This update for OpenStack fixes the following issues:
The following security issue with openstack-keystone has been fixed:
- CVE-2018-14432: Reduce duplication in federated authentication APIs. (bsc#1102151)
Additionally, the following non-security issues have been fixed:
aodh:
- Support same projects in different domain.
barbican:
- Add zuulv3 to Pike.
cinder:
- Empty option value maybe cause Unity driver failed to initialize. - GoodnessWeigher schedules non-type volumes. - Fix quota error when deleting temporary volume. - Fix cinder quota-usage error. - Unity: Return logged-out initiators. - Correct S-Series to DS-Series systems. - Update storage backends supported for Lenovo. - Unity: Add support of removing empty host. - NetApp: Fix to support SVM scoped permissions. - NetApp ONTAP iSCSI: Force exception on online extend. - NetApp ONTAP: Set new sub-lun clone limit for ONTAP driver.
dashboard:
- Make @memoize thread-aware.
designate:
- Add provides to handle installation of mdns and producer seamlessly. - Fix service files. - Install a default pools.yaml.
glance:
- doc: Modify the description for the command. - Make ImageTarget behave like a dictionary. - Add barbican-tempest experimental job.
heat:
- Fixing unicode issue when to\_dict is called on py2.7 env. - Ignore NotFound error in prepare\_for\_replace. - Reset resource replaced\_by field for rollback. - Ignore RESOLVE translation errors when translating before\_props. - Ignore errors in purging events.
heat-templates:
- Deprecate hooks in heat-templates.
horizon-plugin-designate-ui:
- Install all designate panels that are available.
horizon-plugin-freezer-ui:
- Avoid using deprecated opt in Web-UI.
horizon-plugin-gbp-ui:
- Fix patching of create instance dialog.
neutron-lbaas-dashboard:
- Remove custom zuul jobs.
horizon-plugin-trove-ui:
- Update UPPER\_CONSTRAINTS\_FILE for stable/pike.
ironic:
- Fix error when deleting a non-existent port. - Tear down console during unprovisioning.
manila:
- Fix ZFSOnLinux doc about manage ops. - DB Migration: Fix downgrade. - Fix share-service VM restart problem. - Added Handling Newer Quobyte API Error Codes. - NetApp ONTAP: Fix delete-share for vsadmin users. - Remove confusing DB deprecation messages. - Add missing Requires: for python-tooz
neutron:
- Skip MTU check during deletion of Networks. - HA L3 agent restart only standby agents. - Retry dhcp\_release on failures. - Reduce IP address collision during port creating. - Refactor DVR HA migarations DB operations. - Disallow router interface out of subnet IP range. - Fix fwaas v1 configuration doc. - Add list of all working DSCP marks. - Set trusted port only once in iptables firewall driver. - Fix UT BridgeLibTest when IPv6 is disabled.
neutron-fwaas:
- DVR-FWaaS: Fix DVR FWaaS rules for fipnamespace.
neutron-lbaas:
- Get providers directly from ORM to make startup take half as long. - Cap haproxy log level severity. - Fix sphinx-docs job for stable branch.
neutron-vpnaas:
- Fix sphinx-docs job for stable branch and pep8 issues.
neutron-zvm-agent:
- Backport zCC backend networking-zvm.
nova:
- libvirt: Add method to configure migration speed. - Make host\_aggregate\_map dictionary case-insensitive. - Fix unbound local when saving an unchanged RequestSpec. - Cleanup mapping/reqspec after archive instance. - Default embedded instance.flavor.disabled attribute. - Backport tox.ini to switch to stestr. - Cleanup RP and HM records while deleting a compute service. - Delete allocations from API if nova-compute is down. - Block deleting compute services which are hosting instances. - api-ref: Add a note in DELETE /os-services about deleting computes. - Add functional test for deleting a compute service. - Factor out compute service start in ServerMovingTest. - Moving more utils to ProviderUsageBaseTestCase. - Make nova service-list use scatter-gather routine. - libvirt: Slow live-migration to ensure network is ready. - Use instance project/user when creating RequestSpec during resize reschedule. - Mock utils.execute() in qemu-img unit test. - Add policy rule to block image-backed servers with 0 root disk flavor. - Change consecutive build failure limit to a weigher. - Ensure resource class cache when listing usages. - Metadata-API fails to retrieve avz for instances created before Pike. - placement: Fix HTTP error generation. - Add amd-ssbd and amd-no-ssb CPU flags. - Fixed auto-convergence option name in doc. - libvirt: Skip fetching the virtual size of block devices. - libvirt: Handle DiskNotFound during update\_available\_resource. - Avoid showing password in log. - Fix shelving a paused instance. - Document how to disable notifications. - Add ssbd and virt-ssbd flags to cpu\_model\_extra\_flags whitelist. - Stringify instance UUID.
nova-virt-zvm:
- Backport zvm driver.
octavia:
- Update introduction documention page. - Use HMAC.hexdigest to avoid non-ascii characters for package data.
trove:
- Add .stestr.conf to fix tox-py27 stable job. - Fix mysql instance create failed when enable skip-name-resolve. - Failed to build mongo image. - Open the volume\_support of redis. - Remove Mitaka reference in install/dashboard.rst. - Enable longer Keystone token life. - Fix gate issues.
python-barbicanclient:
- Update time for functional tests. (bsc#1084362)
python-keystone-json-assignment:
- Speedup project lookup.
python-manilaclient:
- Fix for use endpoint_type in _discover_client method. - Add search_opts in func list of ManagerWithFind type classes. - Fix share can not be found by name in admin context.
python-vmware-nsx:
- NSX|V3: Handle port-not-found during get_ports. - NSXAdminV3: Add message on client cert generation. - NSX-V: Add server-ip-address to the supported dhcp options. - NSX|V3: Fix global SG creation duplication. - Fix security groups ext_properties loading. - NSXv3: Add pool-level lock for LB pool member operations. - NSX|v3: Do not retry on DB duplications on section init. - NSXv: Handle listener failures on backend. - Add mock to the requirements. - AdminUtils V3: Do not set nat_pass for NO-NAT rules. - NSX|V3: Wait for another neutron to create default section. - NSX|V3: Cleanup duplicate sections on startup. - V and D: Make security group logging more robust. - NSX|v3: Ensure that 0.0.0.0/# is treated correctly in SG rules. - NSX|V: Fix create/delete subnet race condition.
python-vmware-nsxlib:
- Fix service ports for egress firewall rule. - Add server-ip-address to the suppoprted dhcp options. - Retry on 503 Service Unavailable. - Remove sha224 from supported client cert hash algs. - Add logging when initializing a default FW section. - Fixed tenacity usage. - Retry is IOError is received. - Handle cluster connection closed by server.
openSUSE Leap 15.1 openSUSE Leap 15.1 NonFree SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-ESPOS SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server 12 SP4-LTSS SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9