Yoga Series Release Notes


Bug Fixes

  • [bug 1926483] Keystone will only log warnings about token length for Fernet tokens when the token length exceeds the value of keystone.conf [DEFAULT] max_token_size.


Upgrade Notes

  • The --extension option of keystone-manage db_sync has been deprecated since 10.0.0 (Newton) and raised an error when provided. It has now been removed entirely.

  • The legacy migrations that existed before the split into separate expand schema, contract schema, and data migration migration have now been removed. These have been deprecated since 10.0.0 (Newton). This should have no user-facing impact.

Deprecation Notes

  • The following options in the [memcache] section have been deprecated because these options have had no effect since Pike. Please use memcache_* options in the [cache] section instead.

    • dead_retry

    • pool_maxsize

    • pool_unused_timeout

    • pool_connection_get_timeout

Bug Fixes

  • [ Bug 1897230] Allows s3 tokens with service types sts and iam to authenticate. This is necessary when using assumed role features of Ceph object storage and keystone is providing the authentication service for Rados Gateway.

  • Change the min value of pool_retry_max to 1. Setting this value to 0 caused the pool to fail before connecting to ldap, always raising MaxConnectionReachedError.