Newton Series Release Notes


Bug Fixes

  • The sysstat package was installed on all distributions, but it was only configured to run on Ubuntu and OpenSUSE. It would not run on CentOS due to bad SELinux contexts and file permissions on /etc/cron.d/sysstat. This has been fixed and sysstat now runs properly on CentOS.


Security Issues

  • The net.bridge.bridge-nf-call-* kernel parameters were set to 0 in previous releases to improve performance and it was left up to neutron to adjust these parameters when security groups are applied. This could cause situations where bridge traffic was not sent through iptables and this rendered security groups ineffective. This could allow unexpected ingress and egress traffic within the cloud.

    These kernel parameters are now set to 1 on all hosts by the openstack_hosts role, which ensures that bridge traffic is always sent through iptables.


New Features

  • The copy of the /etc/openstack-release file is now optional. To disable the copy of the file, set openstack_distrib_file to no.

  • The location of the /etc/openstack-release file placement can now be changed. Set the variable openstack_distrib_file_path to place it in a different path.

Upgrade Notes

  • The variables used to produce the /etc/openstack-release file have been changed in order to improve consistency in the name spacing according to their purpose.

    openstack_code_name –> openstack_distrib_code_name openstack_release –> openstack_distrib_release

    Note that the value for openstack_distrib_release will be taken from the variable openstack_release if it is set.


New Features

  • The option openstack_domain has been added to the openstack_hosts role. This option is used to setup proper hostname entries for all hosts within a given OpenStack deployment.

  • The openstack_hosts role will setup an RFC1034/5 hostname and create an alias for all hosts in inventory.

  • The openstack_hosts role now supports the ability to configure whether apt/yum tasks install the latest available package, or just ensure that the package is present. The default action is to ensure that the latest package is present. The action taken may be changed to only ensure that the package is present by setting openstack_hosts_package_state to present.

  • The PATH environment variable that is configured on the remote system can now be set using the openstack_host_environment_path list variable.

Upgrade Notes

  • The variable openstack_host_apt_packages has been renamed to openstack_host_distro_packages.

  • The openstack_hosts role always checks whether the latest package is installed when executed. If a deployer wishes to change the check to only validate the presence of the package, the option openstack_hosts_package_state should be set to present.

  • The LVM configuration tasks and lvm.conf template have been removed from the openstack_hosts role since they are no longer needed. All of the LVM configuration is properly handled in the os_cinder role.

Deprecation Notes

  • The openstack_host_apt_packages variable has been deprecated. openstack_host_packages should be used instead to override packages required to install on all OpenStack hosts.