Current Series Release Notes¶
26.0.0.0rc1-75¶
New Features¶
Updated RBAC rules so that they allow the
servicerole to pass the following policies by default:get_subnetget_network_ip_availabilitycreate_port:allowed_address_pairscreate_port:allowed_address_pairs:mac_addresscreate_port:allowed_address_pairs:ip_addressupdate_port:allowed_address_pairsupdate_port:allowed_address_pairs:mac_addressupdate_port:allowed_address_pairs:ip_address
This allows for integration with the Octavia project using the
servicerole instead of theadminrole for integration with Neutron.
Added
servicerole to thecreate_port:device_idandupdate_port:device_idpolicies to allow service users for other OpenStack projects to complete Secure RBAC.
Known Issues¶
The ML2/OVN Placement initial configuration is executed now in the Neutron API process and removed from the maintenance worker; since the migration to WSGI, now the API and the maintenance worker are different processes. When an OVN
Chassiscreation event is received, the configuration is read, aPlacementStateobject created and sent to the Placement API.
Upgrade Notes¶
Default RBAC policies for
get_subnet,get_network_ip_availability,create_port:allowed_address_pairs,create_port:allowed_address_pairs:mac_address,create_port:allowed_address_pairs:ip_address,update_port:allowed_address_pairs,update_port:allowed_address_pairs:mac_addressandupdate_port:allowed_address_pairs:ip_addresshave been updated to allow theservicerole.
Bug Fixes¶
The OVN QoS floating IP rule has precedence over the OVN QoS router rule. If both are present in the same router and port (the one assigned to the floating IP), the floating IP rule will now apply. For more information, see bug 2110018.
Other Notes¶
The ML2/OVN Placement extension now removes any existing resource provider deleted from the updated local node configuration. If the resource provider has allocations, Placement will return an exception and it will not be deleted.
