- Allow dnsmasq_dns_servers to be configured for Neutron DHCP Agent with a
new parameter (NeutronDhcpAgentDnsmasqDnsServers, default to []).
- Add support for Ceph RBD mirroring daemon managed by Pacemaker.
- - Add SSH Banner text into sshd_config.
- - Add AuditD composable service.
- Add deployed server bootstrap for RHEL.
- Configure VNC Server listen address on internal_api network by default.
- Support for Cinder Dell EMC PS Series.
- Removes deprecated OpenDaylight L2 only deployments.
Deploying ODL without L3 DVR is no longer supported.
security:
- - Disallow iframe embed in Horizon configuration to prevent dashboard being
- embedded within an iframe and exposed to Cross-Frame Scripting (XFS)
- vulnerability on legacy browsers.
- - Allow management of enforce_password_check in Horizons configuration to
- display an 'Admin Password' field on the Change Password form to verify that
+ - Enable management of 'DISALLOW_IFRAME_EMBED' in Horizon configuration to
+ prevent dashboard being embedded within an iframe and exposed to Cross-Frame
+ Scripting (XFS) vulnerability on legacy browsers.
+ - Enable management of 'ENFORCE_PASSWORD_CHECK' in Horizons configuration to
+ display an Admin Password field on the Change Password form to verify that
it is indeed the admin logged-in who wants to change the password.
- - Allow management of disable_password_reveal in Horizon, to remove the
+ - Enable management of 'DISABLE_PASSWORD_REVEAL' in Horizon, to remove the
password reveal option.
- - Enable secure_proxy_ssl_header option in Horizons configuration to take
+ - Enable 'SECURE_PROXY_SSL_HEADER' option in Horizons configuration to take
X-Forwarded-Proto header into account when forming URLs.
+ - Enable management of ENFORCE_PASSWORD_CHECK value. By setting
+ 'ENFORCE_PASSWORD_CHECK' to 'True' within Horizons local_settings.py, it
+ displays an ‘Admin Password’ field on the “Change Password” form to verify
+ that it is the admin logged-in that wants to perform the password change.
+ - Enable management of Horizons Password Validation. Enables injection of an
+ operators own password validation regex via a heat template.
+ - Enable management of '/etc/issue Banner' whereby an operator can populate
+ their own Banner warning text to be displayed upon terminal login.
+ - Enable management of auditd system. '/etc/audit/audit.rules' can now be
+ populated by means of a heat template.
fixes:
- Fixes `bug 1645898
<https://bugs.launchpad.net/tripleo/+bug/1645898>`__ so epmd is binded on