - name: os_nova scm: git src: https://git.openstack.org/openstack/openstack-ansible-os_nova - version: master + version: d0154df0818cb1b97537e1d65409818959a021d4 - name: os_octavia scm: git src: https://git.openstack.org/openstack/openstack-ansible-os_octavia - version: master + version: 23ad1f1828c5ab1737cbaf48cd4b4a83f67a45d4 - name: os_rally scm: git src: https://git.openstack.org/openstack/openstack-ansible-os_rally - version: master + version: 6c4e344def546adf76545d741a6ef24e5cbf7daa - name: os_sahara scm: git src: https://git.openstack.org/openstack/openstack-ansible-os_sahara - version: master + version: 06c328e1872cdce959bfa1e5c6cedf3c4cde65a6 - name: os_swift scm: git src: https://git.openstack.org/openstack/openstack-ansible-os_swift - version: master + version: 37eb776041ad324a01bc673da0eb7894566f419d - name: os_tacker scm: git src: https://git.openstack.org/openstack/openstack-ansible-os_tacker - version: master + version: 68305ee8e03885967c95520614e50ba84176f5c1 - name: os_tempest scm: git src: https://git.openstack.org/openstack/openstack-ansible-os_tempest - version: master + version: 48d9b6d46965462aa01ef353ca06ffdbc5b55c33 - name: os_trove scm: git src: https://git.openstack.org/openstack/openstack-ansible-os_trove - version: master + version: a63122f8fdffdf19719788911999fdb0e3b13fa5 - name: plugins scm: git src: https://git.openstack.org/openstack/openstack-ansible-plugins - version: master + version: a9ee4932cb30522549db4866148ef066e2e2ab7d - name: rabbitmq_server scm: git src: https://git.openstack.org/openstack/openstack-ansible-rabbitmq_server - version: master + version: 52f3b38b630b54eb45e81a8f0b5348f72ffa967d - name: repo_build scm: git src: https://git.openstack.org/openstack/openstack-ansible-repo_build - version: master + version: 1948d899a5c76143cf24c1a8ae162906a8e1faf1 - name: repo_server scm: git src: https://git.openstack.org/openstack/openstack-ansible-repo_server - version: master + version: 0a3b993bf18f82fdf6199769302d971d917a8595 - name: rsyslog_client scm: git src: https://git.openstack.org/openstack/openstack-ansible-rsyslog_client - version: master + version: 6576a296328c7c2eeeec360978133913d81fb647 - name: rsyslog_server scm: git src: https://git.openstack.org/openstack/openstack-ansible-rsyslog_server - version: master + version: 3e1db84f1a9be6473bfbb8f80495f747b406e8ef - name: sshd scm: git src: https://github.com/willshersystems/ansible-sshd - version: master + version: 537b9b2bc2fd7f23301222098344727f8161993c - name: bird scm: git src: https://github.com/logan2211/ansible-bird - version: master + version: 21d7d8de5af9e73c0853d3434a4b3d3f8dd39a70 - name: etcd scm: git src: https://github.com/logan2211/ansible-etcd - version: master + version: 3933355dfe51477822db517d3c07ad561fb61318 - name: unbound scm: git src: https://github.com/logan2211/ansible-unbound - version: master + version: 7be67d6b60718896f0c17a7d4a14b912f72a59ae - name: resolvconf scm: git src: https://github.com/logan2211/ansible-resolvconf - version: master + version: d48dd3eea22094b6ecc6aa6ea07279c8e68e28b5 - name: ceph-ansible scm: git src: https://github.com/ceph/ceph-ansible - version: master + version: 0be60456ce98d11ca6acf73d7f7a76c4f9dc5309 - name: opendaylight scm: git src: https://github.com/opendaylight/integration-packaging-ansible-opendaylight - version: master + version: 4aabce0605ef0f51eef4d6564cc7d779630706c5 - name: haproxy_endpoints scm: git src: https://github.com/logan2211/ansible-haproxy-endpoints - version: master + version: 49901861b16b8afaa9bccdbc649ac956610ff22b diff --git a/global-requirement-pins.txt b/global-requirement-pins.txt index 78e23633f0..fd401854c2 100644 --- a/global-requirement-pins.txt +++ b/global-requirement-pins.txt @@ -10,5 +10,5 @@ ### These pins are updated through the sources-branch-updater script ### ### pip==9.0.1 -setuptools==38.2.4 +setuptools==38.5.1 wheel==0.30.0 diff --git a/inventory/group_vars/all/all.yml b/inventory/group_vars/all/all.yml index d598b1af3e..67a8772614 100644 --- a/inventory/group_vars/all/all.yml +++ b/inventory/group_vars/all/all.yml @@ -14,7 +14,7 @@ # limitations under the License. ## OpenStack Source Code Release -openstack_release: master +openstack_release: 17.0.0 ## Verbosity Options debug: False diff --git a/releasenotes/notes/PermitRootLogin-chages-7ce97df6d612223e.yaml b/releasenotes/notes/PermitRootLogin-chages-7ce97df6d612223e.yaml new file mode 100644 index 0000000000..1f19b29194 --- /dev/null +++ b/releasenotes/notes/PermitRootLogin-chages-7ce97df6d612223e.yaml @@ -0,0 +1,7 @@ +--- +security: + - The PermitRootLogin in sshd_config changed from 'yes' + to 'prohibit-password' in the containers. By default + there is no password set in the containers but the ssh + pub key from the deployment host is injected in the + targets nodes authorized_keys. diff --git a/releasenotes/notes/deprecated-memcached-and-backend-caching-vars-88c48117b232b37e.yaml b/releasenotes/notes/deprecated-memcached-and-backend-caching-vars-88c48117b232b37e.yaml new file mode 100644 index 0000000000..aba321217f --- /dev/null +++ b/releasenotes/notes/deprecated-memcached-and-backend-caching-vars-88c48117b232b37e.yaml @@ -0,0 +1,6 @@ +--- +deprecations: + - | + The variables ``keystone_memcached_servers`` and + ``keystone_cache_backend_argument`` have been deprecated in favor of + ``keystone_cache_servers``, a list of servers for caching purposes. diff --git a/releasenotes/notes/disable-list-extend-3a9547de9034f9ba.yaml b/releasenotes/notes/disable-list-extend-3a9547de9034f9ba.yaml index 5d414c54e2..25ba2be76a 100644 --- a/releasenotes/notes/disable-list-extend-3a9547de9034f9ba.yaml +++ b/releasenotes/notes/disable-list-extend-3a9547de9034f9ba.yaml @@ -3,8 +3,8 @@ features: - Yaml files used for ceilometer configuration will now allow a deployer to override a given list. If an override is provided that matches an already defined list in one of the ceilometer default yaml files the entire list - will be replaced by the provided override. Previously, a nested lists of - lists within the default ceilometer configration files would extend should + will be replaced by the provided override. Previously, a nested list of + lists within the default ceilometer configuration files would extend should a deployer provide an override matching an existing pipeline. The extension of the defaults had a high probability to cause undesirable outcomes and was very unpredictable. diff --git a/releasenotes/notes/drop-ceilometer-api-b6d87ceddf34af81.yaml b/releasenotes/notes/drop-ceilometer-api-b6d87ceddf34af81.yaml new file mode 100644 index 0000000000..fd453cb93b --- /dev/null +++ b/releasenotes/notes/drop-ceilometer-api-b6d87ceddf34af81.yaml @@ -0,0 +1,5 @@ +--- +deprecations: + - The Ceilometer API is no longer available in the Queens release of + OpenStack, this patch removes all references to API related configurations + as they are no longer needed. diff --git a/releasenotes/notes/nova-placement-database-a8735a1df0c4566f.yaml b/releasenotes/notes/nova-placement-database-a8735a1df0c4566f.yaml new file mode 100644 index 0000000000..77e7c83676 --- /dev/null +++ b/releasenotes/notes/nova-placement-database-a8735a1df0c4566f.yaml @@ -0,0 +1,15 @@ +--- +deprecations: + - | + The nova_placement database which was implemented in the ocata release of + OpenStack-Ansible was never actually used for anything due to reverts in + the upstream code. The database should be empty and can be deleted. With + this the following variables also no longer have any function and have + been removed. + + * ``nova_placement_galera_user`` + * ``nova_placement_galera_database`` + * ``nova_placement_db_max_overflow`` + * ``nova_placement_db_max_pool_size`` + * ``nova_placement_db_pool_timeout`` + diff --git a/releasenotes/notes/persistend-systemd-journals-c1874b52ad666744.yaml b/releasenotes/notes/persistend-systemd-journals-c1874b52ad666744.yaml new file mode 100644 index 0000000000..1a0107e801 --- /dev/null +++ b/releasenotes/notes/persistend-systemd-journals-c1874b52ad666744.yaml @@ -0,0 +1,10 @@ +--- +features: + - | + Persistent systemd journals are now enabled. This allows deployers to keep + older systemd journals on disk for review. The disk space requirements are + extremely low since the journals are stored in binary format. The default + location for persistent journals is in ``/var/log/journal``. + + Deployers can opt out of this change by setting + ``openstack_host_keep_journals`` to ``no``. diff --git a/releasenotes/notes/selinux-neutron-bare-metal-c89174daf6f8b273.yaml b/releasenotes/notes/selinux-neutron-bare-metal-c89174daf6f8b273.yaml new file mode 100644 index 0000000000..63f7a18a15 --- /dev/null +++ b/releasenotes/notes/selinux-neutron-bare-metal-c89174daf6f8b273.yaml @@ -0,0 +1,6 @@ +--- +fixes: + - | + SELinux policy for neutron on CentOS 7 is now provided to fix SELinux + AVCs that occur when neutron's agents attempt to start daemons such as + haproxy and dnsmasq.