Set OpenStack-Ansible release to 17.0.0.0b1

Prepare for Release Queens-1

Change-Id: Iec908af26572323065132aa964ec25d71989bf2b

ansible-role-requirements.yml

@@ -1,216 +1,216 @@
 - name: ansible-hardening
   scm: git
   src: https://git.openstack.org/openstack/ansible-hardening
-  version: master
+  version: 231676a93e3f6ec2dcecedc265c86424c70a3737
 - name: apt_package_pinning
   scm: git
   src: https://git.openstack.org/openstack/openstack-ansible-apt_package_pinning
-  version: master
+  version: 8628b24294346c10cd26db450a29814027c8477a
 - name: pip_install
   scm: git
   src: https://git.openstack.org/openstack/openstack-ansible-pip_install
-  version: master
+  version: 516a2146f0adc6138e3d9f1eff881b79d1edc86b
 - name: galera_client
   scm: git
   src: https://git.openstack.org/openstack/openstack-ansible-galera_client
-  version: master
+  version: 613dfeb7ee7e733180f07c70911488a93b842810
 - name: galera_server
   scm: git
   src: https://git.openstack.org/openstack/openstack-ansible-galera_server
-  version: master
+  version: 99ef88d64182582bf0ece55c82aea58e70cf404c
 - name: ceph_client
   scm: git
   src: https://git.openstack.org/openstack/openstack-ansible-ceph_client
-  version: master
+  version: b98c36d7c9475e5fa4a2a9c8ee3e04c1a0365939
 - name: haproxy_server
   scm: git
   src: https://git.openstack.org/openstack/openstack-ansible-haproxy_server
-  version: master
+  version: a19a0b08a3263b08ede7462ccb256f2260c564fe
 - name: keepalived
   scm: git
   src: https://github.com/evrardjp/ansible-keepalived
-  version: master
+  version: b13e0840b09154a6d2470f71fea8eaa968525c5b
 - name: lxc_container_create
   scm: git
   src: https://git.openstack.org/openstack/openstack-ansible-lxc_container_create
-  version: master
+  version: 12d8fed271e78f32572b665409c07436992acc1d
 - name: lxc_hosts
   scm: git
   src: https://git.openstack.org/openstack/openstack-ansible-lxc_hosts
-  version: master
+  version: 4b5bc0688e5314fede4481d2aac1ddabc3b3bbd9
 - name: memcached_server
   scm: git
   src: https://git.openstack.org/openstack/openstack-ansible-memcached_server
-  version: master
+  version: 4429a4783458d698532f1e838b7a35285a70bb24
 - name: openstack_hosts
   scm: git
   src: https://git.openstack.org/openstack/openstack-ansible-openstack_hosts
-  version: master
+  version: e91d744ef77fe976feb01182f52f86d60d6b7ed8
 - name: os_keystone
   scm: git
   src: https://git.openstack.org/openstack/openstack-ansible-os_keystone
-  version: master
+  version: 2f197ba458a18e88664986bfef9cd6f91c6d1ff8
 - name: openstack_openrc
   scm: git
   src: https://git.openstack.org/openstack/openstack-ansible-openstack_openrc
-  version: master
+  version: 2b1a711a74dc2d629b5a6888ce776db584c215b0
 - name: os_aodh
   scm: git
   src: https://git.openstack.org/openstack/openstack-ansible-os_aodh
-  version: master
+  version: f9402cf675463286f6cd81d3c8b372ff5b78a652
 - name: os_barbican
   scm: git
   src: https://git.openstack.org/openstack/openstack-ansible-os_barbican
-  version: master
+  version: 674d9f239e86678ce7b8e13cc58bb2efbb8733b0
 - name: os_ceilometer
   scm: git
   src: https://git.openstack.org/openstack/openstack-ansible-os_ceilometer
-  version: master
+  version: a4bb1305f8befb7e42e0a0448cbd31ce39c0bbf6
 - name: os_cinder
   scm: git
   src: https://git.openstack.org/openstack/openstack-ansible-os_cinder
-  version: master
+  version: 9b846910ed9604f299a02abd6b2db3abde3a5ce9
 - name: os_designate
   scm: git
   src: https://git.openstack.org/openstack/openstack-ansible-os_designate
-  version: master
+  version: 3b4e97651f9379b995be5fdda76aed87caf36fae
 - name: os_glance
   scm: git
   src: https://git.openstack.org/openstack/openstack-ansible-os_glance
-  version: master
+  version: 0e8e780aff5e808b4fcf352b12344808e3f13cff
 - name: os_gnocchi
   scm: git
   src: https://git.openstack.org/openstack/openstack-ansible-os_gnocchi
-  version: master
+  version: 561642a1b5ba6e32495019626971e004eb17819a
 - name: os_heat
   scm: git
   src: https://git.openstack.org/openstack/openstack-ansible-os_heat
-  version: master
+  version: bb21948b1b7ea23d3def6bd953c0819c5200d36c
 - name: os_horizon
   scm: git
   src: https://git.openstack.org/openstack/openstack-ansible-os_horizon
-  version: master
+  version: 20197fdc0eb11686bbebe54061ecc08be626cf15
 - name: os_ironic
   scm: git
   src: https://git.openstack.org/openstack/openstack-ansible-os_ironic
-  version: master
+  version: 58c9f44cca9b4440973988c888e89d9be33bd70f
 - name: os_magnum
   scm: git
   src: https://git.openstack.org/openstack/openstack-ansible-os_magnum
-  version: master
+  version: c2d575428f8661175014424786409a504d41931f
 - name: os_molteniron
   scm: git
   src: https://git.openstack.org/openstack/openstack-ansible-os_molteniron
-  version: master
+  version: a9b41ca9e454ce73d0cc0b6c9ef1b5b1d34eecca
 - name: os_neutron
   scm: git
   src: https://git.openstack.org/openstack/openstack-ansible-os_neutron
-  version: master
+  version: c2150045ad483e8ccd41d2cd1825d9c907fcdc64
 - name: os_nova
   scm: git
   src: https://git.openstack.org/openstack/openstack-ansible-os_nova
-  version: master
+  version: dc53a8bcc15da3102f7b2db3874d7b410a010e7f
 - name: os_octavia
   scm: git
   src: https://git.openstack.org/openstack/openstack-ansible-os_octavia
-  version: master
+  version: f66be9bccc088add3ac7182adbf310ad36889892
 - name: os_rally
   scm: git
   src: https://git.openstack.org/openstack/openstack-ansible-os_rally
-  version: master
+  version: 64304bbe97cfbc54af38b52794556a1258b0d237
 - name: os_sahara
   scm: git
   src: https://git.openstack.org/openstack/openstack-ansible-os_sahara
-  version: master
+  version: 4ae3b4184e2353abef6c8dc6cba9fa2927b0dfce
 - name: os_swift
   scm: git
   src: https://git.openstack.org/openstack/openstack-ansible-os_swift
-  version: master
+  version: 0147d155d467f8dfbe3820e92cd9bd657b8d4974
 - name: os_tacker
   scm: git
   src: https://git.openstack.org/openstack/openstack-ansible-os_tacker
-  version: master
+  version: 176837ee2c0d7c98c2d7df9c3197e393f153f198
 - name: os_tempest
   scm: git
   src: https://git.openstack.org/openstack/openstack-ansible-os_tempest
-  version: master
+  version: 37439954e45baa5456fbdc9d096a6aeae49be089
 - name: os_trove
   scm: git
   src: https://git.openstack.org/openstack/openstack-ansible-os_trove
-  version: master
+  version: 64bd83ce3b63f83c1d268a479e81655cb8d462b5
 - name: plugins
   scm: git
   src: https://git.openstack.org/openstack/openstack-ansible-plugins
-  version: master
+  version: a458ce40c6698b4f7e91f9482448241af1af7c76
 - name: rabbitmq_server
   scm: git
   src: https://git.openstack.org/openstack/openstack-ansible-rabbitmq_server
-  version: master
+  version: 6299fc19f47868eba17f3de29a734fdbdc8c0b65
 - name: repo_build
   scm: git
   src: https://git.openstack.org/openstack/openstack-ansible-repo_build
-  version: master
+  version: c5dcfcd07b37399060cd152cc57f9d35b3ef2358
 - name: repo_server
   scm: git
   src: https://git.openstack.org/openstack/openstack-ansible-repo_server
-  version: master
+  version: da3e0b591d1731d47cafa6b403d2ada2708b40bf
 - name: rsyslog_client
   scm: git
   src: https://git.openstack.org/openstack/openstack-ansible-rsyslog_client
-  version: master
+  version: fdf7ea49cf214779de1cf08e3c488123177d6e58
 - name: rsyslog_server
   scm: git
   src: https://git.openstack.org/openstack/openstack-ansible-rsyslog_server
-  version: master
+  version: a78bd8557753ec00d5e36d725414096db99c67d0
 - name: sshd
   scm: git
   src: https://github.com/willshersystems/ansible-sshd
-  version: master
+  version: 537b9b2bc2fd7f23301222098344727f8161993c
 - name: bird
   scm: git
   src: https://github.com/logan2211/ansible-bird
-  version: master
+  version: 5033c412398cf6f98097a9ac274a6f12810c807e
 - name: etcd
   scm: git
   src: https://github.com/logan2211/ansible-etcd
-  version: master
+  version: 3933355dfe51477822db517d3c07ad561fb61318
 - name: unbound
   scm: git
   src: https://github.com/logan2211/ansible-unbound
-  version: master
+  version: 7be67d6b60718896f0c17a7d4a14b912f72a59ae
 - name: resolvconf
   scm: git
   src: https://github.com/logan2211/ansible-resolvconf
-  version: master
+  version: d48dd3eea22094b6ecc6aa6ea07279c8e68e28b5
 - name: ceph-defaults
   scm: git
   src: https://github.com/ceph/ansible-ceph-defaults
-  version: master
+  version: 62f4a465144d2e1ad4708734957287ba8337b222
 - name: ceph-common
   scm: git
   src: https://github.com/ceph/ansible-ceph-common
-  version: master
+  version: 352ea8de7081e0e9a3cb7c5cc4be3ca1efaecb48
 - name: ceph-config
   scm: git
   src: https://github.com/ceph/ansible-ceph-config
-  version: master
+  version: 9ef53d2637ce507ae592afcb5f0d698e85994b63
 - name: ceph-mon
   scm: git
   src: https://github.com/ceph/ansible-ceph-mon
-  version: master
+  version: 4698c244d3defed42f889f7756a57722fd25d106
 - name: ceph-mgr
   scm: git
   src: https://github.com/ceph/ansible-ceph-mgr
-  version: master
+  version: 155b37074cbd399067216dca1822cb3d3e58ed42
 - name: ceph-osd
   scm: git
   src: https://github.com/ceph/ansible-ceph-osd
-  version: master
+  version: 123ed680d551b8e9b7c75fbdfc78a2a2b3d9de16
 - name: opendaylight
   scm: git
   src: https://git.opendaylight.org/gerrit/p/integration/packaging/ansible-opendaylight.git
-  version: master
+  version: 02842e56d32c72506dce4e2e5dca4fcee69ffffa
 - name: haproxy_endpoints
   scm: git
   src: https://github.com/logan2211/ansible-haproxy-endpoints
-  version: master
+  version: 49901861b16b8afaa9bccdbc649ac956610ff22b

group_vars/all/all.yml

@@ -14,7 +14,7 @@
 # limitations under the License.
 
 ## OpenStack Source Code Release
-openstack_release: master
+openstack_release: 17.0.0.0b1
 
 ## Verbosity Options
 debug: False

releasenotes/notes/Adds-flags-to-enable--Octavia-V2-(standalone)-API-d644b92ad374f2cf.yaml

@@ -0,0 +1,7 @@
+---
+features:
+  - Adds a new flag to enable Octavia V2 API (disabled by default) to facilitate to run Octavia
+    stand alone (without Neutron)
+  - Adds a new flag to toggle Octavia V1 API (the API needed to run in conjunction with Neutron)
+    and enables it by default.
+

releasenotes/notes/cache-packages-override-e89847687abddf34.yaml

@@ -0,0 +1,4 @@
+---
+features:
+  - The ``lxc_cache_distro_packages`` has been moved to the role defaults from vars to enable
+    easier overriding of the container cache package list.

releasenotes/notes/centos-mirror-url-variable-c072a6ab21054093.yaml

@@ -0,0 +1,5 @@
+---
+features:
+  - |
+    Deployers can set ``openstack_hosts_centos_mirror_url`` to use their
+    preferred mirror for the RDO repositories.

releasenotes/notes/centos-mirror-url-variable-eea9f226b5611b40.yaml

@@ -0,0 +1,5 @@
+---
+features:
+  - |
+    Deployers can set ``pip_install_centos_mirror_url`` to use their
+    preferred mirror for the RDO repositories.

releasenotes/notes/dnsmasq-lxc-conflict-fix-c8968f6a16d033c6.yaml

@@ -0,0 +1,10 @@
+---
+fixes:
+  - |
+    In Ubuntu the ``dnsmasq`` package actually includes
+    init scripts and service configuration which
+    conflict with LXC and are best not included. The
+    actual dependent package is ``dnsmasq-base``. The
+    package list has been adjusted and a task added
+    to remove the ``dnsmasq`` package and purge the
+    related configuration files from all LXC hosts.

releasenotes/notes/ensure-security-groups-always-applied-eb6e3bdc7b77f022.yaml

@@ -0,0 +1,13 @@
+---
+security:
+  - |
+    The ``net.bridge.bridge-nf-call-*`` kernel parameters were set to ``0``
+    in previous releases to improve performance and it was left up to neutron
+    to adjust these parameters when security groups are applied. This could
+    cause situations where bridge traffic was not sent through iptables and
+    this rendered security groups ineffective. This could allow unexpected
+    ingress and egress traffic within the cloud.
+
+    These kernel parameters are now set to ``1`` on all hosts by the
+    ``openstack_hosts`` role, which ensures that bridge traffic is always
+    sent through iptables.

releasenotes/notes/extra-headers-e54a672d3a78dd89.yaml

@@ -0,0 +1,15 @@
+---
+features:
+  - |
+    Extra headers can be added to Keystone responses by adding items to
+    ``keystone_extra_headers``. Example:
+
+    .. code-block:: yaml
+
+        keystone_extra_headers:
+          - parameter: "Access-Control-Expose-Headers"
+            value: "X-Subject-Token"
+          - parameter: "Access-Control-Allow-Headers"
+            value: "Content-Type, X-Auth-Token"
+          - parameter: "Access-Control-Allow-Origin"
+            value: "*"

releasenotes/notes/fedora-26-support-70a304f9c97d1b37.yaml

@@ -0,0 +1,5 @@
+---
+features:
+  - Fedora 26 is now supported.
+deprecations:
+  - Fedora 25 support is deprecated and no longer tested on each commit.

releasenotes/notes/fwaasv2-added-ab9ba18c8b98a83e.yaml

@@ -0,0 +1,4 @@
+---
+features:
+  - FWaaS V2 has been added to neutron. To enable this service simply add
+    "firewall_v2" to the "neutron_plugin_base" list.

releasenotes/notes/glance-init-config-overrides-d1c8c3dcc50c109a.yaml

@@ -5,6 +5,6 @@ features:
   - The task dropping the glance systemd unit files now uses the
     ``config_template`` action plugin allowing deployers access to
     customize the unit files as they see fit without having to
-    load extra options into the defaults and polute the generic
+    load extra options into the defaults and pollute the generic
     systemd unit file with jinja2 variables and conditionals.
 

releasenotes/notes/global-ntp-servers-155c1daef3680025.yaml

@@ -0,0 +1,6 @@
+---
+features:
+  - |
+    The default list of NTP servers for chrony are now more friendly to users
+    outside North America. Deployers can still provide their own list of NTP
+    servers with the ``security_ntp_servers`` Ansible variable.

releasenotes/notes/lxc-machinectl-template-9e65779a94cb767f.yaml

@@ -0,0 +1,11 @@
+---
+features:
+  - A new LXC container template has been added which will allow us to better
+    manage containers on the host machines we support. The new template uses
+    the `machinectl` command to create container rootfs using the existing
+    cache. This in-turn will provide easier management of container images,
+    faster build times, and the ability to instantly clone a container (or a
+    given variant) without impacting a containers state. This new lxc container
+    create template, and the features it provides, will only impact new
+    containers created allowing deployers to safely adopt this change in any
+    existing environment.

releasenotes/notes/lxc_container_backing_store-e0a77c48da3a57b2.yaml

@@ -0,0 +1,21 @@
+---
+features:
+  - The tag options when creating an LXC container have been simplified. The two
+    tags now supported by the `lxc_container_create` role are
+    **lxc-{create,config}**.
+upgrade:
+  - The LXC container create option `lxc_container_backing_store` is now defined
+    by default and has a value of "dir". Prior to this release the backend store
+    option was using several auto-detection methods to try and guess the store
+    type based on facts fed into the role and derived from the physical host.
+    While the auto-detection methods worked, they created a cumbersome set of
+    conditionals and limited our ability to leverage additional container
+    stores. Having this option be a default allows deployers to mix and match
+    container stores to suit the needs of the deployment. Existing deployments
+    should set this option within group or user variables to ensure
+    there's no change in the backend store when new container be provisioned.
+other:
+  - The LXC container create role will now check for the LXC volume group if
+    the option `lxc_container_backing_store` is set to "lvm". If this volume
+    group is not found, the role will halt and instruct the deployer to update
+    their configuration options and inspect their host setup.

releasenotes/notes/lxc_image_cache_server-f14701a7f8f4b8ca.yaml

@@ -0,0 +1,14 @@
+---
+features:
+  - The variable ``lxc_image_cache_server_mirrors`` has been added to
+    the "lxc_hosts" role. This is a list type variable and gives
+    deployers the ability to specify multiple lxc-image mirrors at the
+    same time.
+
+deprecations:
+  - The variable ``lxc_image_cache_server`` has been deprecated in the
+    "lxc_hosts" role. By default this value will pull the first item
+    out of ``lxc_image_cache_server_mirrors`` list which is only done
+    for compatibility (legacy) purposes. The default string type
+    variable, ``lxc_image_cache_server``, will be removed from the
+    "lxc_hosts" role in the in "R" release.

releasenotes/notes/neutron-init-config-overrides-9d1d2b3b908705ed.yaml

@@ -5,6 +5,6 @@ features:
   - The task dropping the neutron systemd unit files now uses the
     ``config_template`` action plugin allowing deployers access to
     customize the unit files as they see fit without having to
-    load extra options into the defaults and polute the generic
+    load extra options into the defaults and pollute the generic
     systemd unit file with jinja2 variables and conditionals.
 

releasenotes/notes/neutron-opendaylight-support-453dc9324eafaae7.yaml

@@ -0,0 +1,7 @@
+---
+features:
+  - The ``OpenDaylight SDN Controller`` can be deployed as
+    a neutron ML2 backend.
+    You can set the ``neutron_plugin_type`` to
+    ``ml2.opendaylight`` to utilize this code path.
+    The usage of ``OpenDaylight`` is currently experimental.

releasenotes/notes/opensuse-mirror-url-variable-6660f16c3e9bf1ff.yaml

@@ -0,0 +1,10 @@
+---
+features:
+  - |
+    Deployers can set ``lxc_hosts_opensuse_mirror_url`` to use their
+    preferred mirror for the openSUSE repositories. They can also set the
+    ``lxc_hosts_opensuse_mirror_obs_url`` if they want to set a different
+    mirror for the OBS repositories. If they want to use the same mirror in
+    both cases then they can leave the latter variable to its default value.
+    The full list of mirrors and their capabilities can be obtained at
+    http://mirrors.opensuse.org/

releasenotes/notes/opensuse-mirror-url-variable-74d22825e808211e.yaml

@@ -0,0 +1,10 @@
+---
+features:
+  - |
+    Deployers can set ``pip_install_opensuse_mirror_url`` to use their
+    preferred mirror for the openSUSE repositories. They can also set the
+    ``pip_install_opensuse_mirror_obs_url`` if they want to set a different
+    mirror for the OBS repositories. If they want to use the same mirror in
+    both cases then they can leave the latter variable to its default value.
+    The full list of mirrors and their capabilities can be obtained at
+    http://mirrors.opensuse.org/

releasenotes/notes/opensuse-mirror-url-variable-865a97abb4c61430.yaml

@@ -0,0 +1,6 @@
+---
+features:
+  - |
+    Deployers can set ``galera_client_opensuse_mirror_obs_url`` to use their
+    preferred mirror for the galera server OBS packages. The full list of
+    mirrors and their capabilities can be obtained at http://mirrors.opensuse.org/

releasenotes/notes/optimize-centos-erlang-install-bafd1c376ffca35e.yaml

@@ -0,0 +1,15 @@
+---
+features:
+  - |
+    The installation of Erlang and is now optimized for CentOS.
+    Erlang 19.x is now installed via a single package that is maintained by
+    RabbitMQ developers and it provides the minimal features required for
+    RabbitMQ to function. It also includes HiPE support for increased
+    performance.
+
+    The version of Erlang is kept constant using yum's versionlock plugin.
+  - |
+    RabbitMQ is now installed via an RPM repository provided by RabbitMQ
+    developers. The version is kept constant via yum's versionlock plugin.
+    This allows the tasks to lock the RabbitMQ version to a particular
+    revision and prevent changes to that version.

releasenotes/notes/remove-haproxy-repo-vars-051a47bbfaf6d1da.yaml

@@ -0,0 +1,8 @@
+---
+upgrade:
+  - |
+    The following variables have been removed from the ``haproxy_server`` role
+    as they are no longer necessary or used.
+    - haproxy_repo
+    - haproxy_gpg_keys
+    - haproxy_required_distro_packages

releasenotes/notes/remove-v72181-e29b9f5d9c971541.yaml

@@ -0,0 +1,6 @@
+---
+upgrade:
+  - |
+    The tasks for V-72181, which include adding audit rules for the
+    ``pt_chown`` command, have been removed. They are not required in the RHEL
+    7 STIG V1R2 release.

releasenotes/notes/skip-sysctl-when-disabled-b32eca48df5b1437.yaml

@@ -0,0 +1,10 @@
+---
+fixes:
+  - |
+    The sysctl configuration task was not skipping configurations where
+    ``enabled`` was set to ``no``. Instead, it was removing configurations
+    when ``enabled: no`` was set.
+
+    There is now a fix in place that ensures any sysctl configuration with
+    ``enabled: no`` will be skipped and the configuration will be left
+    unaltered on the system.

releasenotes/notes/sshd-permit-root-login-without-password-948ec79c6508c19b.yaml

@@ -0,0 +1,6 @@
+---
+security:
+  - |
+    ``PermitRootLogin`` in the ssh configuration has changed from
+    ``yes`` to ``without-password``.  This will only allow ssh to be used
+    to authenticate root via a key.

releasenotes/notes/sysstat-centos-opensuse-running-0be396c60a513562.yaml

@@ -0,0 +1,8 @@
+---
+fixes:
+  - |
+    The ``sysstat`` package was installed on all distributions, but it was
+    only configured to run on Ubuntu and OpenSUSE. It would not run on CentOS
+    due to bad SELinux contexts and file permissions on
+    ``/etc/cron.d/sysstat``. This has been fixed and ``sysstat`` now runs
+    properly on CentOS.

releasenotes/notes/trove-init-config-overrides-a78ed428a32adef8.yaml

@@ -5,6 +5,6 @@ features:
   - The task dropping the trove systemd unit files now uses the
     ``config_template`` action plugin allowing deployers access to
     customize the unit files as they see fit without having to
-    load extra options into the defaults and polute the generic
+    load extra options into the defaults and pollute the generic
     systemd unit file with jinja2 variables and conditionals.
 

releasenotes/notes/ulimit-increased-65536-50b418d8e8ca4eef.yaml

@@ -0,0 +1,5 @@
+---
+features:
+  - |
+    The default ulimit for RabbitMQ is now 65536. Deployers can still adjust
+    this limit using the ``rabbitmq_ulimit`` Ansible variable.