Pike Series Release Notes
this page last updated: 2019-02-12 02:08:26.761614
Pike Series Release Notes
11.4.0-9
New Features
- In Keystone, we can set group_members_are_ids option. This parameter enables
the members of the group object class to be keystone user IDs
rather than LDAP DNs. This is the case when using posixGroup as the group
object class in Open Directory.
- Adds user_description_attribute mapping support to the LDAP backend.
- Add openstack-db tag to Exec that run db-sync.
Bug Fixes
- Fixed a bug where the keystone_user resource would test the password with
a disabled project causing it to think the password was changed when it
actually wasn’t.
11.3.0
New Features
- Added parameters for advanced configuration of httpd access and error logs
destinations, like syslog (see mod_syslog). Note that this feature
requires Apache2 >= 2.5.0. Lesser versions do not provide the required
mod_syslog module.
Bug Fixes
- issue with python-ldappool and python-ldap uninstalling each other each run.
11.2.0
New Features
- Add two parameters to apache wsgi to allow overwrite and/or add additional wsgi process options.
Upgrade Notes
- Deprecated keystone authtoken signing_dir option is removed in Pike.
11.1.0
Bug Fixes
- The token flush cron job has been modified to run every hour instead of once a day. This is because this was causing issues with larger deployments, as the operation would take too long and sometimes even fail because of the transaction being so large. Note that this only affects people using the UUID token provider.
11.0.0
New Features
- The flag ‘create_domain_entry’ was added to the ‘keystone::ldap_backend’ resource. It defaults to false. But, if set to true, it will create the domain in keystone and will attempt to refresh the keystone server. Note that in order for the keystone server to be refreshed, the ‘manage_service’ and ‘enabled’ flags need to be set in the base ::keystone module.
- Add new parameter “rpc_response_timeout”, seconds to wait for a response from a call
- Add support for oslo_messaging_amqp 1.0 backend via puppet-oslo resource
- Calls to the ‘::keystone::resource::service_identity’ will automatically create roles as needed. So if a role is specified, the resource will make sure it exists.
- Implement a basic crontab that does fernet keys rotations with
keystone::cron::fernet_rotate class. This crontab won’t take
care of the key distribution but just run keystone-manage fernet_rotate
command in a scheduled way.
- The parameter ‘fernet_replace_keys’ was added; this tells the manifest to not replace the fernet keys if they have been added already. This is useful in cases where rotation happens outside of puppet, and running puppet again would replace the keys and result in an invalid setup.
Deprecation Notes
- keystone::endpoint::version is not default to undef which means Keystone endpoints will be versionless by default, so it enables services to reach Keystone v3 with is the current stable version. Therefore, we don’t need the version parameter, so we deprecate it in this cycle and will remove it later. If the user used to set ‘unset’ to $version, it will keep v2.0 endpoint but a migration to undef is recommended.
this page last updated: 2019-02-12 02:08:26.761614