Ocata Series Release Notes

15.1.12

Known Issues

  • If the protocol of either the keystone admin or internal endpoints is ‘https’ and SSL is being terminated at a load balancer, tasks which verify that services are responsive and perform the initial service setup through through the keystone hosts’ web server ports may fail.

    Set keystone_mod_wsgi_enabled to false to deploy Keystone under Uwsgi and allow the web server to be bypassed during these tasks.

    See Launchpad Bug 1699191 for more details.

15.1.11

New Features

  • Extra headers can be added to Keystone responses by adding items to keystone_extra_headers. Example:

    keystone_extra_headers:
  - parameter: "Access-Control-Expose-Headers"
    value: "X-Subject-Token"
  - parameter: "Access-Control-Allow-Headers"
    value: "Content-Type, X-Auth-Token"
  - parameter: "Access-Control-Allow-Origin"
    value: "*"

15.1.3

New Features

  • New variables have been added to allow a deployer to customize a keystone systemd unit file to their liking.

  • The task dropping the keystone systemd unit files now uses the config_template action plugin allowing deployers access to customize the unit files as they see fit without having to load extra options into the defaults and polute the generic systemd unit file with jinja2 variables and conditionals.

  • For the os_keystone role, the systemd unit TimeoutSec value which controls the time between sending a SIGTERM signal and a SIGKILL signal when stopping or restarting the service has been reduced from 300 seconds to 120 seconds. This provides 2 minutes for long-lived sessions to drain while preventing new ones from starting before a restart or a stop. The RestartSec value which controls the time between the service stop and start when restarting has been reduced from 150 seconds to 2 seconds to make the restart happen faster. These values can be adjusted by using the keystone_*_init_config_overrides variables which use the config_template task to change template defaults.

Upgrade Notes

  • For the os_keystone role, the systemd unit TimeoutSec value which controls the time between sending a SIGTERM signal and a SIGKILL signal when stopping or restarting the service has been reduced from 300 seconds to 120 seconds. This provides 2 minutes for long-lived sessions to drain while preventing new ones from starting before a restart or a stop. The RestartSec value which controls the time between the service stop and start when restarting has been reduced from 150 seconds to 2 seconds to make the restart happen faster. These values can be adjusted by using the keystone_*_init_config_overrides variables which use the config_template task to change template defaults.

15.1.2

Critical Issues

  • A bug that caused the Keystone credential keys to be lost when the playbook is run during a rebuild of the first Keystone container has been fixed. Please see launchpad bug 1667960 for more details.

15.0.0

New Features

  • Capping the default value for the variable keystone_wsgi_processes to 16 when the user doesn’t configure this variable. Default value is half the number of vCPUs available on the machine with a capping value of 16.

Upgrade Notes

  • The variables keystone_requirements_git_repo and keystone_requirements_git_install_branch have been removed in favour of using the URL/path to the upper-constraints file using the variable pip_install_upper_constraints instead.