Rocky Series Release Notes¶
In Keystone, we can set group_members_are_ids option. This parameter enables the members of the group object class to be keystone user IDs rather than LDAP DNs. This is the case when using posixGroup as the group object class in Open Directory.
Added new parameter keystone::manage_backend_package that is sent to the oslo::cache class which determines if the backend cache python library should be installed or not. Defaults to true same as oslo::cache default value.
Add support to configure [oslo_middleware]/max_request_body_size with $max_request_body_size in the keystone:: class.
Fixed a bug where the keystone_user resource would test the password with a disabled project causing it to think the password was changed when it actually wasn’t.
The collect_timing parameter has been added to keystone::resource::authtoken which will set this config option in the keystone_authtoken section.
Add ‘service_token_roles_required’ missing in the authtoken which allows backwards compatibility to ensure that the service tokens are compared against a list of possible roles for validity.
All references for the Keystone port 35357 in the module has been replaced with port 5000, we recommend you update any hardcoded values for port 35357 to port 5000 because port 35357 will be removed in a future release.
Keystone is currently deployed with port 35357 and port 5000 and will continue being deployed with both ports however the usage of port 35357 is now deprecated and deployment of port 35357 will be removed in a future release.
The deprecated parameter keystone::wsgi::apache::wsgi_script_source is now removed. Please use the wsgi_public_script_source and wsgi_admin_script_source instead.
The deprecated keystone::rabbit_host, keystone::rabbit_hosts, keystone::rabbit_password, keystone::rabbit_port, keystone::rabbit_userid and keystone::rabbit_virtual_host are now removed. Please use keystone::default_transport_url instead.
The deprecated keystone::service_provider parameter is now removed.
keystone::federation::mellon::module_plugin, keystone::federation::shibboleth::module_plugin, keystone::federation::openidc::module_plugin have been deprecated and are no longer used.
The wsgi_script_ensure parameter now has NO affect and is deprecated for removal.
Fixed bug where it would select the wrong memcache python binding package name when installing on RedHat based operating systems. Deployments settings the manage_memcache_package to true is now working as intended.
Adds the pool_timeout option for configuring oslo.db. This will configure this value for pool_timeout with SQLAlchemy.
Add openstack-db tag to Exec that run db-sync.
Deprecated keystone::authtoken::revocation_cache_time option has been removed.
auth_uri is deprecated and will be removed in a future release. Please use www_authenticate_uri instead.
Remove deprecated user_allow_* and group_allow_* options for ldap.