Security update for ardana-ansible, ardana-cinder, ardana-cobbler, ardana-db, ardana-horizon, ardana-input-model, ardana-monasca, ardana-mq, ardana-nova, ardana-octavia, ardana-osconfig, ardana-tempes

Announcement ID: SUSE-SU-2020:0642-1
Rating: important
References:
Cross-References:
CVSS scores:
  • CVE-2018-17954 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2018-17954 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2019-13117 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
  • CVE-2019-13117 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
  • CVE-2019-13117 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • CVE-2019-16770 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2019-16770 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
  • SUSE Linux Enterprise Server 12 SP4
  • SUSE OpenStack Cloud 9
  • SUSE OpenStack Cloud Crowbar 9

An update that solves three vulnerabilities, contains 62 features and has nine security fixes can now be installed.

Description:

This update for ardana-ansible, ardana-cinder, ardana-cobbler, ardana-db, ardana-horizon, ardana-input-model, ardana-monasca, ardana-mq, ardana-nova, ardana-octavia, ardana-osconfig, ardana-tempest, ardana-tls, crowbar-core, crowbar-ha, crowbar-openstack, crowbar-ui, keepalived, openstack-barbican, openstack-ceilometer, openstack-cinder, openstack-dashboard, openstack-dashboard-theme-SUSE, openstack-designate, openstack-heat, openstack-horizon-plugin-designate-ui, openstack-horizon-plugin-ironic-ui, openstack-horizon-plugin-neutron-lbaas-ui, openstack-horizon-plugin-octavia-ui, openstack-ironic, openstack-ironic-python-agent, openstack-keystone, openstack-magnum, openstack-monasca-agent, openstack-neutron, openstack-neutron-fwaas, openstack-neutron-gbp, openstack-neutron-vpnaas, openstack-nova, openstack-octavia, openstack-octavia-amphora-image, openstack-sahara, openstack-swift, python-amqp, python-ironic-lib, python-keystoneauth1, python-keystoneclient, python-keystonemiddleware, python-ovs, supportutils-plugin-suse-openstack-cloud, rubygem-crowbar-client, rubygem-puma, venv-openstack-horizon fixes the following issues:

Security issues fixed:

  • CVE-2018-17954: Enabled restricted commands for Cloud 8 (bsc#1117080).
  • CVE-2019-16770: Fixed a DoS vulnerability a malicious client could use to block a large amount of threads (bsc#1158675).

Non-security issues fixed:

Changes in ardana-ansible: - Update to version 9.0+git.1581611758.f694f7d: * Don't run deprecated-vhost-removal on localhost (SOC-11098)

  • Update to version 9.0+git.1580906085.40eb430:
  • simplify glance image upload (SOC-11089)

  • Update to version 9.0+git.1580220034.3236aa5:

  • Ensure rabbitmq-server started after packages updated (SOC-11070)

  • Update to version 9.0+git.1576060554.bdd84e6:

  • Fix grep for image details on service-guest-image (SOC-11012)

Changes in ardana-cinder: - Update to version 9.0+git.1579256229.c8b4b38: * Add option to flatten snapshots when using SES (SOC-11054)

  • Update to version 9.0+git.1574694613.04a8b74:
  • Ensure nfs-client installed for NetApp support (SOC-9005)

  • Update to version 9.0+git.1574359983.c198cc9:

  • Add option for nfs_share configuration (SOC-9005)

Changes in ardana-cobbler: - Update to version 9.0+git.1574950066.a3c4be4: * Set root device on SLES autoyast templates (SOC-7365)

  • Update to version 9.0+git.1573845154.3545efd:
  • Change install_recommended to true (SOC-9005)

Changes in ardana-db: - Update to version 9.0+git.1578936438.b9a9b95: * Switch to using override file in my.cnf.d (SOC-11043)

  • Update to version 9.0+git.1578595169.57c5911:
  • account for pre-update nodes (SOC-11037)

Changes in ardana-horizon: - Update to version 9.0+git.1575562864.8ed5e10: * Generate policy for Octavia dashboard (SOC-10883)

  • Update to version 9.0+git.1575562860.2ce2851:
  • Fix policy configuration generation (SOC-10883)

Changes in ardana-input-model: - Update to version 9.0+git.1580403439.d425462: * Enable port security extension neutron (SOC-11027)

  • Update to version 9.0+git.1574953363.60cf58f:
  • octavia: use lbaasv2-proxy service plugin (SOC-10987)

Changes in ardana-monasca: - Update to version 9.0+git.1579273481.4b8c46f: * Leverage schema conversion script for upgrade (SOC-10277)

  • Update to version 9.0+git.1575919721.5c42222:
  • align Monasca DB schema with upstream prior to upgrade (SOC-10277)

Changes in ardana-mq: - Update to version 9.0+git.1581024903.8e74867: * Ensure HA queue sync wait fails (SOC-11083)

  • Update to version 9.0+git.1580934283.230ff8b:
  • Fix HA policy setting comments (SOC-10317, SOC-11082)

  • Update to version 9.0+git.1580746285.da922ce:

  • Set HA policy accordingly (SOC-10317, SOC-11082)

  • Update to version 9.0+git.1575405552.d84f662:

  • Change the HA policy mirror (SOC-10317)

Changes in ardana-nova: - Update to version 9.0+git.1580304673.6c668eb: * Set notification_format to unversioned in nova.conf (bsc#1161721)

  • Update to version 9.0+git.1575481165.9d3826f:
  • Remove duplicate entries for alias configuration for GPU (SOC-10837)

  • Update to version 9.0+git.1573764498.ed4098d:

  • Pass through gpu device info. (SOC-10837)

Changes in ardana-octavia: - Update to version 9.0+git.1576074489.62de7e2: * Add load-balancer roles (SOC-8743)

  • Update to version 9.0+git.1575366951.e0216b4:
  • Add policy.json to match the neutron lbaasv2 policy (SOC-10987)

  • Update to version 9.0+git.1574358661.c976583:

  • Change event_streamer_driver to noop (bsc#1154235)

Changes in ardana-osconfig: - Update to version 9.0+git.1580235830.0dca223: * Start OVS services before wicked service at boot (SOC-11067)

  • Update to version 9.0+git.1579790275.8afb314:
  • Adjust 'fs.inotify.max_user_instances' to align with crowbar (bsc#1161351)

Changes in ardana-tempest: - Update to version 9.0+git.1578932816.e299c08: * Revert to using cirros image for heat tests (SOC-7028)

  • Update to version 9.0+git.1578413400.0614192:
  • Create network resources needed by some heat tests (SOC-7028)

  • Update to version 9.0+git.1576611974.d17e4df:

  • Enable octavia tempest plugin test cases (SOC-8743)

  • Update to version 9.0+git.1574955714.5bae846:

  • Update lbaas tempest filter for octavia (SOC-10987)

Changes in ardana-tls: - Update to version 9.0+git.1575296665.3fdfe45: * Make sure VNC CA file contain our internal CAs (SOC-10968)

  • Update to version 9.0+git.1574280348.a306396:
  • default the certificate validity to 5 years for the VNC cert (SOC-10973)

Changes in crowbar-core: - Update to version 6.0+git.1582892022.cbd70e833: * upgrade: Run DHCP evacuation (SOC-11046)

  • Update to version 6.0+git.1582200015.08264d8f9:
  • Fix deployment queue display (SOC-10741)

  • Update to version 6.0+git.1580144807.7d068caf0:

  • network: start OVS before wickedd (SOC-11067)

  • Update to version 6.0+git.1578997967.4591670f0:

  • dns: add checks to designate migration (SOC-11047)

  • Update to version 6.0+git.1578935422.01edb0a9b:

  • Do not log an error for a case that is correct (trivial)

  • Update to version 6.0+git.1578563578.68beda299:

  • Upgrade neutron agent together with nova-compute package (SOC-11031)

  • Update to version 6.0+git.1578402096.90d9332d9:

  • apache2: Restart after enabling SSL flag (SOC-11029)
  • crowbar: add crowbar-pacemaker dependency (SOC-10986)

  • Update to version 6.0+git.1576756414.ca49a781d:

  • bind9: Add legacy public.foo DNS entries (SOC-11006)

  • Update to version 6.0+git.1576662075.88de27567:

  • upgrade: Make a check for SLES product version (SOC-3089)

  • Update to version 6.0+git.1576493114.5e9534f13:

  • upgrade: Stop if nova-compute upgrade fails (SOC-10378)
  • upgrade: Fix typo in log message (typo)

  • Update to version 6.0+git.1576149781.1ac02ef0d:

  • upgrade: add missing exit to Monasca DB dump (trivial)

  • Update to version 6.0+git.1576072790.23b58b4a2:

  • upgrade: Fix systemd unit listing (trivial)
  • Make sure the crowbar migrations are OK (SOC-6849)

  • Update to version 6.0+git.1575980638.3cad5a333:

  • Ignore CVE-2019-16770 (SOC-10999)
  • upgrade: Make cluster health check at the start of services step (SOC-6849)
  • upgrade: Remove DRBD specific code from the continuation parts (SOC-10985)

  • Update to version 6.0+git.1575628097.5a7475686:

  • upgrade: Do not stop and reload nova services in normal mode (SOC-10995)

  • Update to version 6.0+git.1574763248.ad958e68c:

  • Disable installation repository (bsc#1152007)
  • Disable automatic repo services (bsc#1152007)

  • Update to version 6.0+git.1574431193.3f5c69937:

  • [upgrade] Wait for keystone to be ready after start (bsc#1157206)

  • Update to version 6.0+git.1574363439.bc4d86c9b:

  • upgrade: Make sure cinder-volume is really stopped (bsc#1156305)

  • Update to version 6.0+git.1574270808.e4344109b:

  • upgrade: Ignore Cloud repository during repocheck (bsc#1152007)

  • Update to version 6.0+git.1574102328.13f0b12bf:

  • Ignore CVE-2019-13117 in CI builds (bsc#1157028)

Changes in crowbar-ha: - Update to version 6.0+git.1574286261.6fd1a34: * Drop g-haproxy removal code (bsc#1156914)

Changes in crowbar-openstack: - Update to version 6.0+git.1580922461.67fb3c087: * Designate: make sure dns-server is active on a non-admin node (SOC-10636) * Revert rabbitmq: sync startup definitions.json with recipe (SOC-11082)

  • Update to version 6.0+git.1580480133.d27bf75d0:
  • ec2-api: run keystone_register on cluster founder only (SOC-11079)

  • Update to version 6.0+git.1580308069.558c6dd8a:

  • rabbitmq: sync startup definitions.json with recipe (SOC-11077)

  • Update to version 6.0+git.1579097055.cf15ef22e:

  • tempest: enable multiattach for NetApp + LVM (SCPM-97)
  • tempest: tempest run filters as templates (SOC-11052)

  • Update to version 6.0+git.1578491103.ca03b990c:

  • Install openstack client for neutron recipes (SOC-11039)

  • Update to version 6.0+git.1576859278.871ed9151:

  • octavia: Add topology setting (SOC-10876)

  • Update to version 6.0+git.1576769055.cae3ecf9a:

  • octavia: Add anti-affinity settings (SOC-11026)
  • designate: Fix the migrations of ssl values (SOC-11030)
  • octavia: Also delete unused amphora images (SOC-11024)
  • octavia: Delete old amphora images (SOC-11024)
  • octavia: Install amphora image always (SOC-11024)

  • Update to version 6.0+git.1576688912.0cfb42201:

  • Do not read data from barclamp that has not been saved (SOC-11028)
  • octavia: Add ssh key to health manager (SOC-11025)

  • Update to version 6.0+git.1576513513.8456a08f8:

  • designate: Mark as user managed (SOC-10233)

  • Update to version 6.0+git.1576331976.c068cbe15:

  • octavia: Update configuration parameters (SOC-10904)

  • Update to version 6.0+git.1576245850.2d50399b5:

  • tempest: Update default image on schema (SOC-11023)

  • Update to version 6.0+git.1576145909.ec2c5f746:

  • octavia: enable octavia tempest plugin test cases (SOC-8743)

  • Update to version 6.0+git.1576091112.c802654e0:

  • keystone: Add OS_INTERFACE env var to .openrc (SOC-11006)
  • horizon: add Octavia horizon dashboard (SOC-10833)

  • Update to version 6.0+git.1575917420.9a9d1b024:

  • Add Crowbar UI options for mgmt net (SOC-10904)
  • octavia: configure barbican auth (SOC-10989)
  • octavia: fix deprecated config options (SOC-10990)

  • Update to version 6.0+git.1574850023.d4c2337fc:

  • tempest: create lbaas-octavia filter (SOC-10965)
  • octavia: switch to noop event streamer (SOC-10868)
  • tempest: fix lbaasv2 tests with Octavia lbaasv2-proxy service plugin (SOC-10907)

  • Update to version 6.0+git.1574685608.1c9818d53:

  • horizon: fix keystone node lookup (SOC-10978)

  • Update to version 6.0+git.1574428771.9bd63ba0d:

  • designate: declare all mdns servers as master on pool config (SOC-10952)

  • Update to version 6.0+git.1574334452.15e0db044:

  • designate: add support for SSL (SOC-10877)
  • horizon: install lbaas horizon dashboard (SOC-10883)

  • Update to version 6.0+git.1574270038.651a48486:

  • octavia: add SSL section to the UI (SOC-10906)

  • Update to version 6.0+git.1574094012.3c62b569f:

  • octavia: Add memcached_servers for token caching (SOC-10905)

Changes in crowbar-ui: - Update to version 1.3.0+git.1575896697.a01a3a08: * upgrade: Added missing error title * travis: Stop testing against nodejs4

Changes in keepalived: - update to 2.0.19 - new BR pkgconfig(libnftnl) to fix nftables support - add nftables to the BR - added patch * linux-4.15.patch - add buildrequires for file-devel - used in the checker to verify scripts - enable json stats and config dump support new BR: pkgconfig(json-c) - enable http regexp support: new BR pcre2-devel - disable dbus instance creation support as it is marked as dangerous - Add BFD build option to keepalived.spec rpm file Issue #1114 identified that the keepalived.spec file was not being generated to build BFD support even if keepalived had been configured to support it. - full changelog https://keepalived.org/changelog.html

Changes in openstack-barbican: - Update to version barbican-7.0.1.dev24: * Fix the barbicanclient installation not from source

  • Update to version barbican-7.0.1.dev23:
  • Don't use branch matching
  • Make broken fedora_latest job n-v

Changes in openstack-barbican: - Update to version barbican-7.0.1.dev24: * Fix the barbicanclient installation not from source

  • Update to version barbican-7.0.1.dev23:
  • Don't use branch matching
  • Make broken fedora_latest job n-v

Changes in openstack-ceilometer: - Update to version ceilometer-11.0.2.dev21: * Tell reno to ignore the kilo branch * Run Grenade job under Python 2 for compatibility

  • Update to version ceilometer-11.0.2.dev19:
  • [stable-only] Cap msgpack

  • Update to version ceilometer-11.0.2.dev18:

  • Add note for loadbalancer resource type support

  • Update to version ceilometer-11.0.2.dev17:

  • Fix samples with dots in sample name

  • Update to version ceilometer-11.0.2.dev15:

  • Add loadbalancer resource type

Changes in openstack-ceilometer: - Update to version ceilometer-11.0.2.dev21: * Tell reno to ignore the kilo branch * Run Grenade job under Python 2 for compatibility

  • Update to version ceilometer-11.0.2.dev19:
  • [stable-only] Cap msgpack

  • Update to version ceilometer-11.0.2.dev18:

  • Add note for loadbalancer resource type support

  • Update to version ceilometer-11.0.2.dev17:

  • Fix samples with dots in sample name

  • Update to version ceilometer-11.0.2.dev15:

  • Add loadbalancer resource type

Changes in openstack-cinder: - Update to version cinder-13.0.9.dev11: * Cinder backup export broken

  • Update to version cinder-13.0.9.dev10:
  • Support Incremental Backup Completion In RBD

  • Update to version cinder-13.0.9.dev8:

  • Fix: Create new cache entry when xtremio reaches snap limit
  • Tell reno to ignore the kilo branch

  • Update to version cinder-13.0.9.dev5:

  • Make volume soft delete more thorough

  • Update to version cinder-13.0.9.dev4:

  • Cap sphinx for py2 to match global reqs 13.0.8

  • Update to version cinder-13.0.8.dev12:

  • Add 'volume_attachment' to volume expected attributes
  • Fix service_uuid migration for volumes with no host

  • Update to version cinder-13.0.8.dev9:

  • Increase cpu limit for image conversion

Changes in openstack-cinder: - Update to version cinder-13.0.9.dev11: * Cinder backup export broken

  • Update to version cinder-13.0.9.dev10:
  • Support Incremental Backup Completion In RBD

  • Update to version cinder-13.0.9.dev8:

  • Fix: Create new cache entry when xtremio reaches snap limit
  • Tell reno to ignore the kilo branch

  • Update to version cinder-13.0.9.dev5:

  • Make volume soft delete more thorough

  • Update to version cinder-13.0.9.dev4:

  • Cap sphinx for py2 to match global reqs 13.0.8

  • Update to version cinder-13.0.8.dev12:

  • Add 'volume_attachment' to volume expected attributes
  • Fix service_uuid migration for volumes with no host

  • Update to version cinder-13.0.8.dev9:

  • Increase cpu limit for image conversion

Changes in openstack-dashboard: - Update to version horizon-14.1.1.dev1: 14.1.0 * Ensure python versions

  • Update to version horizon-14.0.5.dev9:
  • Fix typo in publicize_image policy name

  • Update to version horizon-14.0.5.dev8:

  • Fix "prev" link pagination for instances with identical timestamps

  • Update to version horizon-14.0.5.dev7:

  • Fix deleting port from port details page
  • Fix tenant floating_ip_allocation call in neutron rest api

  • Update to version horizon-14.0.5.dev3:

  • Add "prev" link to instance page list pagination

  • horizon: Obsolete python-django_openstack_auth (SOC-10228) port of https://review.opendev.org/#/c/685224

  • Update to version horizon-14.0.5.dev2:

  • Call Glance list with certain image ids

Changes in openstack-dashboard-theme-SUSE: - Add trigger for openstack-horizon-plugin-octavia-ui (SOC-10883)

Changes in openstack-designate: - Update to version designate-7.0.1.dev23: * Use Tempest 'all' tox env

Changes in openstack-designate: - Update to version designate-7.0.1.dev23: * Use Tempest 'all' tox env

Changes in openstack-heat: - Update to version openstack-heat-11.0.3.dev31: * Update Fedora image ref for test jobs

  • Update to version openstack-heat-11.0.3.dev29:
  • Docs: use extrefs to link to other projects' docs

  • Update to version openstack-heat-11.0.3.dev28:

  • Use stable constraint for Tempest pinned stable branches

  • Update to version openstack-heat-11.0.3.dev27:

  • Correct BRANCH_OVERRIDE for stable/rocky
  • Correct availability_zone to be non-mandatory in heat

  • Update to version openstack-heat-11.0.3.dev24:

  • Fix the wrong time unit for OS::Octavia::HealthMonitor

Changes in openstack-heat: - Update to version openstack-heat-11.0.3.dev31: * Update Fedora image ref for test jobs

  • Update to version openstack-heat-11.0.3.dev29:
  • Docs: use extrefs to link to other projects' docs

  • Update to version openstack-heat-11.0.3.dev28:

  • Use stable constraint for Tempest pinned stable branches

  • Update to version openstack-heat-11.0.3.dev27:

  • Correct BRANCH_OVERRIDE for stable/rocky
  • Correct availability_zone to be non-mandatory in heat

  • Update to version openstack-heat-11.0.3.dev24:

  • Fix the wrong time unit for OS::Octavia::HealthMonitor

Changes in openstack-horizon-plugin-designate-ui: - Update to version designate-dashboard-7.0.1.dev8: * Fix list zones updated at same time

Changes in openstack-horizon-plugin-ironic-ui: - Update to version ironic-ui-3.3.1.dev14: * Fix horizon dependency * OpenDev Migration Patch

Changes in openstack-horizon-plugin-neutron-lbaas-ui: - Update to version neutron-lbaas-dashboard-5.0.1.dev8: * Fix auth url for Barbican client

  • Add _1481_project_ng_loadbalancersv2_panel.pyc file to package (SOC-10883) The .pyc file needs to be removed when the package is uninstalled, otherwise the panel will remain enabled in the dashboard and cause errors.

Changes in openstack-ironic: - Update to version ironic-11.1.4.dev22: * Change MTU logic to allow for lower MTUs automatically * Do not ignore 'fields' query parameter when building next url * Ensure pagination marker is always set

  • Update to version ironic-11.1.4.dev17:
  • grub configuration should use user kernel and ramdisk

  • Update to version ironic-11.1.4.dev16:

  • Change log level based on node status

Changes in openstack-ironic: - Remove rootwrap.d/ironic-lib.filters. This file is included in python-ironic-lib >= 2.14.2.

  • Update to version ironic-11.1.4.dev22:
  • Change MTU logic to allow for lower MTUs automatically
  • Do not ignore 'fields' query parameter when building next url
  • Ensure pagination marker is always set

  • Update to version ironic-11.1.4.dev17:

  • grub configuration should use user kernel and ramdisk

  • Update to version ironic-11.1.4.dev16:

  • Change log level based on node status

Changes in openstack-ironic-python-agent: - Update to version ironic-python-agent-3.3.3.dev6: * Fix tox.ini to correctly test lower-constraints

Changes in openstack-keystone: - Update to version keystone-14.1.1.dev36: * Tell reno to ignore the kilo branch

  • Update to version keystone-14.1.1.dev35:
  • Always have username in CADF initiator

  • Update to version keystone-14.1.1.dev33:

  • Fix role_assignments role.id filter
  • Ensure bootstrap handles multiple roles with the same name

  • Update to version keystone-14.1.1.dev29:

  • Add the missing packages when install keystone

Changes in openstack-keystone: - Update to version keystone-14.1.1.dev36: * Tell reno to ignore the kilo branch

  • Update to version keystone-14.1.1.dev35:
  • Always have username in CADF initiator

  • Update to version keystone-14.1.1.dev33:

  • Fix role_assignments role.id filter
  • Ensure bootstrap handles multiple roles with the same name

  • Update to version keystone-14.1.1.dev29:

  • Add the missing packages when install keystone

Changes in openstack-magnum: - Update to version magnum-7.2.1.dev1: * Remove buildimage jobs 7.2.0

  • Update to version magnum-7.1.1.dev38:
  • k8s_fedora: Move rp_filter=1 for calico up
  • k8s_fedora_atomic: Add PodSecurityPolicy
  • k8s: Clear cni configuration
  • fix: Deploy enable_service last (rocky only)

  • Update to version magnum-7.1.1.dev34:

  • k8s_fedora: Label master nodes with kubectl
  • k8s: stop introspecting instance name
  • Fix proportional autoscaler image
  • Using Fedora Atomic 29 as default image

Changes in openstack-magnum: - Update to version magnum-7.2.1.dev1: * Remove buildimage jobs 7.2.0

  • Update to version magnum-7.1.1.dev38:
  • k8s_fedora: Move rp_filter=1 for calico up
  • k8s_fedora_atomic: Add PodSecurityPolicy
  • k8s: Clear cni configuration
  • fix: Deploy enable_service last (rocky only)

  • Update to version magnum-7.1.1.dev34:

  • k8s_fedora: Label master nodes with kubectl
  • k8s: stop introspecting instance name
  • Fix proportional autoscaler image
  • Using Fedora Atomic 29 as default image

Changes in openstack-monasca-agent: - update to version 2.8.1~dev13 - add X.509 certificate check plugin

  • update to version 2.8.1~dev12
  • Update hacking version to 1.1.x
  • OpenDev Migration Patch

Changes in openstack-neutron: - Update to version neutron-13.0.7.dev48: * Do not initialize snat-ns twice * Fix bug: AttributeError arises while sorting with standard attributes

  • Update to version neutron-13.0.7.dev44:
  • ovs agent: signal to plugin if tunnel refresh needed
  • Mock check if ipv6 is enabled in L3 agent unit tests
  • Fix resource schemas and releated `get_sorts` test cases
  • Remove sleep command when retrieving OVS dp

  • Update to version neutron-13.0.7.dev36:

  • Remove Floating IP DNS record upon associated port deletion
  • Trigger router update only when gateway port IP changed
  • Re-use existing ProcessLauncher from wsgi in RPC workers

  • Update to version neutron-13.0.7.dev30:

  • Check SG members instead of ports to skip flow update
  • Ensure driver error preventing trunk port deletion is logged
  • [L3] Switch order of processing added and removed router ports

  • Update to version neutron-13.0.7.dev24:

  • dhcp-agent: equalize port create_low/update/delete priority
  • Catch OVSFWTagNotFound in update_port_filter
  • [OVS] Handle added/removed ports in the same polling iteration
  • DVR: Ignore DHCP port during DVR host query
  • Improve "OVSFirewallDriver.process_trusted_ports"
  • List SG rules which belongs to tenant's SG
  • Fix py3 compatibility

  • Update to version neutron-13.0.7.dev10:

  • Define orm relationships after db classes
  • Add retries to update trunk port

  • Update to version neutron-13.0.7.dev6:

  • Allow to kill keepalived state change monitor process

  • Update to version neutron-13.0.7.dev4:

  • Always set ovs bridge name in vif:binding-details

  • Update to version neutron-13.0.7.dev2:

  • don't clear skb mark when ovs is hw-offload enabled

  • Update to version neutron-13.0.7.dev1:

  • Use constraints for docs tox target and cap hacking 13.0.6

  • Update to version neutron-13.0.6.dev21:

  • Set DB retry for quota_enforcement pecan_wsgi hook

  • Update to version neutron-13.0.6.dev20:

  • [OVS FW] Clean port rules if port not found in ovsdb
  • Add more condition to check sg member exist

  • Update to version neutron-13.0.6.dev17:

  • Fix race condition when getting cmdline

  • Update to version neutron-13.0.6.dev15:

  • Run revision bump operations en masse

  • Update to version neutron-13.0.6.dev13:

  • Add extra unit test for get_cmdline_from_pid function

  • Update to version neutron-13.0.6.dev11:

  • Switch to use cast method in dhcp_ready_on_ports method

  • Update to version neutron-13.0.6.dev10:

  • Handle OVSFWPortNotFound and OVSFWTagNotFound in ovs firewall

Changes in openstack-neutron: - Update to version neutron-13.0.7.dev48: * Do not initialize snat-ns twice * Fix bug: AttributeError arises while sorting with standard attributes

  • Update to version neutron-13.0.7.dev44:
  • ovs agent: signal to plugin if tunnel refresh needed
  • Mock check if ipv6 is enabled in L3 agent unit tests
  • Fix resource schemas and releated `get_sorts` test cases
  • Remove sleep command when retrieving OVS dp

  • Update to version neutron-13.0.7.dev36:

  • Remove Floating IP DNS record upon associated port deletion
  • Trigger router update only when gateway port IP changed
  • Re-use existing ProcessLauncher from wsgi in RPC workers

  • Update to version neutron-13.0.7.dev30:

  • Check SG members instead of ports to skip flow update
  • Ensure driver error preventing trunk port deletion is logged
  • [L3] Switch order of processing added and removed router ports

  • Update to version neutron-13.0.7.dev24:

  • dhcp-agent: equalize port create_low/update/delete priority
  • Catch OVSFWTagNotFound in update_port_filter
  • [OVS] Handle added/removed ports in the same polling iteration
  • DVR: Ignore DHCP port during DVR host query
  • Improve "OVSFirewallDriver.process_trusted_ports"
  • List SG rules which belongs to tenant's SG
  • Fix py3 compatibility

  • Update neutron-ha-tool to latest version:

  • Add DHCP agent evacuation (SOC-11046)

  • Update to version neutron-13.0.7.dev10:

  • Define orm relationships after db classes
  • Add retries to update trunk port

  • Update to version neutron-13.0.7.dev6:

  • Allow to kill keepalived state change monitor process

  • Update to version neutron-13.0.7.dev4:

  • Always set ovs bridge name in vif:binding-details

  • Update to version neutron-13.0.7.dev2:

  • don't clear skb mark when ovs is hw-offload enabled

  • Update to version neutron-13.0.7.dev1:

  • Use constraints for docs tox target and cap hacking 13.0.6

  • Update to version neutron-13.0.6.dev21:

  • Set DB retry for quota_enforcement pecan_wsgi hook

  • Update to version neutron-13.0.6.dev20:

  • [OVS FW] Clean port rules if port not found in ovsdb
  • Add more condition to check sg member exist

  • Update to version neutron-13.0.6.dev17:

  • Fix racondition when getting cmdline

  • Update to version neutron-13.0.6.dev15:

  • Run revision bump operations en masse

  • neutron: Remove stop action from ovs-cleanup (bsc#1157482) backport of https://review.opendev.org/#/c/695867/

  • Update to version neutron-13.0.6.dev13:

  • Add extra unit test for get_cmdline_from_pid function

  • Update to version neutron-13.0.6.dev11:

  • Switch to use cast method in dhcp_ready_on_ports method

  • Update to version neutron-13.0.6.dev10:

  • Handle OVSFWPortNotFound and OVSFWTagNotFound in ovs firewall

Changes in openstack-neutron-fwaas: - Update to version neutron-fwaas-13.0.3.dev4: * Fix sorting of filter rules in legacy_conntrack module

  • Update to version neutron-fwaas-13.0.3.dev3:
  • Fix list_entries for netlink_lib when running on py3

Changes in openstack-neutron-fwaas: - Update to version neutron-fwaas-13.0.3.dev4: * Fix sorting of filter rules in legacy_conntrack module

  • Update to version neutron-fwaas-13.0.3.dev3:
  • Fix list_entries for netlink_lib when running on py3

Changes in openstack-neutron-gbp: - Update to version group-based-policy-5.0.1.dev491: * Refactor static path code

  • Update to version group-based-policy-5.0.1.dev490:
  • Support named ip protocols for SecurityGroupRules

  • Update to version group-based-policy-5.0.1.dev488:

  • Enable SVI networks with hosts running opflex agent

  • Update to version group-based-policy-5.0.1.dev486:

  • Allow both FIP and SNAT on a single port

  • Update to version group-based-policy-5.0.1.dev485:

  • Fix active-active AAP RPC query

  • Update to version group-based-policy-5.0.1.dev484:

  • [AIM] Add extra provided/consumed contracts to network extension
  • Active active AAP feature

  • Update to version group-based-policy-5.0.1.dev481:

  • Support cache option for legacy GBP driver

  • Update to version group-based-policy-5.0.1.dev480:

  • Fix host ID length in VM names table

  • Update to version group-based-policy-5.0.1.dev479:

  • Update_proj_descr in apic when project description is updated in os

  • Update to version group-based-policy-5.0.1.dev477:

  • Fix ambiguity in mapping to domain in port pair workflow

Changes in openstack-neutron-vpnaas: - Update to version neutron-vpnaas-13.0.2.dev6: * Add iptables command filter for functional test

  • Update to version neutron-vpnaas-13.0.2.dev5:
  • Update UPPER_CONSTRAINTS_FILE for stable/rocky

Changes in openstack-neutron-vpnaas: - Update to version neutron-vpnaas-13.0.2.dev6: * Add iptables command filter for functional test

  • Update to version neutron-vpnaas-13.0.2.dev5:
  • Update UPPER_CONSTRAINTS_FILE for stable/rocky

Changes in openstack-nova: - Update to version nova-18.2.4.dev63: * Mask the token used to allow access to consoles

  • Update to version nova-18.2.4.dev61:
  • Use stable constraint for Tempest pinned stable branches

  • Update to version nova-18.2.4.dev60:

  • tox: Stop build *all* docs in 'docs'

  • Update to version nova-18.2.4.dev59:

  • Block deleting compute services with in-progress migrations
  • Cache security group driver
  • Join migration_context and flavor in Migration.instance

  • Update to version nova-18.2.4.dev53:

  • Improve metadata server performance with large security groups

  • Update to version nova-18.2.4.dev51:

  • Add functional recreate revert resize test for bug 1852610
  • Add functional recreate test for bug 1852610

  • Update to version nova-18.2.4.dev47:

  • Zuul v3: use devstack-plugin-nfs-tempest-full

  • Update to version nova-18.2.4.dev46:

  • Add BFV wrinkle to TestNovaManagePlacemenalAllocations
  • Add --instance option to heal_allocations
  • Add --dry-run option to heal_allocations CLI

  • Update to version nova-18.2.4.dev40:

  • Add functional recreate test for bug 1829479 and bug 1817833

  • Update to version nova-18.2.4.dev38:

  • Do not update root_device_name during guest config
  • compute: Use long_rpc_timeout in reserve_block_device_name

  • Update to version nova-18.2.4.dev35:

  • compute: Take an instance.uuid lock when rebooting

  • Update to version nova-18.2.4.dev33:

  • Replace time.sleep(10) with service forced_down in tests

  • Update to version nova-18.2.4.dev31:

  • Nova compute: add in log exception to help debug failures

  • Update to version nova-18.2.4.dev29:

  • Fix false ERROR message at compute restart

  • Update to version nova-18.2.4.dev27:

  • Fix listing deleted servers with a marker

  • Update to version nova-18.2.4.dev25:

  • Add functional regression test for bug 1849409

  • Update to version nova-18.2.4.dev23:

  • Don't delete compute node, when deleting service other than nova-compute

Changes in openstack-nova: - Update to version nova-18.2.4.dev63: * Mask the token used to allow access to consoles

  • Update to version nova-18.2.4.dev61:
  • Use stable constraint for Tempest pinned stable branches

  • Update to version nova-18.2.4.dev60:

  • tox: Stop build *all* docs in 'docs'

  • Update to version nova-18.2.4.dev59:

  • Block deleting compute services with in-progress migrations
  • Cache security group driver
  • Join migration_context and flavor in Migration.instance

  • Update to version nova-18.2.4.dev53:

  • Improve metadata server performance with large security groups

  • Update to version nova-18.2.4.dev51:

  • Add functional recreate revert resize test for bug 1852610
  • Add functional recreate test for bug 1852610

  • Update to version nova-18.2.4.dev47:

  • Zuul v3: use devstack-plugin-nfs-tempest-full

  • Update to version nova-18.2.4.dev46:

  • Add BFV wrinkle to TestNovaManagePlacementHealAllocations
  • Add --instance option to heal_allocations
  • Add --dry-run option to heal_allocations CLI

  • Update to version nova-18.2.4.dev40:

  • Add functional recreate test for bug 1829479 and bug 1817833

  • Update to version nova-18.2.4.dev38:

  • Do not update root_device_name during guest config
  • compute: Use long_rpc_timeout in reserve_block_device_name

  • Update to version nova-18.2.4.dev35:

  • compute: Take an instance.uuid lock when rebooting

  • Update to version nova-18.2.4.dev33:

  • Replace time.sleep(10) with service forced_down in tests

  • Update to version nova-18.2.4.dev31:

  • Nova compute: add in log exception to help debug failures

  • Update to version nova-18.2.4.dev29:

  • Fix false ERROR message at compute restart

  • Update to version nova-18.2.4.dev27:

  • Fix listing deleted servers with a marker

  • Update to version nova-18.2.4.dev25:

  • Add functional regression test for bug 1849409

  • Update to version nova-18.2.4.dev23:

  • Don't delete compute node, when deleting service other than nova-compute

Changes in openstack-octavia: - Update to version octavia-3.2.2.dev8: * Fix uncaught DB exception when trying to get a spare amphora

  • Update to version octavia-3.2.2.dev7:
  • Fix house keeping graceful shutdown

  • Update to version octavia-3.2.2.dev5:

  • Fix pep8 failures on stable/rocky branch

  • Update to version octavia-3.2.2.dev4:

  • Use stable upper-constraints.txt in Amphora builds

  • Update to version octavia-3.2.2.dev3:

  • Add listener and pool protocol validation

  • Update to version octavia-3.2.2.dev2* Cap hacking version to minor than 2 3.2.1

  • Update to version octavia-3.2.1.dev10:

  • Accept oslopolicy-policy-generator path arguments

  • Add patch 0001-Accept-oslopolicy-policy-generator-path-arguments.patch https://review.opendev.org/#/c/698433

  • Update to version octavia-3.2.1.dev9:

  • Fix controller worker graceful shutdown

  • Update to version octavia-3.2.1.dev7:

  • Fix a potential race condition with certs-ramfs

  • Update to version octavia-3.2.1.dev5:

  • Fix issues with unavailable secrets

Changes in openstack-octavia-amphora-image: - Updated updateBuildRequires.pl script for SP4 build

  • Update image to 0.1.2 to include latest changes

  • Add keepalived service Changes in openstack-sahara:

  • Update to version sahara-9.0.2.dev15:
  • Run sahara-scenario using Python 3

Changes in openstack-sahara: - Update to version sahara-9.0.2.dev15: * Run sahara-scenario using Python 3

Changes in openstack-swift: - Update to version swift-2.19.2.dev48: 2.19.2 (rocky stable backports) * Sharding improvements * The container-replicator now only attempts to fetch shard ranges if the remote indicates that it has shard ranges. Further, it does so with a timeout to prevent the process from hanging in certain cases. * The container-replicator now correctly enqueues container-reconciler work for sharded containers. * S3 API improvements * Fixed an issue where v4 signatures would not be validated against the body of the request, allowing a replay attack if request headers were captured by a malicious third party. Note that unsigned payloads still function normally. * CompleteMultipartUpload requests with a Content-MD5 now work. * Fixed v1 listings that end with a non-ASCII object name. * Multipart object segments are now actually deleted when the multipart object is deleted via the S3 API. * Fixed an issue that caused Delete Multiple Objects requests with large bodies to 400. This was previously fixed in 2.20.0. * Fixed an issue where non-ASCII Keystone EC2 credentials would not get mapped to the correct account. This was previously fixed in 2.20.0.

Changes in openstack-swift: - Update to version swift-2.19.2.dev48: 2.19.2 (rocky stable backports) * Sharding improvements * The container-replicator now only attempts to fetch shard ranges if the remote indicates that it has shard ranges. Further, it does so with a timeout to prevent the process from hanging in certain cases. * The container-replicator now correctly enqueues container-reconciler work for sharded containers. * S3 API improvements * Fixed an issue where v4 signatures would not be validated against the body of the request, allowing a replay attack if request headers were captured by a malicious third party. Note that unsigned payloads still function normally. * CompleteMultipartUpload requests with a Content-MD5 now work. * Fixed v1 listings that end with a non-ASCII object name. * Multipart object segments are now actually deleted when the multipart object is deleted via the S3 API. * Fixed an issue that caused Delete Multiple Objects requests with large bodies to 400. This was previously fixed in 2.20.0. * Fixed an issue where non-ASCII Keystone EC2 credentials would not get mapped to the correct account. This was previously fixed in 0.0.

Changes in python-amqp: - Added pyOpenSSL build dependency - Update to 2.4.2: - Added support for the Cygwin platform - Correct offset incrementation when parsing bitmaps. - Consequent bitmaps are now parsed correctly. - Removed patches that are alr