Pike Series Release Notes¶
16.0.3¶
Bug Fixes¶
The
sysstat
package was installed on all distributions, but it was only configured to run on Ubuntu and OpenSUSE. It would not run on CentOS due to bad SELinux contexts and file permissions on/etc/cron.d/sysstat
. This has been fixed andsysstat
now runs properly on CentOS.
16.0.2¶
Security Issues¶
The
net.bridge.bridge-nf-call-*
kernel parameters were set to0
in previous releases to improve performance and it was left up to neutron to adjust these parameters when security groups are applied. This could cause situations where bridge traffic was not sent through iptables and this rendered security groups ineffective. This could allow unexpected ingress and egress traffic within the cloud.These kernel parameters are now set to
1
on all hosts by theopenstack_hosts
role, which ensures that bridge traffic is always sent through iptables.