In the MCP 2019.2.3 maintenance update, Mirantis introduces the following enhancements for OpenStack:
To obtain the enhancements, follow the steps described in Apply maintenance updates.
Enforced the FQDN usage and prevented IP address usage in the Keystone service catalog.
In security-sensitive environments, a cluster internal IP address exposure is considered a security vulnerability. Therefore, rather than using service IP addresses within service catalog, we recommend that all existing MCP OpenStack deployments migrate from the IPv4-based Keystone service catalog to fully FQDN-based service catalog.
In the new MCP 2019.2.3 deployments, the OpenStack environments use FQDN on the internal endpoints in the Keystone catalog by default.
Implemented the possibility to expose hardware Random Number Generator (HRNG) source to the OpenStack compute nodes enabling the OpenStack instances to consume HRNG from a physical machine.