Security update for ardana-ansible, ardana-cinder, ardana-cobbler, ardana-db, ardana-horizon, ardana-input-model, ardana-monasca, ardana-mq, ardana-nova, ardana-octavia, ardana-osconfig, ardana-tempes

Announcement ID:	SUSE-SU-2020:0642-1
Rating:	important
References:	bsc#1117080 bsc#1152007 bsc#1154235 bsc#1156305 bsc#1156914 bsc#1157028 bsc#1157206 bsc#1157482 bsc#1158581 bsc#1158675 bsc#1161351 bsc#1161721 jsc#SOC-10228 jsc#SOC-10233 jsc#SOC-10277 jsc#SOC-10317 jsc#SOC-10378 jsc#SOC-10636 jsc#SOC-10718 jsc#SOC-10741 jsc#SOC-10833 jsc#SOC-10837 jsc#SOC-10868 jsc#SOC-10876 jsc#SOC-10877 jsc#SOC-10883 jsc#SOC-10904 jsc#SOC-10905 jsc#SOC-10906 jsc#SOC-10907 jsc#SOC-10952 jsc#SOC-10965 jsc#SOC-10968 jsc#SOC-10973 jsc#SOC-10978 jsc#SOC-10985 jsc#SOC-10986 jsc#SOC-10987 jsc#SOC-10989 jsc#SOC-10990 jsc#SOC-10995 jsc#SOC-10999 jsc#SOC-11006 jsc#SOC-11012 jsc#SOC-11023 jsc#SOC-11024 jsc#SOC-11025 jsc#SOC-11026 jsc#SOC-11027 jsc#SOC-11028 jsc#SOC-11029 jsc#SOC-11030 jsc#SOC-11031 jsc#SOC-11037 jsc#SOC-11039 jsc#SOC-11043 jsc#SOC-11046 jsc#SOC-11047 jsc#SOC-11052 jsc#SOC-11054 jsc#SOC-11067 jsc#SOC-11070 jsc#SOC-11077 jsc#SOC-11079 jsc#SOC-11082 jsc#SOC-11083 jsc#SOC-11089 jsc#SOC-11098 jsc#SOC-3089 jsc#SOC-6849 jsc#SOC-7028 jsc#SOC-7365 jsc#SOC-8743 jsc#SOC-9005
Cross-References:	CVE-2018-17954 CVE-2019-13117 CVE-2019-16770
CVSS scores:	CVE-2018-17954 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2018-17954 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2019-13117 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N CVE-2019-13117 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2019-13117 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2019-16770 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2019-16770 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:	SUSE Linux Enterprise Server 12 SP4 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9

An update that solves three vulnerabilities, contains 62 features and has nine security fixes can now be installed.

Description:

This update for ardana-ansible, ardana-cinder, ardana-cobbler, ardana-db, ardana-horizon, ardana-input-model, ardana-monasca, ardana-mq, ardana-nova, ardana-octavia, ardana-osconfig, ardana-tempest, ardana-tls, crowbar-core, crowbar-ha, crowbar-openstack, crowbar-ui, keepalived, openstack-barbican, openstack-ceilometer, openstack-cinder, openstack-dashboard, openstack-dashboard-theme-SUSE, openstack-designate, openstack-heat, openstack-horizon-plugin-designate-ui, openstack-horizon-plugin-ironic-ui, openstack-horizon-plugin-neutron-lbaas-ui, openstack-horizon-plugin-octavia-ui, openstack-ironic, openstack-ironic-python-agent, openstack-keystone, openstack-magnum, openstack-monasca-agent, openstack-neutron, openstack-neutron-fwaas, openstack-neutron-gbp, openstack-neutron-vpnaas, openstack-nova, openstack-octavia, openstack-octavia-amphora-image, openstack-sahara, openstack-swift, python-amqp, python-ironic-lib, python-keystoneauth1, python-keystoneclient, python-keystonemiddleware, python-ovs, supportutils-plugin-suse-openstack-cloud, rubygem-crowbar-client, rubygem-puma, venv-openstack-horizon fixes the following issues:

Security issues fixed:

CVE-2018-17954: Enabled restricted commands for Cloud 8 (bsc#1117080).
CVE-2019-16770: Fixed a DoS vulnerability a malicious client could use to block a large amount of threads (bsc#1158675).

Non-security issues fixed:

Changes in ardana-ansible: - Update to version 9.0+git.1581611758.f694f7d: * Don't run deprecated-vhost-removal on localhost (SOC-11098)

Update to version 9.0+git.1580906085.40eb430:
simplify glance image upload (SOC-11089)
Update to version 9.0+git.1580220034.3236aa5:
Ensure rabbitmq-server started after packages updated (SOC-11070)
Update to version 9.0+git.1576060554.bdd84e6:
Fix grep for image details on service-guest-image (SOC-11012)

Changes in ardana-cinder: - Update to version 9.0+git.1579256229.c8b4b38: * Add option to flatten snapshots when using SES (SOC-11054)

Update to version 9.0+git.1574694613.04a8b74:
Ensure nfs-client installed for NetApp support (SOC-9005)
Update to version 9.0+git.1574359983.c198cc9:
Add option for nfs_share configuration (SOC-9005)

Changes in ardana-cobbler: - Update to version 9.0+git.1574950066.a3c4be4: * Set root device on SLES autoyast templates (SOC-7365)

Update to version 9.0+git.1573845154.3545efd:
Change install_recommended to true (SOC-9005)

Changes in ardana-db: - Update to version 9.0+git.1578936438.b9a9b95: * Switch to using override file in my.cnf.d (SOC-11043)

Update to version 9.0+git.1578595169.57c5911:
account for pre-update nodes (SOC-11037)

Changes in ardana-horizon: - Update to version 9.0+git.1575562864.8ed5e10: * Generate policy for Octavia dashboard (SOC-10883)

Update to version 9.0+git.1575562860.2ce2851:
Fix policy configuration generation (SOC-10883)

Changes in ardana-input-model: - Update to version 9.0+git.1580403439.d425462: * Enable port security extension neutron (SOC-11027)

Update to version 9.0+git.1574953363.60cf58f:
octavia: use lbaasv2-proxy service plugin (SOC-10987)

Changes in ardana-monasca: - Update to version 9.0+git.1579273481.4b8c46f: * Leverage schema conversion script for upgrade (SOC-10277)

Update to version 9.0+git.1575919721.5c42222:
align Monasca DB schema with upstream prior to upgrade (SOC-10277)

Changes in ardana-mq: - Update to version 9.0+git.1581024903.8e74867: * Ensure HA queue sync wait fails (SOC-11083)

Update to version 9.0+git.1580934283.230ff8b:
Fix HA policy setting comments (SOC-10317, SOC-11082)
Update to version 9.0+git.1580746285.da922ce:
Set HA policy accordingly (SOC-10317, SOC-11082)
Update to version 9.0+git.1575405552.d84f662:
Change the HA policy mirror (SOC-10317)

Changes in ardana-nova: - Update to version 9.0+git.1580304673.6c668eb: * Set notification_format to unversioned in nova.conf (bsc#1161721)

Update to version 9.0+git.1575481165.9d3826f:
Remove duplicate entries for alias configuration for GPU (SOC-10837)
Update to version 9.0+git.1573764498.ed4098d:
Pass through gpu device info. (SOC-10837)

Changes in ardana-octavia: - Update to version 9.0+git.1576074489.62de7e2: * Add load-balancer roles (SOC-8743)

Update to version 9.0+git.1575366951.e0216b4:
Add policy.json to match the neutron lbaasv2 policy (SOC-10987)
Update to version 9.0+git.1574358661.c976583:
Change event_streamer_driver to noop (bsc#1154235)

Changes in ardana-osconfig: - Update to version 9.0+git.1580235830.0dca223: * Start OVS services before wicked service at boot (SOC-11067)

Update to version 9.0+git.1579790275.8afb314:
Adjust 'fs.inotify.max_user_instances' to align with crowbar (bsc#1161351)

Changes in ardana-tempest: - Update to version 9.0+git.1578932816.e299c08: * Revert to using cirros image for heat tests (SOC-7028)

Update to version 9.0+git.1578413400.0614192:
Create network resources needed by some heat tests (SOC-7028)
Update to version 9.0+git.1576611974.d17e4df:
Enable octavia tempest plugin test cases (SOC-8743)
Update to version 9.0+git.1574955714.5bae846:
Update lbaas tempest filter for octavia (SOC-10987)

Changes in ardana-tls: - Update to version 9.0+git.1575296665.3fdfe45: * Make sure VNC CA file contain our internal CAs (SOC-10968)

Update to version 9.0+git.1574280348.a306396:
default the certificate validity to 5 years for the VNC cert (SOC-10973)

Changes in crowbar-core: - Update to version 6.0+git.1582892022.cbd70e833: * upgrade: Run DHCP evacuation (SOC-11046)

Update to version 6.0+git.1582200015.08264d8f9:
Fix deployment queue display (SOC-10741)
Update to version 6.0+git.1580144807.7d068caf0:
network: start OVS before wickedd (SOC-11067)
Update to version 6.0+git.1578997967.4591670f0:
dns: add checks to designate migration (SOC-11047)
Update to version 6.0+git.1578935422.01edb0a9b:
Do not log an error for a case that is correct (trivial)
Update to version 6.0+git.1578563578.68beda299:
Upgrade neutron agent together with nova-compute package (SOC-11031)
Update to version 6.0+git.1578402096.90d9332d9:
apache2: Restart after enabling SSL flag (SOC-11029)
crowbar: add crowbar-pacemaker dependency (SOC-10986)
Update to version 6.0+git.1576756414.ca49a781d:
bind9: Add legacy public.foo DNS entries (SOC-11006)
Update to version 6.0+git.1576662075.88de27567:
upgrade: Make a check for SLES product version (SOC-3089)
Update to version 6.0+git.1576493114.5e9534f13:
upgrade: Stop if nova-compute upgrade fails (SOC-10378)
upgrade: Fix typo in log message (typo)
Update to version 6.0+git.1576149781.1ac02ef0d:
upgrade: add missing exit to Monasca DB dump (trivial)
Update to version 6.0+git.1576072790.23b58b4a2:
upgrade: Fix systemd unit listing (trivial)
Make sure the crowbar migrations are OK (SOC-6849)
Update to version 6.0+git.1575980638.3cad5a333:
Ignore CVE-2019-16770 (SOC-10999)
upgrade: Make cluster health check at the start of services step (SOC-6849)
upgrade: Remove DRBD specific code from the continuation parts (SOC-10985)
Update to version 6.0+git.1575628097.5a7475686:
upgrade: Do not stop and reload nova services in normal mode (SOC-10995)
Update to version 6.0+git.1574763248.ad958e68c:
Disable installation repository (bsc#1152007)
Disable automatic repo services (bsc#1152007)
Update to version 6.0+git.1574431193.3f5c69937:
[upgrade] Wait for keystone to be ready after start (bsc#1157206)
Update to version 6.0+git.1574363439.bc4d86c9b:
upgrade: Make sure cinder-volume is really stopped (bsc#1156305)
Update to version 6.0+git.1574270808.e4344109b:
upgrade: Ignore Cloud repository during repocheck (bsc#1152007)
Update to version 6.0+git.1574102328.13f0b12bf:
Ignore CVE-2019-13117 in CI builds (bsc#1157028)

Changes in crowbar-ha: - Update to version 6.0+git.1574286261.6fd1a34: * Drop g-haproxy removal code (bsc#1156914)

Changes in crowbar-openstack: - Update to version 6.0+git.1580922461.67fb3c087: * Designate: make sure dns-server is active on a non-admin node (SOC-10636) * Revert rabbitmq: sync startup definitions.json with recipe (SOC-11082)

Update to version 6.0+git.1580480133.d27bf75d0:
ec2-api: run keystone_register on cluster founder only (SOC-11079)
Update to version 6.0+git.1580308069.558c6dd8a:
rabbitmq: sync startup definitions.json with recipe (SOC-11077)
Update to version 6.0+git.1579097055.cf15ef22e:
tempest: enable multiattach for NetApp + LVM (SCPM-97)
tempest: tempest run filters as templates (SOC-11052)
Update to version 6.0+git.1578491103.ca03b990c:
Install openstack client for neutron recipes (SOC-11039)
Update to version 6.0+git.1576859278.871ed9151:
octavia: Add topology setting (SOC-10876)
Update to version 6.0+git.1576769055.cae3ecf9a:
octavia: Add anti-affinity settings (SOC-11026)
designate: Fix the migrations of ssl values (SOC-11030)
octavia: Also delete unused amphora images (SOC-11024)
octavia: Delete old amphora images (SOC-11024)
octavia: Install amphora image always (SOC-11024)
Update to version 6.0+git.1576688912.0cfb42201:
Do not read data from barclamp that has not been saved (SOC-11028)
octavia: Add ssh key to health manager (SOC-11025)
Update to version 6.0+git.1576513513.8456a08f8:
designate: Mark as user managed (SOC-10233)
Update to version 6.0+git.1576331976.c068cbe15:
octavia: Update configuration parameters (SOC-10904)
Update to version 6.0+git.1576245850.2d50399b5:
tempest: Update default image on schema (SOC-11023)
Update to version 6.0+git.1576145909.ec2c5f746:
octavia: enable octavia tempest plugin test cases (SOC-8743)
Update to version 6.0+git.1576091112.c802654e0:
keystone: Add OS_INTERFACE env var to .openrc (SOC-11006)
horizon: add Octavia horizon dashboard (SOC-10833)
Update to version 6.0+git.1575917420.9a9d1b024:
Add Crowbar UI options for mgmt net (SOC-10904)
octavia: configure barbican auth (SOC-10989)
octavia: fix deprecated config options (SOC-10990)
Update to version 6.0+git.1574850023.d4c2337fc:
tempest: create lbaas-octavia filter (SOC-10965)
octavia: switch to noop event streamer (SOC-10868)
tempest: fix lbaasv2 tests with Octavia lbaasv2-proxy service plugin (SOC-10907)
Update to version 6.0+git.1574685608.1c9818d53:
horizon: fix keystone node lookup (SOC-10978)
Update to version 6.0+git.1574428771.9bd63ba0d:
designate: declare all mdns servers as master on pool config (SOC-10952)
Update to version 6.0+git.1574334452.15e0db044:
designate: add support for SSL (SOC-10877)
horizon: install lbaas horizon dashboard (SOC-10883)
Update to version 6.0+git.1574270038.651a48486:
octavia: add SSL section to the UI (SOC-10906)
Update to version 6.0+git.1574094012.3c62b569f:
octavia: Add memcached_servers for token caching (SOC-10905)

Changes in crowbar-ui: - Update to version 1.3.0+git.1575896697.a01a3a08: * upgrade: Added missing error title * travis: Stop testing against nodejs4

Changes in keepalived: - update to 2.0.19 - new BR pkgconfig(libnftnl) to fix nftables support - add nftables to the BR - added patch * linux-4.15.patch - add buildrequires for file-devel - used in the checker to verify scripts - enable json stats and config dump support new BR: pkgconfig(json-c) - enable http regexp support: new BR pcre2-devel - disable dbus instance creation support as it is marked as dangerous - Add BFD build option to keepalived.spec rpm file Issue #1114 identified that the keepalived.spec file was not being generated to build BFD support even if keepalived had been configured to support it. - full changelog https://keepalived.org/changelog.html

Changes in openstack-barbican: - Update to version barbican-7.0.1.dev24: * Fix the barbicanclient installation not from source

Update to version barbican-7.0.1.dev23:
Don't use branch matching
Make broken fedora_latest job n-v

Changes in openstack-barbican: - Update to version barbican-7.0.1.dev24: * Fix the barbicanclient installation not from source

Update to version barbican-7.0.1.dev23:
Don't use branch matching
Make broken fedora_latest job n-v

Changes in openstack-ceilometer: - Update to version ceilometer-11.0.2.dev21: * Tell reno to ignore the kilo branch * Run Grenade job under Python 2 for compatibility

Update to version ceilometer-11.0.2.dev19:
[stable-only] Cap msgpack
Update to version ceilometer-11.0.2.dev18:
Add note for loadbalancer resource type support
Update to version ceilometer-11.0.2.dev17:
Fix samples with dots in sample name
Update to version ceilometer-11.0.2.dev15:
Add loadbalancer resource type

Changes in openstack-ceilometer: - Update to version ceilometer-11.0.2.dev21: * Tell reno to ignore the kilo branch * Run Grenade job under Python 2 for compatibility

Update to version ceilometer-11.0.2.dev19:
[stable-only] Cap msgpack
Update to version ceilometer-11.0.2.dev18:
Add note for loadbalancer resource type support
Update to version ceilometer-11.0.2.dev17:
Fix samples with dots in sample name
Update to version ceilometer-11.0.2.dev15:
Add loadbalancer resource type

Changes in openstack-cinder: - Update to version cinder-13.0.9.dev11: * Cinder backup export broken

Update to version cinder-13.0.9.dev10:
Support Incremental Backup Completion In RBD
Update to version cinder-13.0.9.dev8:
Fix: Create new cache entry when xtremio reaches snap limit
Tell reno to ignore the kilo branch
Update to version cinder-13.0.9.dev5:
Make volume soft delete more thorough
Update to version cinder-13.0.9.dev4:
Cap sphinx for py2 to match global reqs 13.0.8
Update to version cinder-13.0.8.dev12:
Add 'volume_attachment' to volume expected attributes
Fix service_uuid migration for volumes with no host
Update to version cinder-13.0.8.dev9:
Increase cpu limit for image conversion

Changes in openstack-cinder: - Update to version cinder-13.0.9.dev11: * Cinder backup export broken

Update to version cinder-13.0.9.dev10:
Support Incremental Backup Completion In RBD
Update to version cinder-13.0.9.dev8:
Fix: Create new cache entry when xtremio reaches snap limit
Tell reno to ignore the kilo branch
Update to version cinder-13.0.9.dev5:
Make volume soft delete more thorough
Update to version cinder-13.0.9.dev4:
Cap sphinx for py2 to match global reqs 13.0.8
Update to version cinder-13.0.8.dev12:
Add 'volume_attachment' to volume expected attributes
Fix service_uuid migration for volumes with no host
Update to version cinder-13.0.8.dev9:
Increase cpu limit for image conversion

Changes in openstack-dashboard: - Update to version horizon-14.1.1.dev1: 14.1.0 * Ensure python versions

Update to version horizon-14.0.5.dev9:
Fix typo in publicize_image policy name
Update to version horizon-14.0.5.dev8:
Fix "prev" link pagination for instances with identical timestamps
Update to version horizon-14.0.5.dev7:
Fix deleting port from port details page
Fix tenant floating_ip_allocation call in neutron rest api
Update to version horizon-14.0.5.dev3:
Add "prev" link to instance page list pagination
horizon: Obsolete python-django_openstack_auth (SOC-10228) port of https://review.opendev.org/#/c/685224
Update to version horizon-14.0.5.dev2:
Call Glance list with certain image ids

Changes in openstack-dashboard-theme-SUSE: - Add trigger for openstack-horizon-plugin-octavia-ui (SOC-10883)

Changes in openstack-designate: - Update to version designate-7.0.1.dev23: * Use Tempest 'all' tox env

Changes in openstack-heat: - Update to version openstack-heat-11.0.3.dev31: * Update Fedora image ref for test jobs

Update to version openstack-heat-11.0.3.dev29:
Docs: use extrefs to link to other projects' docs
Update to version openstack-heat-11.0.3.dev28:
Use stable constraint for Tempest pinned stable branches
Update to version openstack-heat-11.0.3.dev27:
Correct BRANCH_OVERRIDE for stable/rocky
Correct availability_zone to be non-mandatory in heat
Update to version openstack-heat-11.0.3.dev24:
Fix the wrong time unit for OS::Octavia::HealthMonitor

Changes in openstack-heat: - Update to version openstack-heat-11.0.3.dev31: * Update Fedora image ref for test jobs

Update to version openstack-heat-11.0.3.dev29:
Docs: use extrefs to link to other projects' docs
Update to version openstack-heat-11.0.3.dev28:
Use stable constraint for Tempest pinned stable branches
Update to version openstack-heat-11.0.3.dev27:
Correct BRANCH_OVERRIDE for stable/rocky
Correct availability_zone to be non-mandatory in heat
Update to version openstack-heat-11.0.3.dev24:
Fix the wrong time unit for OS::Octavia::HealthMonitor

Changes in openstack-horizon-plugin-designate-ui: - Update to version designate-dashboard-7.0.1.dev8: * Fix list zones updated at same time

Changes in openstack-horizon-plugin-ironic-ui: - Update to version ironic-ui-3.3.1.dev14: * Fix horizon dependency * OpenDev Migration Patch

Changes in openstack-horizon-plugin-neutron-lbaas-ui: - Update to version neutron-lbaas-dashboard-5.0.1.dev8: * Fix auth url for Barbican client

Add _1481_project_ng_loadbalancersv2_panel.pyc file to package (SOC-10883) The .pyc file needs to be removed when the package is uninstalled, otherwise the panel will remain enabled in the dashboard and cause errors.

Changes in openstack-ironic: - Update to version ironic-11.1.4.dev22: * Change MTU logic to allow for lower MTUs automatically * Do not ignore 'fields' query parameter when building next url * Ensure pagination marker is always set

Update to version ironic-11.1.4.dev17:
grub configuration should use user kernel and ramdisk
Update to version ironic-11.1.4.dev16:
Change log level based on node status

Changes in openstack-ironic: - Remove rootwrap.d/ironic-lib.filters. This file is included in python-ironic-lib >= 2.14.2.

Update to version ironic-11.1.4.dev22:
Change MTU logic to allow for lower MTUs automatically
Do not ignore 'fields' query parameter when building next url
Ensure pagination marker is always set
Update to version ironic-11.1.4.dev17:
grub configuration should use user kernel and ramdisk
Update to version ironic-11.1.4.dev16:
Change log level based on node status

Changes in openstack-ironic-python-agent: - Update to version ironic-python-agent-3.3.3.dev6: * Fix tox.ini to correctly test lower-constraints

Changes in openstack-keystone: - Update to version keystone-14.1.1.dev36: * Tell reno to ignore the kilo branch

Update to version keystone-14.1.1.dev35:
Always have username in CADF initiator
Update to version keystone-14.1.1.dev33:
Fix role_assignments role.id filter
Ensure bootstrap handles multiple roles with the same name
Update to version keystone-14.1.1.dev29:
Add the missing packages when install keystone

Changes in openstack-keystone: - Update to version keystone-14.1.1.dev36: * Tell reno to ignore the kilo branch

Update to version keystone-14.1.1.dev35:
Always have username in CADF initiator
Update to version keystone-14.1.1.dev33:
Fix role_assignments role.id filter
Ensure bootstrap handles multiple roles with the same name
Update to version keystone-14.1.1.dev29:
Add the missing packages when install keystone

Changes in openstack-magnum: - Update to version magnum-7.2.1.dev1: * Remove buildimage jobs 7.2.0

Update to version magnum-7.1.1.dev38:
k8s_fedora: Move rp_filter=1 for calico up
k8s_fedora_atomic: Add PodSecurityPolicy
k8s: Clear cni configuration
fix: Deploy enable_service last (rocky only)
Update to version magnum-7.1.1.dev34:
k8s_fedora: Label master nodes with kubectl
k8s: stop introspecting instance name
Fix proportional autoscaler image
Using Fedora Atomic 29 as default image

Changes in openstack-magnum: - Update to version magnum-7.2.1.dev1: * Remove buildimage jobs 7.2.0

Update to version magnum-7.1.1.dev38:
k8s_fedora: Move rp_filter=1 for calico up
k8s_fedora_atomic: Add PodSecurityPolicy
k8s: Clear cni configuration
fix: Deploy enable_service last (rocky only)
Update to version magnum-7.1.1.dev34:
k8s_fedora: Label master nodes with kubectl
k8s: stop introspecting instance name
Fix proportional autoscaler image
Using Fedora Atomic 29 as default image

Changes in openstack-monasca-agent: - update to version 2.8.1~dev13 - add X.509 certificate check plugin

update to version 2.8.1~dev12
Update hacking version to 1.1.x
OpenDev Migration Patch

Changes in openstack-neutron: - Update to version neutron-13.0.7.dev48: * Do not initialize snat-ns twice * Fix bug: AttributeError arises while sorting with standard attributes

Update to version neutron-13.0.7.dev44:
ovs agent: signal to plugin if tunnel refresh needed
Mock check if ipv6 is enabled in L3 agent unit tests
Fix resource schemas and releated `get_sorts` test cases
Remove sleep command when retrieving OVS dp
Update to version neutron-13.0.7.dev36:
Remove Floating IP DNS record upon associated port deletion
Trigger router update only when gateway port IP changed
Re-use existing ProcessLauncher from wsgi in RPC workers
Update to version neutron-13.0.7.dev30:
Check SG members instead of ports to skip flow update
Ensure driver error preventing trunk port deletion is logged
[L3] Switch order of processing added and removed router ports
Update to version neutron-13.0.7.dev24:
dhcp-agent: equalize port create_low/update/delete priority
Catch OVSFWTagNotFound in update_port_filter
[OVS] Handle added/removed ports in the same polling iteration
DVR: Ignore DHCP port during DVR host query
Improve "OVSFirewallDriver.process_trusted_ports"
List SG rules which belongs to tenant's SG
Fix py3 compatibility
Update to version neutron-13.0.7.dev10:
Define orm relationships after db classes
Add retries to update trunk port
Update to version neutron-13.0.7.dev6:
Allow to kill keepalived state change monitor process
Update to version neutron-13.0.7.dev4:
Always set ovs bridge name in vif:binding-details
Update to version neutron-13.0.7.dev2:
don't clear skb mark when ovs is hw-offload enabled
Update to version neutron-13.0.7.dev1:
Use constraints for docs tox target and cap hacking 13.0.6
Update to version neutron-13.0.6.dev21:
Set DB retry for quota_enforcement pecan_wsgi hook
Update to version neutron-13.0.6.dev20:
[OVS FW] Clean port rules if port not found in ovsdb
Add more condition to check sg member exist
Update to version neutron-13.0.6.dev17:
Fix race condition when getting cmdline
Update to version neutron-13.0.6.dev15:
Run revision bump operations en masse
Update to version neutron-13.0.6.dev13:
Add extra unit test for get_cmdline_from_pid function
Update to version neutron-13.0.6.dev11:
Switch to use cast method in dhcp_ready_on_ports method
Update to version neutron-13.0.6.dev10:
Handle OVSFWPortNotFound and OVSFWTagNotFound in ovs firewall

Changes in openstack-neutron: - Update to version neutron-13.0.7.dev48: * Do not initialize snat-ns twice * Fix bug: AttributeError arises while sorting with standard attributes

Update to version neutron-13.0.7.dev44:
ovs agent: signal to plugin if tunnel refresh needed
Mock check if ipv6 is enabled in L3 agent unit tests
Fix resource schemas and releated `get_sorts` test cases
Remove sleep command when retrieving OVS dp
Update to version neutron-13.0.7.dev36:
Remove Floating IP DNS record upon associated port deletion
Trigger router update only when gateway port IP changed
Re-use existing ProcessLauncher from wsgi in RPC workers
Update to version neutron-13.0.7.dev30:
Check SG members instead of ports to skip flow update
Ensure driver error preventing trunk port deletion is logged
[L3] Switch order of processing added and removed router ports
Update to version neutron-13.0.7.dev24:
dhcp-agent: equalize port create_low/update/delete priority
Catch OVSFWTagNotFound in update_port_filter
[OVS] Handle added/removed ports in the same polling iteration
DVR: Ignore DHCP port during DVR host query
Improve "OVSFirewallDriver.process_trusted_ports"
List SG rules which belongs to tenant's SG
Fix py3 compatibility
Update neutron-ha-tool to latest version:
Add DHCP agent evacuation (SOC-11046)
Update to version neutron-13.0.7.dev10:
Define orm relationships after db classes
Add retries to update trunk port
Update to version neutron-13.0.7.dev6:
Allow to kill keepalived state change monitor process
Update to version neutron-13.0.7.dev4:
Always set ovs bridge name in vif:binding-details
Update to version neutron-13.0.7.dev2:
don't clear skb mark when ovs is hw-offload enabled
Update to version neutron-13.0.7.dev1:
Use constraints for docs tox target and cap hacking 13.0.6
Update to version neutron-13.0.6.dev21:
Set DB retry for quota_enforcement pecan_wsgi hook
Update to version neutron-13.0.6.dev20:
[OVS FW] Clean port rules if port not found in ovsdb
Add more condition to check sg member exist
Update to version neutron-13.0.6.dev17:
Fix racondition when getting cmdline
Update to version neutron-13.0.6.dev15:
Run revision bump operations en masse
neutron: Remove stop action from ovs-cleanup (bsc#1157482) backport of https://review.opendev.org/#/c/695867/
Update to version neutron-13.0.6.dev13:
Add extra unit test for get_cmdline_from_pid function
Update to version neutron-13.0.6.dev11:
Switch to use cast method in dhcp_ready_on_ports method
Update to version neutron-13.0.6.dev10:
Handle OVSFWPortNotFound and OVSFWTagNotFound in ovs firewall

Changes in openstack-neutron-fwaas: - Update to version neutron-fwaas-13.0.3.dev4: * Fix sorting of filter rules in legacy_conntrack module

Update to version neutron-fwaas-13.0.3.dev3:
Fix list_entries for netlink_lib when running on py3

Changes in openstack-neutron-fwaas: - Update to version neutron-fwaas-13.0.3.dev4: * Fix sorting of filter rules in legacy_conntrack module

Update to version neutron-fwaas-13.0.3.dev3:
Fix list_entries for netlink_lib when running on py3

Changes in openstack-neutron-gbp: - Update to version group-based-policy-5.0.1.dev491: * Refactor static path code

Update to version group-based-policy-5.0.1.dev490:
Support named ip protocols for SecurityGroupRules
Update to version group-based-policy-5.0.1.dev488:
Enable SVI networks with hosts running opflex agent
Update to version group-based-policy-5.0.1.dev486:
Allow both FIP and SNAT on a single port
Update to version group-based-policy-5.0.1.dev485:
Fix active-active AAP RPC query
Update to version group-based-policy-5.0.1.dev484:
[AIM] Add extra provided/consumed contracts to network extension
Active active AAP feature
Update to version group-based-policy-5.0.1.dev481:
Support cache option for legacy GBP driver
Update to version group-based-policy-5.0.1.dev480:
Fix host ID length in VM names table
Update to version group-based-policy-5.0.1.dev479:
Update_proj_descr in apic when project description is updated in os
Update to version group-based-policy-5.0.1.dev477:
Fix ambiguity in mapping to domain in port pair workflow

Changes in openstack-neutron-vpnaas: - Update to version neutron-vpnaas-13.0.2.dev6: * Add iptables command filter for functional test

Update to version neutron-vpnaas-13.0.2.dev5:
Update UPPER_CONSTRAINTS_FILE for stable/rocky

Changes in openstack-neutron-vpnaas: - Update to version neutron-vpnaas-13.0.2.dev6: * Add iptables command filter for functional test

Update to version neutron-vpnaas-13.0.2.dev5:
Update UPPER_CONSTRAINTS_FILE for stable/rocky

Changes in openstack-nova: - Update to version nova-18.2.4.dev63: * Mask the token used to allow access to consoles

Update to version nova-18.2.4.dev61:
Use stable constraint for Tempest pinned stable branches
Update to version nova-18.2.4.dev60:
tox: Stop build *all* docs in 'docs'
Update to version nova-18.2.4.dev59:
Block deleting compute services with in-progress migrations
Cache security group driver
Join migration_context and flavor in Migration.instance
Update to version nova-18.2.4.dev53:
Improve metadata server performance with large security groups
Update to version nova-18.2.4.dev51:
Add functional recreate revert resize test for bug 1852610
Add functional recreate test for bug 1852610
Update to version nova-18.2.4.dev47:
Zuul v3: use devstack-plugin-nfs-tempest-full
Update to version nova-18.2.4.dev46:
Add BFV wrinkle to TestNovaManagePlacemenalAllocations
Add --instance option to heal_allocations
Add --dry-run option to heal_allocations CLI
Update to version nova-18.2.4.dev40:
Add functional recreate test for bug 1829479 and bug 1817833
Update to version nova-18.2.4.dev38:
Do not update root_device_name during guest config
compute: Use long_rpc_timeout in reserve_block_device_name
Update to version nova-18.2.4.dev35:
compute: Take an instance.uuid lock when rebooting
Update to version nova-18.2.4.dev33:
Replace time.sleep(10) with service forced_down in tests
Update to version nova-18.2.4.dev31:
Nova compute: add in log exception to help debug failures
Update to version nova-18.2.4.dev29:
Fix false ERROR message at compute restart
Update to version nova-18.2.4.dev27:
Fix listing deleted servers with a marker
Update to version nova-18.2.4.dev25:
Add functional regression test for bug 1849409
Update to version nova-18.2.4.dev23:
Don't delete compute node, when deleting service other than nova-compute

Changes in openstack-nova: - Update to version nova-18.2.4.dev63: * Mask the token used to allow access to consoles

Update to version nova-18.2.4.dev61:
Use stable constraint for Tempest pinned stable branches
Update to version nova-18.2.4.dev60:
tox: Stop build *all* docs in 'docs'
Update to version nova-18.2.4.dev59:
Block deleting compute services with in-progress migrations
Cache security group driver
Join migration_context and flavor in Migration.instance
Update to version nova-18.2.4.dev53:
Improve metadata server performance with large security groups
Update to version nova-18.2.4.dev51:
Add functional recreate revert resize test for bug 1852610
Add functional recreate test for bug 1852610
Update to version nova-18.2.4.dev47:
Zuul v3: use devstack-plugin-nfs-tempest-full
Update to version nova-18.2.4.dev46:
Add BFV wrinkle to TestNovaManagePlacementHealAllocations
Add --instance option to heal_allocations
Add --dry-run option to heal_allocations CLI
Update to version nova-18.2.4.dev40:
Add functional recreate test for bug 1829479 and bug 1817833
Update to version nova-18.2.4.dev38:
Do not update root_device_name during guest config
compute: Use long_rpc_timeout in reserve_block_device_name
Update to version nova-18.2.4.dev35:
compute: Take an instance.uuid lock when rebooting
Update to version nova-18.2.4.dev33:
Replace time.sleep(10) with service forced_down in tests
Update to version nova-18.2.4.dev31:
Nova compute: add in log exception to help debug failures
Update to version nova-18.2.4.dev29:
Fix false ERROR message at compute restart
Update to version nova-18.2.4.dev27:
Fix listing deleted servers with a marker
Update to version nova-18.2.4.dev25:
Add functional regression test for bug 1849409
Update to version nova-18.2.4.dev23:
Don't delete compute node, when deleting service other than nova-compute

Changes in openstack-octavia: - Update to version octavia-3.2.2.dev8: * Fix uncaught DB exception when trying to get a spare amphora

Update to version octavia-3.2.2.dev7:
Fix house keeping graceful shutdown
Update to version octavia-3.2.2.dev5:
Fix pep8 failures on stable/rocky branch
Update to version octavia-3.2.2.dev4:
Use stable upper-constraints.txt in Amphora builds
Update to version octavia-3.2.2.dev3:
Add listener and pool protocol validation
Update to version octavia-3.2.2.dev2* Cap hacking version to minor than 2 3.2.1
Update to version octavia-3.2.1.dev10:
Accept oslopolicy-policy-generator path arguments
Add patch 0001-Accept-oslopolicy-policy-generator-path-arguments.patch https://review.opendev.org/#/c/698433
Update to version octavia-3.2.1.dev9:
Fix controller worker graceful shutdown
Update to version octavia-3.2.1.dev7:
Fix a potential race condition with certs-ramfs
Update to version octavia-3.2.1.dev5:
Fix issues with unavailable secrets

Changes in openstack-octavia-amphora-image: - Updated updateBuildRequires.pl script for SP4 build

Update image to 0.1.2 to include latest changes
Add keepalived service Changes in openstack-sahara:
Update to version sahara-9.0.2.dev15:
Run sahara-scenario using Python 3

Changes in openstack-sahara: - Update to version sahara-9.0.2.dev15: * Run sahara-scenario using Python 3

Changes in openstack-swift: - Update to version swift-2.19.2.dev48: 2.19.2 (rocky stable backports) * Sharding improvements * The container-replicator now only attempts to fetch shard ranges if the remote indicates that it has shard ranges. Further, it does so with a timeout to prevent the process from hanging in certain cases. * The container-replicator now correctly enqueues container-reconciler work for sharded containers. * S3 API improvements * Fixed an issue where v4 signatures would not be validated against the body of the request, allowing a replay attack if request headers were captured by a malicious third party. Note that unsigned payloads still function normally. * CompleteMultipartUpload requests with a Content-MD5 now work. * Fixed v1 listings that end with a non-ASCII object name. * Multipart object segments are now actually deleted when the multipart object is deleted via the S3 API. * Fixed an issue that caused Delete Multiple Objects requests with large bodies to 400. This was previously fixed in 2.20.0. * Fixed an issue where non-ASCII Keystone EC2 credentials would not get mapped to the correct account. This was previously fixed in 2.20.0.

Changes in python-amqp: - Added pyOpenSSL build dependency - Update to 2.4.2: - Added support for the Cygwin platform - Correct offset incrementation when parsing bitmaps. - Consequent bitmaps are now parsed correctly. - Removed patches that are alr