Yoga Series Release Notes¶

22.1.0¶

Horizon can now use a system scope token when performing admin operations. To enable that, a new setting, SYSTEM_SCOPE_SERVICES, has to list the OpenStack services for which this feature is to be enabled. When that setting is not empty, a new option, "system scope" will appear in the context switching menu, and the panels for the listed services will be moved into that context in the main menu.

Horizon no longer requires the keystone admin endpoint. keystone does not distinguish public and admin endpoints and there is no functional difference between public and admin endpoints. There is no need for a separate endpoint for keystone admin operations, but horizon required the keystone admin endpoint is configured previously. This requirement no longer exists. An endpoint specified by OPENSTACK_ENDPOINT_TYPE setting is used for the keystone admin operations. You can drop the admin endpoint for keystone (unless other services require it). [bug 1950659]

[blueprint handle-multiple-login-sessions-from-same-user-in-horizon] This blueprint allows operators to control if multiple simultaneous dashboard sessions are allowed or not for a user. A new setting SIMULTANEOUS_SESSIONS controls the behavior. The default behavior allows multiple dashboard sessions for a user. The new setting allows operators to configure horizon to disallow multiple sessions per user. When multiple simultaneous sessions are disabled, the most recent authenticated session will be considered as the valid one and the previous session will be invalidated.

Add Rules CRUD operations to the Network QoS Policy.

Added create, edit, and delete rules operation to the network qos policy. Rules supported - Bandwidth-Limit, Minimum-Bandwidth, DSCP-Marking, and Minimum-Packet-Rate.

The default value of OPENSTACK_KEYSTONE_DEFAULT_ROLE is changed from _member_ to member to conform with what keystone-bootstrap creates.

Fixed lack of pagination for the networks page under Project and Admin Dashboard.

Previously, ToggleSuspend class checked os-rescue policy for resume operation. By this fix, the class checks 'os_compute_api:os-suspend-server:resume' policy to align to resume operation.

A new entry has been added to the context switcher menu, visible only when the current user has access to the system scope. This entry, labeled "system scope", allows to switch to a system-scope token, so that operations that require this kind of token can be performed.

[bug 1907843] RBAC shared security groups can now be shown in the Security Groups page. Previously only the security groups owned by the login tenant can be displayed and used. Besides, a column for the shared field is added to the Security Groups table.

The Django version of the launch instance form was dropped. It was deprecated since Wallaby release. LAUNCH_INSTANCE_LEGACY_ENABLED and LAUNCH_INSTANCE_NG_ENABLED settings were dropped as horizon always uses the Angular version of the launch instance form.

Django 2.2 support was dropped. Django 2.2 ends its extended support in April 2022. Considering this horizon dropped Django 2.2 support and uses Django 3.2 as default.

[bug 1874705] Add a new variable WEBSSO_USE_HTTP_REFERER to facilitate WEBSSO deployments where network segmentation is used per security requirement. In this case, the controllers cannot reach other services external endpoints. Therefore, using the HTTP_REFERER to derive the Keystone endpoint in the websso view will return a timeout for requests to Keystone in cases where the external Keystone endpoint is the HTTP_REFERER. WEBSSO_USE_HTTP_REFERER defaults to True to keep inline with current functionality. When set to False the OPENSTACK_KEYSTONE_URL is used instead of the HTTP_REFERER. If OPENSTACK_KEYSTONE_URL is set to the internal Keystone endpoint the requests between Horizon and Keystone should be able to connect.