Pike Series Release Notes

Pike Series Release Notes¶

16.0.3¶

Bug Fixes¶

The sysstat package was installed on all distributions, but it was only configured to run on Ubuntu and OpenSUSE. It would not run on CentOS due to bad SELinux contexts and file permissions on /etc/cron.d/sysstat. This has been fixed and sysstat now runs properly on CentOS.

16.0.2¶

Security Issues¶

The net.bridge.bridge-nf-call-* kernel parameters were set to 0 in previous releases to improve performance and it was left up to neutron to adjust these parameters when security groups are applied. This could cause situations where bridge traffic was not sent through iptables and this rendered security groups ineffective. This could allow unexpected ingress and egress traffic within the cloud.

These kernel parameters are now set to 1 on all hosts by the openstack_hosts role, which ensures that bridge traffic is always sent through iptables.

15.0.0.0rc1¶

New Features¶

Deployers can set openstack_host_nf_conntrack_max to control the maximum size of the netfilter connection tracking table. The default of 262144 should be increased if virtual machines will be handling large amounts of concurrent connections.

this page last updated: 2021-01-05 21:16:32

Creative Commons Attribution 3.0 License

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.