Rocky Series Release Notes

Rocky Series Release Notes

13.3.1-4

New Features

  • In Keystone, we can set group_members_are_ids option. This parameter enables the members of the group object class to be keystone user IDs rather than LDAP DNs. This is the case when using posixGroup as the group object class in Open Directory.

  • Added new parameter keystone::manage_backend_package that is sent to the oslo::cache class which determines if the backend cache python library should be installed or not. Defaults to true same as oslo::cache default value.

Bug Fixes

  • Fixed a bug where the keystone_user resource would test the password with a disabled project causing it to think the password was changed when it actually wasn’t.

13.3.0

New Features

  • The collect_timing parameter has been added to keystone::resource::authtoken which will set this config option in the keystone_authtoken section.

  • Add ‘service_token_roles_required’ missing in the authtoken which allows backwards compatibility to ensure that the service tokens are compared against a list of possible roles for validity.

Upgrade Notes

  • All references for the Keystone port 35357 in the module has been replaced with port 5000, we recommend you update any hardcoded values for port 35357 to port 5000 because port 35357 will be removed in a future release.

Deprecation Notes

  • Keystone is currently deployed with port 35357 and port 5000 and will continue being deployed with both ports however the usage of port 35357 is now deprecated and deployment of port 35357 will be removed in a future release.

13.1.0

Upgrade Notes

  • The deprecated parameter keystone::wsgi::apache::wsgi_script_source is now removed. Please use the wsgi_public_script_source and wsgi_admin_script_source instead.

  • The deprecated keystone::rabbit_host, keystone::rabbit_hosts, keystone::rabbit_password, keystone::rabbit_port, keystone::rabbit_userid and keystone::rabbit_virtual_host are now removed. Please use keystone::default_transport_url instead.

  • The deprecated keystone::service_provider parameter is now removed.

Deprecation Notes

  • keystone::federation::mellon::module_plugin, keystone::federation::shibboleth::module_plugin, keystone::federation::openidc::module_plugin have been deprecated and are no longer used.

  • The wsgi_script_ensure parameter now has NO affect and is deprecated for removal.

Bug Fixes

  • Fixed bug where it would select the wrong memcache python binding package name when installing on RedHat based operating systems. Deployments settings the manage_memcache_package to true is now working as intended.

13.0.0

New Features

  • Adds the pool_timeout option for configuring oslo.db. This will configure this value for pool_timeout with SQLAlchemy.

  • Add openstack-db tag to Exec that run db-sync.

Upgrade Notes

  • Deprecated keystone::authtoken::revocation_cache_time option has been removed.

Deprecation Notes

  • auth_uri is deprecated and will be removed in a future release. Please use www_authenticate_uri instead.

Other Notes

  • Remove deprecated user_allow_* and group_allow_* options for ldap.

Creative Commons Attribution 3.0 License

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.