settingsLogin | Registersettings

[openstack-announce] [new][openstackansible] openstack-ansible-os_keystone 14.0.0 release (newton)

0 votes

We are jubilant to announce the release of:

openstack-ansible-oskeystone 14.0.0: oskeystone for OpenStack
Ansible

This release is part of the newton release series.

Download the package from:

https://tarballs.openstack.org/openstack-ansible-os_keystone/

For more details, please see below.

14.0.0
^^^^^^

New Features


  • Added keystoneapachecustomlogformat tunable for changing
    CustomLog format. Default is "combined".

  • Apache MPM tunable support has been added to the os-keystone role
    in order to allow MPM thread tuning. Default values reflect the
    current Ubuntu default settings:

    keystonehttpdmpmbackend: event
    keystone
    httpdmpmstartservers: 2
    keystone
    httpdmpmminsparethreads: 25
    keystonehttpdmpmmaxsparethreads: 75
    keystone
    httpdmpmthreadlimit: 64
    keystone
    httpdmpmthreadchild: 25
    keystone
    httpdmpmmaxrequests: 150
    keystone
    httpdmpmmaxconnchild: 0

  • Introduced option to deploy Keystone under Uwsgi. A new variable
    "keystonemodwsgienabled" is introduced to toggle this behavior.
    The default is "true" which continues to deploy with mod
    wsgi for
    Apache. The ports used by Uwsgi for socket and http connection for
    both public and admin Keystone services are configurable (see also
    the "keystoneuwsgiports" dictionary variable). Other Uwsgi
    configuration can be overridden by using the
    "keystoneuwsgiinioverrides" variable as documented under
    "Overriding OpenStack configuration defaults" in the OpenStack-
    Ansible Install Guide. Federation features should be considered
    _experimental
    with this configuration at this time.

  • Introduced option to deploy Keystone behind Nginx. A new variable
    "keystoneapacheenabled" is introduced to toggle this behavior. The
    default is "true" which continues to deploy with Apache. Additional
    configuration can be delivered to Nginx through the use of the
    "keystonenginxextraconf" list variable. Federation features are
    not supported with this configuration at this time. Use of this
    option requires "keystone
    modwsgienabled" to be set to "false"
    which will deploy Keystone under Uwsgi.

  • CentOS7/RHEL support has been added to the os_keystone role.

  • The oskeystone role now supports the ability to configure whether
    apt/yum tasks install the latest available package, or just ensure
    that the package is present. The default action is to ensure that
    the latest package is present. The action taken may be changed to
    only ensure that the package is present by setting
    "keystone
    package_state" to "present".

Upgrade Notes


  • Installation of keystone and its dependent pip packages will now
    only occur within a Python virtual environment. The
    "keystonevenvenabled" variable has been removed.

  • The variable "keystoneaptpackages" has been renamed to
    "keystonedistropackages".

  • The variable "keystoneidpaptpackages" has been renamed to
    "keystone
    idpdistropackages".

  • The variable "keystonespaptpackages" has been renamed to
    "keystone
    spdistropackages".

  • The variable "keystonedeveloperaptpackages" has been renamed to
    "keystone
    developermodedistro_packages".

  • The oskeystone role always checks whether the latest package is
    installed when executed. If a deployer wishes to change the check to
    only validate the presence of the package, the option
    "keystone
    package_state" should be set to "present".

Security Issues


  • The admintokenauth middleware presents a potential security risk
    and will be removed in a future release of keystone. Its use can be
    removed by setting the "keystonekeystonepasteinioverrides"
    variable.

    keystonekeystonepasteinioverrides:
    pipeline:publicapi:
    pipeline: cors sizelimit osprofiler url
    normalize requestid buildauthcontext tokenauth jsonbody ec2extension publicservice
    pipeline:admin
    api:
    pipeline: cors sizelimit osprofiler urlnormalize requestid buildauthcontext tokenauth jsonbody ec2extension s3extension adminservice
    pipeline:api
    v3:
    pipeline: cors sizelimit osprofiler urlnormalize requestid buildauthcontext tokenauth jsonbody ec2extensionv3 s3extension servicev3

Changes in openstack-ansible-os_keystone 13.0.0..14.0.0


ceabcef Remove 'ignoreerrors: true' in favor of 'failedwhen: false'
c71a7bc Fix bare variable in handler
34bc598 Update tox.ini tests target for stable/newton
449e3a1 Update UPPERCONSTRAINTSFILE for stable/newton
a2adb12 Update .gitreview for stable/newton
4d77b28 Update default git branch to stable/newton
40ea292 Update ansible-role-requirements to stable/newton
fa5b5f9 Use centralised test scripts
0bbacf6 Revert dynamic includes for inventory-based conditionals
7872b49 Force Ansible to use dynamic includes
e21be41 Update home page link in cfg file
8d836da Remove testing vars present in test repo
a74af47 Address ansiblessh* var deprecation
3614448 Update testing bits for consistency
01e1299 Remove unrequired messaging setup task file
1bfcd10 Add role linking to tox tests
05892b5 Ansible 2.1.1 role testing
9411414 Fix depreciation "Using bare variables"
0750972 Compress test execution logs
2fd095b Update paste, policy and rootwrap configurations 2016-09-08
f0ed20d Re-activate service catalog caching
fbd9535 Add credentialsetup for keystone
a0d71d6 Add tempest to keystone role tests
42cef50 Fix nginx SCRIPT
NAME uwsgiparam
d0e5097 Use the central test repository for Keystone
38dbd42 Fix apache + uwsgi for keystone
15733bb Fix nginx to work with RedHat/CentOS
b6f914a Shorten tox target names
3b47fc7 Allow Uwsgi configuration overrides
52b1a71 Configure Apache to proxy for Uwsgi
db7248b Isolate mod
wsgi from Apache install
30bd479 Correct developer mode package var name
2b8aa07 Rename package lists (and related vars) appropriately
4edb378 Install and configure Nginx
0de819e Implement CentOS 7 support in oskeystone
61759e7 Work around Ansible vcpu fact bug on ppc64le
7e5548e Add a test Scenario for uwsgi & nginx
9082c79 Install and configure uWSGI
b1c2f9c Isolate Apache components
39faeb0 Make all linting tests use upper-constraints
9fd8ff0 Adding Vagrantfile for local testing/dev
3122ff6 Add SNI support via OS packages for os
keystone
50730da Add apt-get update to runtests
b9e799b Force a restart of all the apache nodes during upgrade
e047979 Updated from global requirements
8d046aa Update the keystone WSGI application locations
53e3df2 Add python packages for SNI support in tests
c0fa231 [DOCS] Move keystone federation role docs
2cb8866 Move other-requirements.txt to bindep.txt
0a51854 Include ansible commands for ansible linting
866c153 Disable stderr logging
5637fec Add project group to role
9bd40cc Add ability to change apt/yum package state
2d8fa3d Fix bug in RPC config that broke Rabbit SSL support
418ebd6 Ensure that doc linting is included in the linters test
61848d3 Provide default for rabbitmq telemetry password
7bb3cd0 Allow configuration of multiple rabbit clusters
aced6b5 Remove openstack
hosts from test requirements
0425d1c Optimise pip install tasks
986d1d8 Use keystonesystemusername in fernet rotation cron entry.
22afe01 Use plugins repo version of the human
log callback plugin
98b19d8 Updated from global requirements
4d983d8 Remove duplicates from .gitignore
ca10c41 Implement doc8 checks for docs
ad7919e Update sphinx configuration
d208029 Ansible 2.x - Address deprecation warning of bare variables
86a545d Update the virtualenv paths only when we have a new venv
b786654 Update tox configuration
44d053c Only install to virtual environment
6c8a9b9 Update paste, policy and rootwrap configurations 2016-07-01
325db1a Clean up container cache prep in tests
d8802f3 Pin test-requirements to match OpenStack requirements
1396dda Update paste, policy and rootwrap configurations 2016-06-17
d27d055 Add note on admintokenauth deprecation
85a9202 Minimum example playbook could let suppose db creation
c82a089 Add support for CustomLog format modification
f244e1c Remove piplockdown dependency
bbc645c Consistency for multi-os in the includes
b6fbd99 Skip unavailable hosts when distributing keys
cdb5259 Grammar: requires -> required
8797fc7 Cleanup/standardize usage of tags
ebdcb34 Implement 16.04 support in Keystone
06d7fb5 Use ansible-lint 2.7.0
4f9caaa Verbose option has been deprecated from oslo.log
994bb0f Fix keystone tests
7704d94 Add support to tune the keystone apache MPM settings
57e3390 Add .swp files to .gitignore
b3cca27 Change pip install task state to 'latest'
78e6744 Remove pyfromgit role
cc29aa4 Add dependencies for paramiko 2.0
20db79e Update paste, policy and rootwrap configurations 2016-04-22
3695699 Remove Liberty releasenote index
1635737 Change pip install task state to 'latest'
eb3ce0f Fail fast when required secrets are not present
dfd80ea Fix server/hostname for RFC 1034/1035
59ffe5e blacklist Ansible 1.9.6
36486b1 Remove venv activation code
7e14932 Use ansible facts for distributing SSL certs/keys
7b1543d Update minansibleversion to 1.9
df164fb Add reno scaffolding for release notes management
0a6737c Switch defaults/tests to use master branch
42998df removed duplicate key

Diffstat (except docs and test files)


.gitignore | 9 +
.gitreview | 1 +
README.rst | 68 +----
Vagrantfile | 12 +
bindep.txt | 41 +++
defaults/main.yml | 99 ++++++--
examples/playbook.yml | 48 ++++
handlers/main.yml | 32 ++-
manual-test.rc | 33 +++
meta/main.yml | 13 +-
other-requirements.txt | 16 --
releasenotes/notes/.placeholder | 0
...in-token-auth-deprecation-24e84a18f8a56814.yaml | 17 ++
...apache-log-format-support-7232177f835222ee.yaml | 4 +
...pache-mpm-tunable-support-1c72f2f99cd502bc.yaml | 17 ++
...eystone-only-install-venv-b766568ee8d40354.yaml | 5 +
...e-uwsgi-and-nginx-options-2157f8e40a7a8156.yaml | 22 ++
...keystone-centos7-support-0a5d97f81ac42e44.yaml | 4 +
...package-list-name-changes-007cacee4faf8ee6.yaml | 10 +
.../notes/package-state-711a1eb4814311cc.yaml | 13 +
releasenotes/source/
static/.placeholder | 0
releasenotes/source/templates/.placeholder | 0
releasenotes/source/conf.py | 281 +++++++++++++++++++++
releasenotes/source/index.rst | 9 +
releasenotes/source/mitaka.rst | 6 +
releasenotes/source/unreleased.rst | 5 +
setup.cfg | 2 +-
setup.py | 11 +-
tasks/keystone
apache.yml | 104 +++++---
tasks/keystonecredential.yml | 22 ++
tasks/keystone
credentialautorotate.yml | 47 ++++
tasks/keystone
credentialcreate.yml | 46 ++++
tasks/keystone
credentialdistribute.yml | 25 ++
tasks/keystone
dbsetup.yml | 5 -
tasks/keystone
federationspidpsetup.yml | 38 +--
tasks/keystone
federationspsetup.yml | 21 +-
tasks/keystonefernet.yml | 6 +-
tasks/keystone
fernetkeysautorotate.yml | 10 +-
tasks/keystonefernetkeyscreate.yml | 9 -
tasks/keystone
fernetkeysdistribute.yml | 6 +-
tasks/keystoneidpmetadata.yml | 8 +-
tasks/keystoneidpselfsignedcreate.yml | 6 +-
tasks/keystoneidpselfsigneddistribute.yml | 5 +-
tasks/keystoneidpselfsignedstore.yml | 2 -
tasks/keystoneidpsetup.yml | 13 +-
tasks/keystoneidpspsetup.yml | 4 +-
tasks/keystone
initcommon.yml | 27 ++
tasks/keystone
initsystemd.yml | 48 ++++
tasks/keystone
initupstart.yml | 31 +++
tasks/keystone
install.yml | 134 +++-------
tasks/keystoneinstallapt.yml | 86 +++++--
tasks/keystoneinstallyum.yml | 154 +++++++++++
tasks/keystonekeydistribute.yml | 6 +-
tasks/keystonekeypopulate.yml | 6 -
tasks/keystonekeysetup.yml | 6 -
tasks/keystoneldapsetup.yml | 16 +-
tasks/keystonemessagingsetup.yml | 37 ---
tasks/keystonenginx.yml | 51 ++++
tasks/keystone
postinstall.yml | 40 +--
tasks/keystone
preinstall.yml | 32 +--
tasks/keystone
servicesetup.yml | 41 +--
tasks/keystone
ssl.yml | 11 +-
tasks/keystonesslkeycreate.yml | 20 +-
tasks/keystone
sslkeydistribute.yml | 42 +--
tasks/keystonesslkeystore.yml | 32 +--
tasks/keystone
sslselfsigned.yml | 9 +-
tasks/keystonessluserprovided.yml | 18 +-
tasks/keystone
tokencleanup.yml | 2 -
tasks/keystone
uwsgi.yml | 58 +++++
tasks/main.yml | 116 ++++++++-
templates/keystone-credential-rotate.sh.j2 | 67 +++++
templates/keystone-fernet-rotate.sh.j2 | 2 +-
templates/keystone-httpd-mpm.conf.j2 | 9 +
templates/keystone-httpd.conf.j2 | 38 ++-
templates/keystone-paste.ini.j2 | 16 +-
templates/keystone-systemd-tempfiles.j2 | 4 +
templates/keystone-uwsgi.ini.j2 | 20 ++
templates/keystone-uwsgisystemd-init.j2 | 25 ++
templates/keystone-uwsgi
upstart.conf.j2 | 44 ++++
templates/keystone-wsgi.py.j2 | 48 ----
templates/keystone.conf.j2 | 40 ++-
templates/keystone_nginx.conf.j2 | 34 +++
templates/policy.json.j2 | 8 +-
test-requirements.txt | 19 +-
tox.ini | 197 ++++++++++-----
vars/redhat-7.yml | 77 ++++++
vars/ubuntu-14.04.yml | 45 +++-
vars/ubuntu-16.04.yml | 70 +++++
110 files changed, 3044 insertions(+), 1156 deletions(-)

Requirements updates


diff --git a/test-requirements.txt b/test-requirements.txt
index 3422d65..8fdd8d8 100644
--- a/test-requirements.txt
+++ b/test-requirements.txt
@@ -1,4 +1,9 @@
-ansible-lint<=2.3.9
-ansible>=1.9.1,<2.0.0
-bashate
-flake8
+# The order of packages is significant, because pip processes them in the order
+# of appearance. Changing the order has an impact on the overall integration
+# process, which may cause wedges in the gate later.
+bashate>=0.2 # Apache-2.0
+flake8<2.6.0,>=2.5.4 # MIT
+pyasn1 # BSD
+pyOpenSSL>=0.14 # Apache-2.0
+requests>=2.10.0 # Apache-2.0
+ndg-httpsclient>=0.4.2;python_version<'3.0' # BSD
@@ -7,2 +12,4 @@ flake8
-sphinx!=1.2.0,!=1.3b1,<1.3,>=1.1.2
-oslosphinx>=2.5.0 # Apache-2.0
+sphinx!=1.3b1,<1.3,>=1.2.1 # BSD
+oslosphinx!=3.4.0,>=2.5.0 # Apache-2.0
+doc8 # Apache-2.0
+reno>=1.8.0 # Apache2


OpenStack-announce mailing list
OpenStack-announce@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-announce
asked Oct 20, 2016 in openstack-announce by no-reply_at_openstac (33,960 points)   2 16 44
...