Newton Series Release Notes


Bug Fixes

  • The token flush cron job has been modified to run every hour instead of once a day. This is because this was causing issues with larger deployments, as the operation would take too long and sometimes even fail because of the transaction being so large. Note that this only affects people using the UUID token provider.


New Features

  • keystone-manage can be used to setup Keystone Fernet Keys. Disabled by default as long as the proper version of keystone is not in UCA. Upstream Keystone is moving to Fernet token support as the default provider. With recent issues witj PKI, Fernet is the only viable token format for multisite. Note, if fernet_keys parameter is set to a valid hash, keystone-manage won’t be used to generate credential keys but Puppet will manage file resources for each key in the hash. It allows ensures that a the keys are synchronized in a multinode environment.

Known Issues

  • Python memcache package install when memcache servers are specified. This solves the issue where a dependency on the package was missed for components using memcache.


New Features

  • admin_password is now an argument to the main class. This is needed because keystone-manage bootstrap should be taking the admin_password, not the admin_token. The admin_password will initially default to the value of the admin_token, but the admin_token is on a path to deprecation and is already deprecated in Keystone itself, so do not rely on the default.

  • python-ldap follows/chases referrals with anonymous access but this is disabled by default in Active Directory. There is an argument to set this to default to disabled but for the moment just present an option for the user to choose.