Train Series Release Notes¶
Add TLS options to oslo.cache
Allow to specify drivername for postgres db
Adds interface parameter to keystone::resource::authtoken allow services to configure the interface to use for the Identity API endpoint. Valid values are “public”, “internal” or “admin”.
The keystone::endpoint::service_description parameter has been added with the default value of ‘OpenStack Identity Service’ (moved from hardcoded value to a parameter). This is used when setting the description on the identity service managed by the keystone::endpoint class.
Workers are raised to 2 x os_workers, so that we have as many workers as the one we had before we merged 2 keystone services(public and admin).
Fixed a bug where the keystone::resource::authtoken resource would not install the proper python memcache bindings when using python3.
default/public_endpiintparameter is no longer set by default because of known issue with different hosts/protocol used for each endpoints (especially for admin endpoint and public endpoint)
In case public_endpoint can’t be used and keystone providers are required, the deprecated
keystone::public_portcan still be used so that all provider implementations can detect endpoint url from these parameters. These parameters are added to keystone.conf if non-default value is set.
keystone::public_bind_host and keystone::public_port are now fully deprecated, and don’t affect the correspoiding parameters under eventlet section. These parameters are currently used to generate public_host only if keystone::public_endpoint is not set. However, users should use public_endpoint instead because this generation will be removed in a future release.
Allow users to run the RabbitMQ heartbeat over a native python thread in the oslo.messaging RabbitMQ driver, by using the rabbit_heartbeat_in_pthread option in configuration.
keystone::admin_bind_host and keystone::admin_port are deprecated and ignored as the correspoding options in keystone were already deprecated.
Now keystone::admin_endpoint does not affect keystone configuration, as the corresponding parameter in keystone was already removed.
keystone::public_bind_host and keystone::public_port are deprecated. They still works as valid hieradata to generate endpoint information used in keystone resource creation, but will be ignored in future. Use keystone::public_endpoint instead, which will be necessory option in the future to define public endpoint.
keystone::admin_workers and keystone::public_workers are deprecated, and now are ignored.
Add support to configure [oslo_middleware]/max_request_body_size with $max_request_body_size in the keystone:: class.
memcache_socket_timeout is changed to float value.
New resource, keystone::resource::service_user, is available to configure Keystone authentication parameters to use service token feature.
Add support to configure [keystone_authtoken]/service_token_roles with $service_token_roles in the keystone::resource::authtoken resource.
The deprecated parameters main_port and admin_port in keystone::federation::openidc is now removed.
The keystone::federation::openidc::keystone_url parameter is now mandatory and does not fallback on the keystone::public_endpoint value.
The deprecated parameters in keystone::wsgi::apache is removed, see below for what parameters you should use instead.
The deprecated resources keystone_paste_ini, keystone::config::keystone_paste_config, keystone::disable_admin_token_auth, keystone::disable_v2_api and keystone::paste_config is removed.
database_idle_timeout is deprecated and will be removed in a future release. Please use database_connection_recycle_time instead.