Train Series Release Notes¶
15.4.0-18¶
New Features¶
Add TLS options to oslo.cache
Allow to specify drivername for postgres db
Adds interface parameter to keystone::resource::authtoken allow services to configure the interface to use for the Identity API endpoint. Valid values are “public”, “internal” or “admin”.
The keystone::endpoint::service_description parameter has been added with the default value of ‘OpenStack Identity Service’ (moved from hardcoded value to a parameter). This is used when setting the description on the identity service managed by the keystone::endpoint class.
Bug Fixes¶
Workers are raised to 2 x os_workers, so that we have as many workers as the one we had before we merged 2 keystone services(public and admin).
Fixed a bug where the keystone::resource::authtoken resource would not install the proper python memcache bindings when using python3.
The
default/public_endpiint
parameter is no longer set by default because of known issue with different hosts/protocol used for each endpoints (especially for admin endpoint and public endpoint)
In case public_endpoint can’t be used and keystone providers are required, the deprecated
keystone::public_bind_host
andkeystone::public_port
can still be used so that all provider implementations can detect endpoint url from these parameters. These parameters are added to keystone.conf if non-default value is set.
15.4.0¶
Deprecation Notes¶
keystone::public_bind_host and keystone::public_port are now fully deprecated, and don’t affect the correspoiding parameters under eventlet section. These parameters are currently used to generate public_host only if keystone::public_endpoint is not set. However, users should use public_endpoint instead because this generation will be removed in a future release.
15.2.0¶
New Features¶
Allow users to run the RabbitMQ heartbeat over a native python thread in the oslo.messaging RabbitMQ driver, by using the rabbit_heartbeat_in_pthread option in configuration.
Deprecation Notes¶
keystone::admin_bind_host and keystone::admin_port are deprecated and ignored as the correspoding options in keystone were already deprecated.
Now keystone::admin_endpoint does not affect keystone configuration, as the corresponding parameter in keystone was already removed.
keystone::public_bind_host and keystone::public_port are deprecated. They still works as valid hieradata to generate endpoint information used in keystone resource creation, but will be ignored in future. Use keystone::public_endpoint instead, which will be necessory option in the future to define public endpoint.
keystone::admin_workers and keystone::public_workers are deprecated, and now are ignored.
15.1.0¶
New Features¶
Add support to configure [oslo_middleware]/max_request_body_size with $max_request_body_size in the keystone:: class.
memcache_socket_timeout is changed to float value.
New resource, keystone::resource::service_user, is available to configure Keystone authentication parameters to use service token feature.
15.0.0¶
New Features¶
Add support to configure [keystone_authtoken]/service_token_roles with $service_token_roles in the keystone::resource::authtoken resource.
Upgrade Notes¶
The deprecated parameters main_port and admin_port in keystone::federation::openidc is now removed.
The keystone::federation::openidc::keystone_url parameter is now mandatory and does not fallback on the keystone::public_endpoint value.
The deprecated parameters in keystone::wsgi::apache is removed, see below for what parameters you should use instead.
Removed
servername_admin
please useservername
Removed
public_port
andadmin_port
please useapi_port
Removed
admin_bind_host
please usebind_host
Removed
public_path
andadmin_path
please usepath
Removed
ssl_cert_admin
andssl_key_admin
please usessl_cert
andssl_key
Removed
wsgi_admin_script_source
andwsgi_public_script_source
please usewsgi_script_source
Removed
custom_wsgi_process_options_main
andcustom_wsgi_process_options_admin
please usecustom_wsgi_process_options
The deprecated resources keystone_paste_ini, keystone::config::keystone_paste_config, keystone::disable_admin_token_auth, keystone::disable_v2_api and keystone::paste_config is removed.
Deprecation Notes¶
database_idle_timeout is deprecated and will be removed in a future release. Please use database_connection_recycle_time instead.