Ocata Series Release Notes

15.1.11

Bug Fixes

  • The sysstat package was installed on all distributions, but it was only configured to run on Ubuntu and OpenSUSE. It would not run on CentOS due to bad SELinux contexts and file permissions on /etc/cron.d/sysstat. This has been fixed and sysstat now runs properly on CentOS.

15.1.10

Security Issues

  • The net.bridge.bridge-nf-call-* kernel parameters were set to 0 in previous releases to improve performance and it was left up to neutron to adjust these parameters when security groups are applied. This could cause situations where bridge traffic was not sent through iptables and this rendered security groups ineffective. This could allow unexpected ingress and egress traffic within the cloud.

    These kernel parameters are now set to 1 on all hosts by the openstack_hosts role, which ensures that bridge traffic is always sent through iptables.

15.0.0

New Features

  • Deployers can set openstack_host_nf_conntrack_max to control the maximum size of the netfilter connection tracking table. The default of 262144 should be increased if virtual machines will be handling large amounts of concurrent connections.

  • The copy of the /etc/openstack-release file is now optional. To disable the copy of the file, set openstack_distrib_file to no.

  • The location of the /etc/openstack-release file placement can now be changed. Set the variable openstack_distrib_file_path to place it in a different path.

  • The PATH environment variable that is configured on the remote system can now be set using the openstack_host_environment_path list variable.

Upgrade Notes

  • The variables used to produce the /etc/openstack-release file have been changed in order to improve consistency in the name spacing according to their purpose.

    openstack_code_name –> openstack_distrib_code_name openstack_release –> openstack_distrib_release

    Note that the value for openstack_distrib_release will be taken from the variable openstack_release if it is set.