Security update for ardana-ansible, ardana-cinder, ardana-cobbler, ardana-db, ardana-horizon, ardana-input-model, ardana-monasca, ardana-mq, ardana-nova, ardana-octavia, ardana-osconfig, ardana-tempes
An update that solves three vulnerabilities, contains 62 features and has nine security fixes can now be installed.
Description:
This update for ardana-ansible, ardana-cinder, ardana-cobbler, ardana-db, ardana-horizon, ardana-input-model, ardana-monasca, ardana-mq, ardana-nova, ardana-octavia, ardana-osconfig, ardana-tempest, ardana-tls, crowbar-core, crowbar-ha, crowbar-openstack, crowbar-ui, keepalived, openstack-barbican, openstack-ceilometer, openstack-cinder, openstack-dashboard, openstack-dashboard-theme-SUSE, openstack-designate, openstack-heat, openstack-horizon-plugin-designate-ui, openstack-horizon-plugin-ironic-ui, openstack-horizon-plugin-neutron-lbaas-ui, openstack-horizon-plugin-octavia-ui, openstack-ironic, openstack-ironic-python-agent, openstack-keystone, openstack-magnum, openstack-monasca-agent, openstack-neutron, openstack-neutron-fwaas, openstack-neutron-gbp, openstack-neutron-vpnaas, openstack-nova, openstack-octavia, openstack-octavia-amphora-image, openstack-sahara, openstack-swift, python-amqp, python-ironic-lib, python-keystoneauth1, python-keystoneclient, python-keystonemiddleware, python-ovs, supportutils-plugin-suse-openstack-cloud, rubygem-crowbar-client, rubygem-puma, venv-openstack-horizon fixes the following issues:
Security issues fixed:
- CVE-2018-17954: Enabled restricted commands for Cloud 8 (bsc#1117080).
- CVE-2019-16770: Fixed a DoS vulnerability a malicious client could use to block a large amount of threads (bsc#1158675).
Non-security issues fixed:
Changes in ardana-ansible: - Update to version 9.0+git.1581611758.f694f7d: * Don't run deprecated-vhost-removal on localhost (SOC-11098)
- Update to version 9.0+git.1580906085.40eb430:
-
simplify glance image upload (SOC-11089)
-
Update to version 9.0+git.1580220034.3236aa5:
-
Ensure rabbitmq-server started after packages updated (SOC-11070)
-
Update to version 9.0+git.1576060554.bdd84e6:
- Fix grep for image details on service-guest-image (SOC-11012)
Changes in ardana-cinder: - Update to version 9.0+git.1579256229.c8b4b38: * Add option to flatten snapshots when using SES (SOC-11054)
- Update to version 9.0+git.1574694613.04a8b74:
-
Ensure nfs-client installed for NetApp support (SOC-9005)
-
Update to version 9.0+git.1574359983.c198cc9:
- Add option for nfs_share configuration (SOC-9005)
Changes in ardana-cobbler: - Update to version 9.0+git.1574950066.a3c4be4: * Set root device on SLES autoyast templates (SOC-7365)
- Update to version 9.0+git.1573845154.3545efd:
- Change install_recommended to true (SOC-9005)
Changes in ardana-db: - Update to version 9.0+git.1578936438.b9a9b95: * Switch to using override file in my.cnf.d (SOC-11043)
- Update to version 9.0+git.1578595169.57c5911:
- account for pre-update nodes (SOC-11037)
Changes in ardana-horizon: - Update to version 9.0+git.1575562864.8ed5e10: * Generate policy for Octavia dashboard (SOC-10883)
- Update to version 9.0+git.1575562860.2ce2851:
- Fix policy configuration generation (SOC-10883)
Changes in ardana-input-model: - Update to version 9.0+git.1580403439.d425462: * Enable port security extension neutron (SOC-11027)
- Update to version 9.0+git.1574953363.60cf58f:
- octavia: use lbaasv2-proxy service plugin (SOC-10987)
Changes in ardana-monasca: - Update to version 9.0+git.1579273481.4b8c46f: * Leverage schema conversion script for upgrade (SOC-10277)
- Update to version 9.0+git.1575919721.5c42222:
- align Monasca DB schema with upstream prior to upgrade (SOC-10277)
Changes in ardana-mq: - Update to version 9.0+git.1581024903.8e74867: * Ensure HA queue sync wait fails (SOC-11083)
- Update to version 9.0+git.1580934283.230ff8b:
-
Fix HA policy setting comments (SOC-10317, SOC-11082)
-
Update to version 9.0+git.1580746285.da922ce:
-
Set HA policy accordingly (SOC-10317, SOC-11082)
-
Update to version 9.0+git.1575405552.d84f662:
- Change the HA policy mirror (SOC-10317)
Changes in ardana-nova: - Update to version 9.0+git.1580304673.6c668eb: * Set notification_format to unversioned in nova.conf (bsc#1161721)
- Update to version 9.0+git.1575481165.9d3826f:
-
Remove duplicate entries for alias configuration for GPU (SOC-10837)
-
Update to version 9.0+git.1573764498.ed4098d:
- Pass through gpu device info. (SOC-10837)
Changes in ardana-octavia: - Update to version 9.0+git.1576074489.62de7e2: * Add load-balancer roles (SOC-8743)
- Update to version 9.0+git.1575366951.e0216b4:
-
Add policy.json to match the neutron lbaasv2 policy (SOC-10987)
-
Update to version 9.0+git.1574358661.c976583:
- Change event_streamer_driver to noop (bsc#1154235)
Changes in ardana-osconfig: - Update to version 9.0+git.1580235830.0dca223: * Start OVS services before wicked service at boot (SOC-11067)
- Update to version 9.0+git.1579790275.8afb314:
- Adjust 'fs.inotify.max_user_instances' to align with crowbar (bsc#1161351)
Changes in ardana-tempest: - Update to version 9.0+git.1578932816.e299c08: * Revert to using cirros image for heat tests (SOC-7028)
- Update to version 9.0+git.1578413400.0614192:
-
Create network resources needed by some heat tests (SOC-7028)
-
Update to version 9.0+git.1576611974.d17e4df:
-
Enable octavia tempest plugin test cases (SOC-8743)
-
Update to version 9.0+git.1574955714.5bae846:
- Update lbaas tempest filter for octavia (SOC-10987)
Changes in ardana-tls: - Update to version 9.0+git.1575296665.3fdfe45: * Make sure VNC CA file contain our internal CAs (SOC-10968)
- Update to version 9.0+git.1574280348.a306396:
- default the certificate validity to 5 years for the VNC cert (SOC-10973)
Changes in crowbar-core: - Update to version 6.0+git.1582892022.cbd70e833: * upgrade: Run DHCP evacuation (SOC-11046)
- Update to version 6.0+git.1582200015.08264d8f9:
-
Fix deployment queue display (SOC-10741)
-
Update to version 6.0+git.1580144807.7d068caf0:
-
network: start OVS before wickedd (SOC-11067)
-
Update to version 6.0+git.1578997967.4591670f0:
-
dns: add checks to designate migration (SOC-11047)
-
Update to version 6.0+git.1578935422.01edb0a9b:
-
Do not log an error for a case that is correct (trivial)
-
Update to version 6.0+git.1578563578.68beda299:
-
Upgrade neutron agent together with nova-compute package (SOC-11031)
-
Update to version 6.0+git.1578402096.90d9332d9:
- apache2: Restart after enabling SSL flag (SOC-11029)
-
crowbar: add crowbar-pacemaker dependency (SOC-10986)
-
Update to version 6.0+git.1576756414.ca49a781d:
-
bind9: Add legacy public.foo DNS entries (SOC-11006)
-
Update to version 6.0+git.1576662075.88de27567:
-
upgrade: Make a check for SLES product version (SOC-3089)
-
Update to version 6.0+git.1576493114.5e9534f13:
- upgrade: Stop if nova-compute upgrade fails (SOC-10378)
-
upgrade: Fix typo in log message (typo)
-
Update to version 6.0+git.1576149781.1ac02ef0d:
-
upgrade: add missing exit to Monasca DB dump (trivial)
-
Update to version 6.0+git.1576072790.23b58b4a2:
- upgrade: Fix systemd unit listing (trivial)
-
Make sure the crowbar migrations are OK (SOC-6849)
-
Update to version 6.0+git.1575980638.3cad5a333:
- Ignore CVE-2019-16770 (SOC-10999)
- upgrade: Make cluster health check at the start of services step (SOC-6849)
-
upgrade: Remove DRBD specific code from the continuation parts (SOC-10985)
-
Update to version 6.0+git.1575628097.5a7475686:
-
upgrade: Do not stop and reload nova services in normal mode (SOC-10995)
-
Update to version 6.0+git.1574763248.ad958e68c:
- Disable installation repository (bsc#1152007)
-
Disable automatic repo services (bsc#1152007)
-
Update to version 6.0+git.1574431193.3f5c69937:
-
[upgrade] Wait for keystone to be ready after start (bsc#1157206)
-
Update to version 6.0+git.1574363439.bc4d86c9b:
-
upgrade: Make sure cinder-volume is really stopped (bsc#1156305)
-
Update to version 6.0+git.1574270808.e4344109b:
-
upgrade: Ignore Cloud repository during repocheck (bsc#1152007)
-
Update to version 6.0+git.1574102328.13f0b12bf:
- Ignore CVE-2019-13117 in CI builds (bsc#1157028)
Changes in crowbar-ha: - Update to version 6.0+git.1574286261.6fd1a34: * Drop g-haproxy removal code (bsc#1156914)
Changes in crowbar-openstack: - Update to version 6.0+git.1580922461.67fb3c087: * Designate: make sure dns-server is active on a non-admin node (SOC-10636) * Revert rabbitmq: sync startup definitions.json with recipe (SOC-11082)
- Update to version 6.0+git.1580480133.d27bf75d0:
-
ec2-api: run keystone_register on cluster founder only (SOC-11079)
-
Update to version 6.0+git.1580308069.558c6dd8a:
-
rabbitmq: sync startup definitions.json with recipe (SOC-11077)
-
Update to version 6.0+git.1579097055.cf15ef22e:
- tempest: enable multiattach for NetApp + LVM (SCPM-97)
-
tempest: tempest run filters as templates (SOC-11052)
-
Update to version 6.0+git.1578491103.ca03b990c:
-
Install openstack client for neutron recipes (SOC-11039)
-
Update to version 6.0+git.1576859278.871ed9151:
-
octavia: Add topology setting (SOC-10876)
-
Update to version 6.0+git.1576769055.cae3ecf9a:
- octavia: Add anti-affinity settings (SOC-11026)
- designate: Fix the migrations of ssl values (SOC-11030)
- octavia: Also delete unused amphora images (SOC-11024)
- octavia: Delete old amphora images (SOC-11024)
-
octavia: Install amphora image always (SOC-11024)
-
Update to version 6.0+git.1576688912.0cfb42201:
- Do not read data from barclamp that has not been saved (SOC-11028)
-
octavia: Add ssh key to health manager (SOC-11025)
-
Update to version 6.0+git.1576513513.8456a08f8:
-
designate: Mark as user managed (SOC-10233)
-
Update to version 6.0+git.1576331976.c068cbe15:
-
octavia: Update configuration parameters (SOC-10904)
-
Update to version 6.0+git.1576245850.2d50399b5:
-
tempest: Update default image on schema (SOC-11023)
-
Update to version 6.0+git.1576145909.ec2c5f746:
-
octavia: enable octavia tempest plugin test cases (SOC-8743)
-
Update to version 6.0+git.1576091112.c802654e0:
- keystone: Add OS_INTERFACE env var to .openrc (SOC-11006)
-
horizon: add Octavia horizon dashboard (SOC-10833)
-
Update to version 6.0+git.1575917420.9a9d1b024:
- Add Crowbar UI options for mgmt net (SOC-10904)
- octavia: configure barbican auth (SOC-10989)
-
octavia: fix deprecated config options (SOC-10990)
-
Update to version 6.0+git.1574850023.d4c2337fc:
- tempest: create lbaas-octavia filter (SOC-10965)
- octavia: switch to noop event streamer (SOC-10868)
-
tempest: fix lbaasv2 tests with Octavia lbaasv2-proxy service plugin (SOC-10907)
-
Update to version 6.0+git.1574685608.1c9818d53:
-
horizon: fix keystone node lookup (SOC-10978)
-
Update to version 6.0+git.1574428771.9bd63ba0d:
-
designate: declare all mdns servers as master on pool config (SOC-10952)
-
Update to version 6.0+git.1574334452.15e0db044:
- designate: add support for SSL (SOC-10877)
-
horizon: install lbaas horizon dashboard (SOC-10883)
-
Update to version 6.0+git.1574270038.651a48486:
-
octavia: add SSL section to the UI (SOC-10906)
-
Update to version 6.0+git.1574094012.3c62b569f:
- octavia: Add memcached_servers for token caching (SOC-10905)
Changes in crowbar-ui: - Update to version 1.3.0+git.1575896697.a01a3a08: * upgrade: Added missing error title * travis: Stop testing against nodejs4
Changes in keepalived: - update to 2.0.19 - new BR pkgconfig(libnftnl) to fix nftables support - add nftables to the BR - added patch * linux-4.15.patch - add buildrequires for file-devel - used in the checker to verify scripts - enable json stats and config dump support new BR: pkgconfig(json-c) - enable http regexp support: new BR pcre2-devel - disable dbus instance creation support as it is marked as dangerous - Add BFD build option to keepalived.spec rpm file Issue #1114 identified that the keepalived.spec file was not being generated to build BFD support even if keepalived had been configured to support it. - full changelog https://keepalived.org/changelog.html
Changes in openstack-barbican: - Update to version barbican-7.0.1.dev24: * Fix the barbicanclient installation not from source
- Update to version barbican-7.0.1.dev23:
- Don't use branch matching
- Make broken fedora_latest job n-v
Changes in openstack-barbican: - Update to version barbican-7.0.1.dev24: * Fix the barbicanclient installation not from source
- Update to version barbican-7.0.1.dev23:
- Don't use branch matching
- Make broken fedora_latest job n-v
Changes in openstack-ceilometer: - Update to version ceilometer-11.0.2.dev21: * Tell reno to ignore the kilo branch * Run Grenade job under Python 2 for compatibility
- Update to version ceilometer-11.0.2.dev19:
-
[stable-only] Cap msgpack
-
Update to version ceilometer-11.0.2.dev18:
-
Add note for loadbalancer resource type support
-
Update to version ceilometer-11.0.2.dev17:
-
Fix samples with dots in sample name
-
Update to version ceilometer-11.0.2.dev15:
- Add loadbalancer resource type
Changes in openstack-ceilometer: - Update to version ceilometer-11.0.2.dev21: * Tell reno to ignore the kilo branch * Run Grenade job under Python 2 for compatibility
- Update to version ceilometer-11.0.2.dev19:
-
[stable-only] Cap msgpack
-
Update to version ceilometer-11.0.2.dev18:
-
Add note for loadbalancer resource type support
-
Update to version ceilometer-11.0.2.dev17:
-
Fix samples with dots in sample name
-
Update to version ceilometer-11.0.2.dev15:
- Add loadbalancer resource type
Changes in openstack-cinder: - Update to version cinder-13.0.9.dev11: * Cinder backup export broken
- Update to version cinder-13.0.9.dev10:
-
Support Incremental Backup Completion In RBD
-
Update to version cinder-13.0.9.dev8:
- Fix: Create new cache entry when xtremio reaches snap limit
-
Tell reno to ignore the kilo branch
-
Update to version cinder-13.0.9.dev5:
-
Make volume soft delete more thorough
-
Update to version cinder-13.0.9.dev4:
-
Cap sphinx for py2 to match global reqs 13.0.8
-
Update to version cinder-13.0.8.dev12:
- Add 'volume_attachment' to volume expected attributes
-
Fix service_uuid migration for volumes with no host
-
Update to version cinder-13.0.8.dev9:
- Increase cpu limit for image conversion
Changes in openstack-cinder: - Update to version cinder-13.0.9.dev11: * Cinder backup export broken
- Update to version cinder-13.0.9.dev10:
-
Support Incremental Backup Completion In RBD
-
Update to version cinder-13.0.9.dev8:
- Fix: Create new cache entry when xtremio reaches snap limit
-
Tell reno to ignore the kilo branch
-
Update to version cinder-13.0.9.dev5:
-
Make volume soft delete more thorough
-
Update to version cinder-13.0.9.dev4:
-
Cap sphinx for py2 to match global reqs 13.0.8
-
Update to version cinder-13.0.8.dev12:
- Add 'volume_attachment' to volume expected attributes
-
Fix service_uuid migration for volumes with no host
-
Update to version cinder-13.0.8.dev9:
- Increase cpu limit for image conversion
Changes in openstack-dashboard: - Update to version horizon-14.1.1.dev1: 14.1.0 * Ensure python versions
- Update to version horizon-14.0.5.dev9:
-
Fix typo in publicize_image policy name
-
Update to version horizon-14.0.5.dev8:
-
Fix "prev" link pagination for instances with identical timestamps
-
Update to version horizon-14.0.5.dev7:
- Fix deleting port from port details page
-
Fix tenant floating_ip_allocation call in neutron rest api
-
Update to version horizon-14.0.5.dev3:
-
Add "prev" link to instance page list pagination
-
horizon: Obsolete python-django_openstack_auth (SOC-10228) port of https://review.opendev.org/#/c/685224
-
Update to version horizon-14.0.5.dev2:
- Call Glance list with certain image ids
Changes in openstack-dashboard-theme-SUSE: - Add trigger for openstack-horizon-plugin-octavia-ui (SOC-10883)
Changes in openstack-designate: - Update to version designate-7.0.1.dev23: * Use Tempest 'all' tox env
Changes in openstack-designate: - Update to version designate-7.0.1.dev23: * Use Tempest 'all' tox env
Changes in openstack-heat: - Update to version openstack-heat-11.0.3.dev31: * Update Fedora image ref for test jobs
- Update to version openstack-heat-11.0.3.dev29:
-
Docs: use extrefs to link to other projects' docs
-
Update to version openstack-heat-11.0.3.dev28:
-
Use stable constraint for Tempest pinned stable branches
-
Update to version openstack-heat-11.0.3.dev27:
- Correct BRANCH_OVERRIDE for stable/rocky
-
Correct availability_zone to be non-mandatory in heat
-
Update to version openstack-heat-11.0.3.dev24:
- Fix the wrong time unit for OS::Octavia::HealthMonitor
Changes in openstack-heat: - Update to version openstack-heat-11.0.3.dev31: * Update Fedora image ref for test jobs
- Update to version openstack-heat-11.0.3.dev29:
-
Docs: use extrefs to link to other projects' docs
-
Update to version openstack-heat-11.0.3.dev28:
-
Use stable constraint for Tempest pinned stable branches
-
Update to version openstack-heat-11.0.3.dev27:
- Correct BRANCH_OVERRIDE for stable/rocky
-
Correct availability_zone to be non-mandatory in heat
-
Update to version openstack-heat-11.0.3.dev24:
- Fix the wrong time unit for OS::Octavia::HealthMonitor
Changes in openstack-horizon-plugin-designate-ui: - Update to version designate-dashboard-7.0.1.dev8: * Fix list zones updated at same time
Changes in openstack-horizon-plugin-ironic-ui: - Update to version ironic-ui-3.3.1.dev14: * Fix horizon dependency * OpenDev Migration Patch
Changes in openstack-horizon-plugin-neutron-lbaas-ui: - Update to version neutron-lbaas-dashboard-5.0.1.dev8: * Fix auth url for Barbican client
- Add _1481_project_ng_loadbalancersv2_panel.pyc file to package (SOC-10883) The .pyc file needs to be removed when the package is uninstalled, otherwise the panel will remain enabled in the dashboard and cause errors.
Changes in openstack-ironic: - Update to version ironic-11.1.4.dev22: * Change MTU logic to allow for lower MTUs automatically * Do not ignore 'fields' query parameter when building next url * Ensure pagination marker is always set
- Update to version ironic-11.1.4.dev17:
-
grub configuration should use user kernel and ramdisk
-
Update to version ironic-11.1.4.dev16:
- Change log level based on node status
Changes in openstack-ironic: - Remove rootwrap.d/ironic-lib.filters. This file is included in python-ironic-lib >= 2.14.2.
- Update to version ironic-11.1.4.dev22:
- Change MTU logic to allow for lower MTUs automatically
- Do not ignore 'fields' query parameter when building next url
-
Ensure pagination marker is always set
-
Update to version ironic-11.1.4.dev17:
-
grub configuration should use user kernel and ramdisk
-
Update to version ironic-11.1.4.dev16:
- Change log level based on node status
Changes in openstack-ironic-python-agent: - Update to version ironic-python-agent-3.3.3.dev6: * Fix tox.ini to correctly test lower-constraints
Changes in openstack-keystone: - Update to version keystone-14.1.1.dev36: * Tell reno to ignore the kilo branch
- Update to version keystone-14.1.1.dev35:
-
Always have username in CADF initiator
-
Update to version keystone-14.1.1.dev33:
- Fix role_assignments role.id filter
-
Ensure bootstrap handles multiple roles with the same name
-
Update to version keystone-14.1.1.dev29:
- Add the missing packages when install keystone
Changes in openstack-keystone: - Update to version keystone-14.1.1.dev36: * Tell reno to ignore the kilo branch
- Update to version keystone-14.1.1.dev35:
-
Always have username in CADF initiator
-
Update to version keystone-14.1.1.dev33:
- Fix role_assignments role.id filter
-
Ensure bootstrap handles multiple roles with the same name
-
Update to version keystone-14.1.1.dev29:
- Add the missing packages when install keystone
Changes in openstack-magnum: - Update to version magnum-7.2.1.dev1: * Remove buildimage jobs 7.2.0
- Update to version magnum-7.1.1.dev38:
- k8s_fedora: Move rp_filter=1 for calico up
- k8s_fedora_atomic: Add PodSecurityPolicy
- k8s: Clear cni configuration
-
fix: Deploy enable_service last (rocky only)
-
Update to version magnum-7.1.1.dev34:
- k8s_fedora: Label master nodes with kubectl
- k8s: stop introspecting instance name
- Fix proportional autoscaler image
- Using Fedora Atomic 29 as default image
Changes in openstack-magnum: - Update to version magnum-7.2.1.dev1: * Remove buildimage jobs 7.2.0
- Update to version magnum-7.1.1.dev38:
- k8s_fedora: Move rp_filter=1 for calico up
- k8s_fedora_atomic: Add PodSecurityPolicy
- k8s: Clear cni configuration
-
fix: Deploy enable_service last (rocky only)
-
Update to version magnum-7.1.1.dev34:
- k8s_fedora: Label master nodes with kubectl
- k8s: stop introspecting instance name
- Fix proportional autoscaler image
- Using Fedora Atomic 29 as default image
Changes in openstack-monasca-agent: - update to version 2.8.1~dev13 - add X.509 certificate check plugin
- update to version 2.8.1~dev12
- Update hacking version to 1.1.x
- OpenDev Migration Patch
Changes in openstack-neutron: - Update to version neutron-13.0.7.dev48: * Do not initialize snat-ns twice * Fix bug: AttributeError arises while sorting with standard attributes
- Update to version neutron-13.0.7.dev44:
- ovs agent: signal to plugin if tunnel refresh needed
- Mock check if ipv6 is enabled in L3 agent unit tests
- Fix resource schemas and releated `get_sorts` test cases
-
Remove sleep command when retrieving OVS dp
-
Update to version neutron-13.0.7.dev36:
- Remove Floating IP DNS record upon associated port deletion
- Trigger router update only when gateway port IP changed
-
Re-use existing ProcessLauncher from wsgi in RPC workers
-
Update to version neutron-13.0.7.dev30:
- Check SG members instead of ports to skip flow update
- Ensure driver error preventing trunk port deletion is logged
-
[L3] Switch order of processing added and removed router ports
-
Update to version neutron-13.0.7.dev24:
- dhcp-agent: equalize port create_low/update/delete priority
- Catch OVSFWTagNotFound in update_port_filter
- [OVS] Handle added/removed ports in the same polling iteration
- DVR: Ignore DHCP port during DVR host query
- Improve "OVSFirewallDriver.process_trusted_ports"
- List SG rules which belongs to tenant's SG
-
Fix py3 compatibility
-
Update to version neutron-13.0.7.dev10:
- Define orm relationships after db classes
-
Add retries to update trunk port
-
Update to version neutron-13.0.7.dev6:
-
Allow to kill keepalived state change monitor process
-
Update to version neutron-13.0.7.dev4:
-
Always set ovs bridge name in vif:binding-details
-
Update to version neutron-13.0.7.dev2:
-
don't clear skb mark when ovs is hw-offload enabled
-
Update to version neutron-13.0.7.dev1:
-
Use constraints for docs tox target and cap hacking 13.0.6
-
Update to version neutron-13.0.6.dev21:
-
Set DB retry for quota_enforcement pecan_wsgi hook
-
Update to version neutron-13.0.6.dev20:
- [OVS FW] Clean port rules if port not found in ovsdb
-
Add more condition to check sg member exist
-
Update to version neutron-13.0.6.dev17:
-
Fix race condition when getting cmdline
-
Update to version neutron-13.0.6.dev15:
-
Run revision bump operations en masse
-
Update to version neutron-13.0.6.dev13:
-
Add extra unit test for get_cmdline_from_pid function
-
Update to version neutron-13.0.6.dev11:
-
Switch to use cast method in dhcp_ready_on_ports method
-
Update to version neutron-13.0.6.dev10:
- Handle OVSFWPortNotFound and OVSFWTagNotFound in ovs firewall
Changes in openstack-neutron: - Update to version neutron-13.0.7.dev48: * Do not initialize snat-ns twice * Fix bug: AttributeError arises while sorting with standard attributes
- Update to version neutron-13.0.7.dev44:
- ovs agent: signal to plugin if tunnel refresh needed
- Mock check if ipv6 is enabled in L3 agent unit tests
- Fix resource schemas and releated `get_sorts` test cases
-
Remove sleep command when retrieving OVS dp
-
Update to version neutron-13.0.7.dev36:
- Remove Floating IP DNS record upon associated port deletion
- Trigger router update only when gateway port IP changed
-
Re-use existing ProcessLauncher from wsgi in RPC workers
-
Update to version neutron-13.0.7.dev30:
- Check SG members instead of ports to skip flow update
- Ensure driver error preventing trunk port deletion is logged
-
[L3] Switch order of processing added and removed router ports
-
Update to version neutron-13.0.7.dev24:
- dhcp-agent: equalize port create_low/update/delete priority
- Catch OVSFWTagNotFound in update_port_filter
- [OVS] Handle added/removed ports in the same polling iteration
- DVR: Ignore DHCP port during DVR host query
- Improve "OVSFirewallDriver.process_trusted_ports"
- List SG rules which belongs to tenant's SG
-
Fix py3 compatibility
-
Update neutron-ha-tool to latest version:
-
Add DHCP agent evacuation (SOC-11046)
-
Update to version neutron-13.0.7.dev10:
- Define orm relationships after db classes
-
Add retries to update trunk port
-
Update to version neutron-13.0.7.dev6:
-
Allow to kill keepalived state change monitor process
-
Update to version neutron-13.0.7.dev4:
-
Always set ovs bridge name in vif:binding-details
-
Update to version neutron-13.0.7.dev2:
-
don't clear skb mark when ovs is hw-offload enabled
-
Update to version neutron-13.0.7.dev1:
-
Use constraints for docs tox target and cap hacking 13.0.6
-
Update to version neutron-13.0.6.dev21:
-
Set DB retry for quota_enforcement pecan_wsgi hook
-
Update to version neutron-13.0.6.dev20:
- [OVS FW] Clean port rules if port not found in ovsdb
-
Add more condition to check sg member exist
-
Update to version neutron-13.0.6.dev17:
-
Fix racondition when getting cmdline
-
Update to version neutron-13.0.6.dev15:
-
Run revision bump operations en masse
-
neutron: Remove stop action from ovs-cleanup (bsc#1157482) backport of https://review.opendev.org/#/c/695867/
-
Update to version neutron-13.0.6.dev13:
-
Add extra unit test for get_cmdline_from_pid function
-
Update to version neutron-13.0.6.dev11:
-
Switch to use cast method in dhcp_ready_on_ports method
-
Update to version neutron-13.0.6.dev10:
- Handle OVSFWPortNotFound and OVSFWTagNotFound in ovs firewall
Changes in openstack-neutron-fwaas: - Update to version neutron-fwaas-13.0.3.dev4: * Fix sorting of filter rules in legacy_conntrack module
- Update to version neutron-fwaas-13.0.3.dev3:
- Fix list_entries for netlink_lib when running on py3
Changes in openstack-neutron-fwaas: - Update to version neutron-fwaas-13.0.3.dev4: * Fix sorting of filter rules in legacy_conntrack module
- Update to version neutron-fwaas-13.0.3.dev3:
- Fix list_entries for netlink_lib when running on py3
Changes in openstack-neutron-gbp: - Update to version group-based-policy-5.0.1.dev491: * Refactor static path code
- Update to version group-based-policy-5.0.1.dev490:
-
Support named ip protocols for SecurityGroupRules
-
Update to version group-based-policy-5.0.1.dev488:
-
Enable SVI networks with hosts running opflex agent
-
Update to version group-based-policy-5.0.1.dev486:
-
Allow both FIP and SNAT on a single port
-
Update to version group-based-policy-5.0.1.dev485:
-
Fix active-active AAP RPC query
-
Update to version group-based-policy-5.0.1.dev484:
- [AIM] Add extra provided/consumed contracts to network extension
-
Active active AAP feature
-
Update to version group-based-policy-5.0.1.dev481:
-
Support cache option for legacy GBP driver
-
Update to version group-based-policy-5.0.1.dev480:
-
Fix host ID length in VM names table
-
Update to version group-based-policy-5.0.1.dev479:
-
Update_proj_descr in apic when project description is updated in os
-
Update to version group-based-policy-5.0.1.dev477:
- Fix ambiguity in mapping to domain in port pair workflow
Changes in openstack-neutron-vpnaas: - Update to version neutron-vpnaas-13.0.2.dev6: * Add iptables command filter for functional test
- Update to version neutron-vpnaas-13.0.2.dev5:
- Update UPPER_CONSTRAINTS_FILE for stable/rocky
Changes in openstack-neutron-vpnaas: - Update to version neutron-vpnaas-13.0.2.dev6: * Add iptables command filter for functional test
- Update to version neutron-vpnaas-13.0.2.dev5:
- Update UPPER_CONSTRAINTS_FILE for stable/rocky
Changes in openstack-nova: - Update to version nova-18.2.4.dev63: * Mask the token used to allow access to consoles
- Update to version nova-18.2.4.dev61:
-
Use stable constraint for Tempest pinned stable branches
-
Update to version nova-18.2.4.dev60:
-
tox: Stop build *all* docs in 'docs'
-
Update to version nova-18.2.4.dev59:
- Block deleting compute services with in-progress migrations
- Cache security group driver
-
Join migration_context and flavor in Migration.instance
-
Update to version nova-18.2.4.dev53:
-
Improve metadata server performance with large security groups
-
Update to version nova-18.2.4.dev51:
- Add functional recreate revert resize test for bug 1852610
-
Add functional recreate test for bug 1852610
-
Update to version nova-18.2.4.dev47:
-
Zuul v3: use devstack-plugin-nfs-tempest-full
-
Update to version nova-18.2.4.dev46:
- Add BFV wrinkle to TestNovaManagePlacemenalAllocations
- Add --instance option to heal_allocations
-
Add --dry-run option to heal_allocations CLI
-
Update to version nova-18.2.4.dev40:
-
Add functional recreate test for bug 1829479 and bug 1817833
-
Update to version nova-18.2.4.dev38:
- Do not update root_device_name during guest config
-
compute: Use long_rpc_timeout in reserve_block_device_name
-
Update to version nova-18.2.4.dev35:
-
compute: Take an instance.uuid lock when rebooting
-
Update to version nova-18.2.4.dev33:
-
Replace time.sleep(10) with service forced_down in tests
-
Update to version nova-18.2.4.dev31:
-
Nova compute: add in log exception to help debug failures
-
Update to version nova-18.2.4.dev29:
-
Fix false ERROR message at compute restart
-
Update to version nova-18.2.4.dev27:
-
Fix listing deleted servers with a marker
-
Update to version nova-18.2.4.dev25:
-
Add functional regression test for bug 1849409
-
Update to version nova-18.2.4.dev23:
- Don't delete compute node, when deleting service other than nova-compute
Changes in openstack-nova: - Update to version nova-18.2.4.dev63: * Mask the token used to allow access to consoles
- Update to version nova-18.2.4.dev61:
-
Use stable constraint for Tempest pinned stable branches
-
Update to version nova-18.2.4.dev60:
-
tox: Stop build *all* docs in 'docs'
-
Update to version nova-18.2.4.dev59:
- Block deleting compute services with in-progress migrations
- Cache security group driver
-
Join migration_context and flavor in Migration.instance
-
Update to version nova-18.2.4.dev53:
-
Improve metadata server performance with large security groups
-
Update to version nova-18.2.4.dev51:
- Add functional recreate revert resize test for bug 1852610
-
Add functional recreate test for bug 1852610
-
Update to version nova-18.2.4.dev47:
-
Zuul v3: use devstack-plugin-nfs-tempest-full
-
Update to version nova-18.2.4.dev46:
- Add BFV wrinkle to TestNovaManagePlacementHealAllocations
- Add --instance option to heal_allocations
-
Add --dry-run option to heal_allocations CLI
-
Update to version nova-18.2.4.dev40:
-
Add functional recreate test for bug 1829479 and bug 1817833
-
Update to version nova-18.2.4.dev38:
- Do not update root_device_name during guest config
-
compute: Use long_rpc_timeout in reserve_block_device_name
-
Update to version nova-18.2.4.dev35:
-
compute: Take an instance.uuid lock when rebooting
-
Update to version nova-18.2.4.dev33:
-
Replace time.sleep(10) with service forced_down in tests
-
Update to version nova-18.2.4.dev31:
-
Nova compute: add in log exception to help debug failures
-
Update to version nova-18.2.4.dev29:
-
Fix false ERROR message at compute restart
-
Update to version nova-18.2.4.dev27:
-
Fix listing deleted servers with a marker
-
Update to version nova-18.2.4.dev25:
-
Add functional regression test for bug 1849409
-
Update to version nova-18.2.4.dev23:
- Don't delete compute node, when deleting service other than nova-compute
Changes in openstack-octavia: - Update to version octavia-3.2.2.dev8: * Fix uncaught DB exception when trying to get a spare amphora
- Update to version octavia-3.2.2.dev7:
-
Fix house keeping graceful shutdown
-
Update to version octavia-3.2.2.dev5:
-
Fix pep8 failures on stable/rocky branch
-
Update to version octavia-3.2.2.dev4:
-
Use stable upper-constraints.txt in Amphora builds
-
Update to version octavia-3.2.2.dev3:
-
Add listener and pool protocol validation
-
Update to version octavia-3.2.2.dev2* Cap hacking version to minor than 2 3.2.1
-
Update to version octavia-3.2.1.dev10:
-
Accept oslopolicy-policy-generator path arguments
-
Add patch 0001-Accept-oslopolicy-policy-generator-path-arguments.patch https://review.opendev.org/#/c/698433
-
Update to version octavia-3.2.1.dev9:
-
Fix controller worker graceful shutdown
-
Update to version octavia-3.2.1.dev7:
-
Fix a potential race condition with certs-ramfs
-
Update to version octavia-3.2.1.dev5:
- Fix issues with unavailable secrets
Changes in openstack-octavia-amphora-image: - Updated updateBuildRequires.pl script for SP4 build
-
Update image to 0.1.2 to include latest changes
-
Add keepalived service Changes in openstack-sahara:
- Update to version sahara-9.0.2.dev15:
- Run sahara-scenario using Python 3
Changes in openstack-sahara: - Update to version sahara-9.0.2.dev15: * Run sahara-scenario using Python 3
Changes in openstack-swift: - Update to version swift-2.19.2.dev48: 2.19.2 (rocky stable backports) * Sharding improvements * The container-replicator now only attempts to fetch shard ranges if the remote indicates that it has shard ranges. Further, it does so with a timeout to prevent the process from hanging in certain cases. * The container-replicator now correctly enqueues container-reconciler work for sharded containers. * S3 API improvements * Fixed an issue where v4 signatures would not be validated against the body of the request, allowing a replay attack if request headers were captured by a malicious third party. Note that unsigned payloads still function normally. * CompleteMultipartUpload requests with a Content-MD5 now work. * Fixed v1 listings that end with a non-ASCII object name. * Multipart object segments are now actually deleted when the multipart object is deleted via the S3 API. * Fixed an issue that caused Delete Multiple Objects requests with large bodies to 400. This was previously fixed in 2.20.0. * Fixed an issue where non-ASCII Keystone EC2 credentials would not get mapped to the correct account. This was previously fixed in 2.20.0.
Changes in openstack-swift: - Update to version swift-2.19.2.dev48: 2.19.2 (rocky stable backports) * Sharding improvements * The container-replicator now only attempts to fetch shard ranges if the remote indicates that it has shard ranges. Further, it does so with a timeout to prevent the process from hanging in certain cases. * The container-replicator now correctly enqueues container-reconciler work for sharded containers. * S3 API improvements * Fixed an issue where v4 signatures would not be validated against the body of the request, allowing a replay attack if request headers were captured by a malicious third party. Note that unsigned payloads still function normally. * CompleteMultipartUpload requests with a Content-MD5 now work. * Fixed v1 listings that end with a non-ASCII object name. * Multipart object segments are now actually deleted when the multipart object is deleted via the S3 API. * Fixed an issue that caused Delete Multiple Objects requests with large bodies to 400. This was previously fixed in 2.20.0. * Fixed an issue where non-ASCII Keystone EC2 credentials would not get mapped to the correct account. This was previously fixed in 0.0.
Changes in python-amqp: - Added pyOpenSSL build dependency - Update to 2.4.2: - Added support for the Cygwin platform - Correct offset incrementation when parsing bitmaps. - Consequent bitmaps are now parsed correctly. - Removed patches that are alr