Current Series Release Notes

Current Series Release Notes


New Features

  • Add support to configure [keystone_authtoken]/service_token_roles with $service_token_roles in the keystone::resource::authtoken resource.

Upgrade Notes

  • The deprecated parameters main_port and admin_port in keystone::federation::openidc is now removed.

  • The keystone::federation::openidc::keystone_url parameter is now mandatory and does not fallback on the keystone::public_endpoint value.

  • The deprecated parameters in keystone::wsgi::apache is removed, see below for what parameters you should use instead.

    • Removed servername_admin please use servername

    • Removed public_port and admin_port please use api_port

    • Removed admin_bind_host please use bind_host

    • Removed public_path and admin_path please use path

    • Removed ssl_cert_admin and ssl_key_admin please use ssl_cert and ssl_key

    • Removed wsgi_admin_script_source and wsgi_public_script_source please use wsgi_script_source

    • Removed custom_wsgi_process_options_main and custom_wsgi_process_options_admin please use custom_wsgi_process_options

  • The deprecated resources keystone_paste_ini, keystone::config::keystone_paste_config, keystone::disable_admin_token_auth, keystone::disable_v2_api and keystone::paste_config is removed.

Deprecation Notes

  • database_idle_timeout is deprecated and will be removed in a future release. Please use database_connection_recycle_time instead.



In this release Ubuntu has moved all projects that supported it to python3 which means that there will be a lot of changes. The Puppet OpenStack project does not test the upgrade path from python2 to python3 packages so there might be manual steps required when moving to the python3 packages.

Upgrade Notes

  • This module now requires a puppetlabs-mysql version >= 6.0.0

  • Ubuntu packages are now using python3, the upgrade path is not tested by Puppet OpenStack. Manual steps may be required when upgrading.

  • The keystone::token_driver parameter which has had no effect that past couple of releases and is now deprecated. This parameter if it was set to memcache would install the appropriate python-memcache package. Now that this is removed you need to ensure keystone::manage_backend_package is set properly if you have caching enabled since that manages that package now. The default value for manage_backend_package is true so if you don’t set it explicitly to false there is no change required on your part.

Deprecation Notes

  • The keystone::token_driver is now deprecated, has no effect and will be removed in a future release.

Bug Fixes

  • Fixed a bug where the keystone_user resource would test the password with a disabled project causing it to think the password was changed when it actually wasn’t.

Other Notes

  • The default interface for the keystone providers is to use the “public” interface. This was changed from the “admin” one, since v3 doesn’t require it, and the keystone team even discourages using it.

Creative Commons Attribution 3.0 License

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.