Current Series Release Notes


New Features

  • Allow users to run the RabbitMQ heartbeat over a native python thread in the oslo.messaging RabbitMQ driver, by using the rabbit_heartbeat_in_pthread option in configuration.

Deprecation Notes

  • keystone::admin_bind_host and keystone::admin_port are deprecated and ignored as the correspoding options in keystone were already deprecated.

  • Now keystone::admin_endpoint does not affect keystone configuration, as the corresponding parameter in keystone was already removed.

  • keystone::public_bind_host and keystone::public_port are deprecated. They still works as valid hieradata to generate endpoint information used in keystone resource creation, but will be ignored in future. Use keystone::public_endpoint instead, which will be necessory option in the future to define public endpoint.

  • keystone::admin_workers and keystone::public_workers are deprecated, and now are ignored.


New Features

  • Add support to configure [oslo_middleware]/max_request_body_size with $max_request_body_size in the keystone:: class.

  • memcache_socket_timeout is changed to float value.

  • New resource, keystone::resource::service_user, is available to configure Keystone authentication parameters to use service token feature.


New Features

  • Add support to configure [keystone_authtoken]/service_token_roles with $service_token_roles in the keystone::resource::authtoken resource.

Upgrade Notes

  • The deprecated parameters main_port and admin_port in keystone::federation::openidc is now removed.

  • The keystone::federation::openidc::keystone_url parameter is now mandatory and does not fallback on the keystone::public_endpoint value.

  • The deprecated parameters in keystone::wsgi::apache is removed, see below for what parameters you should use instead.

    • Removed servername_admin please use servername

    • Removed public_port and admin_port please use api_port

    • Removed admin_bind_host please use bind_host

    • Removed public_path and admin_path please use path

    • Removed ssl_cert_admin and ssl_key_admin please use ssl_cert and ssl_key

    • Removed wsgi_admin_script_source and wsgi_public_script_source please use wsgi_script_source

    • Removed custom_wsgi_process_options_main and custom_wsgi_process_options_admin please use custom_wsgi_process_options

  • The deprecated resources keystone_paste_ini, keystone::config::keystone_paste_config, keystone::disable_admin_token_auth, keystone::disable_v2_api and keystone::paste_config is removed.

Deprecation Notes

  • database_idle_timeout is deprecated and will be removed in a future release. Please use database_connection_recycle_time instead.



In this release Ubuntu has moved all projects that supported it to python3 which means that there will be a lot of changes. The Puppet OpenStack project does not test the upgrade path from python2 to python3 packages so there might be manual steps required when moving to the python3 packages.

Upgrade Notes

  • This module now requires a puppetlabs-mysql version >= 6.0.0

  • Ubuntu packages are now using python3, the upgrade path is not tested by Puppet OpenStack. Manual steps may be required when upgrading.

  • The keystone::token_driver parameter which has had no effect that past couple of releases and is now deprecated. This parameter if it was set to memcache would install the appropriate python-memcache package. Now that this is removed you need to ensure keystone::manage_backend_package is set properly if you have caching enabled since that manages that package now. The default value for manage_backend_package is true so if you don’t set it explicitly to false there is no change required on your part.

Deprecation Notes

  • The keystone::token_driver is now deprecated, has no effect and will be removed in a future release.

Bug Fixes

  • Fixed a bug where the keystone_user resource would test the password with a disabled project causing it to think the password was changed when it actually wasn’t.

Other Notes

  • The default interface for the keystone providers is to use the “public” interface. This was changed from the “admin” one, since v3 doesn’t require it, and the keystone team even discourages using it.