Current Series Release Notes

Current Series Release Notes

11.0.0-16

New Features

  • The bindep.txt file located in the project root contains all of the basic required packages needed when running local tests.

  • Developers can now use bindep to list system requirements. The bindep command will load the list of packages for the given platform using the bindep.txt file.

  • Bindep can now be leveraged via tox using the environment bindep. This tox environment will use bindep via the bindep-install script to install any missing packages on the local system which are required for development purposes.

11.0.0

New Features

  • If the AdditionalArchitectures parameter has entries then the container image prepare will prepare images for all architectures instead of just the default one. A new boolean field multi_arch can also be set in ContainerImagePrepare entries to determine the multi arch behaviour for images in that entry. If any entry sets a multi_arch value then AdditionalArchitectures is ignored.

  • tripleo-container-rm is the new role that replaces tripleo-docker-rm which is in charge of tearing down containers running in Docker or Podman. If the container_cli is Podman, the role takes care of systemd cleanup for both the container and its healthcheck if it does exist.

Security Issues

  • Fixed a vulnerability where an attacker may cause new Octavia amphorae to run based on any arbitrary image (CVE-2019-3895).

Bug Fixes

  • As of Rocky [1], the nova-consoleauth service has been deprecated and cell databases are used for storing token authorizations. All new consoles will be supported by the database backend and existing consoles will be reset. Console proxies must be run per cell because the new console token authorizations are stored in cell databases.

    nova-consoleauth was deprecated in tripleo with: I68485a6c4da4476d07ec0ab5e7b5a4c528820a4f

    This change now removes the NovaConsoleauth Service.

    [1] https://docs.openstack.org/releasenotes/nova/rocky.html

  • Fixed an issue were amphora load balancers would fail to create. The problem was because Octavia certificate files were being created in a wrong path and with invalid content.

  • Ensure [controller_worker]/amp_image_owner_id is set. This configuration option restricts Glance image selection to a specific owner ID. This is a recommended security setting.

Creative Commons Attribution 3.0 License

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.