Ocata Series Release Notes¶
15.1.12¶
Known Issues¶
If the protocol of either the keystone admin or internal endpoints is ‘https’ and SSL is being terminated at a load balancer, tasks which verify that services are responsive and perform the initial service setup through through the keystone hosts’ web server ports may fail.
Set
keystone_mod_wsgi_enabled
tofalse
to deploy Keystone under Uwsgi and allow the web server to be bypassed during these tasks.See Launchpad Bug 1699191 for more details.
15.1.11¶
New Features¶
Extra headers can be added to Keystone responses by adding items to
keystone_extra_headers
. Example:keystone_extra_headers: - parameter: "Access-Control-Expose-Headers" value: "X-Subject-Token" - parameter: "Access-Control-Allow-Headers" value: "Content-Type, X-Auth-Token" - parameter: "Access-Control-Allow-Origin" value: "*"
15.1.3¶
New Features¶
New variables have been added to allow a deployer to customize a keystone systemd unit file to their liking.
The task dropping the keystone systemd unit files now uses the
config_template
action plugin allowing deployers access to customize the unit files as they see fit without having to load extra options into the defaults and polute the generic systemd unit file with jinja2 variables and conditionals.
For the
os_keystone
role, the systemd unitTimeoutSec
value which controls the time between sending a SIGTERM signal and a SIGKILL signal when stopping or restarting the service has been reduced from 300 seconds to 120 seconds. This provides 2 minutes for long-lived sessions to drain while preventing new ones from starting before a restart or a stop. TheRestartSec
value which controls the time between the service stop and start when restarting has been reduced from 150 seconds to 2 seconds to make the restart happen faster. These values can be adjusted by using thekeystone_*_init_config_overrides
variables which use theconfig_template
task to change template defaults.
Upgrade Notes¶
For the
os_keystone
role, the systemd unitTimeoutSec
value which controls the time between sending a SIGTERM signal and a SIGKILL signal when stopping or restarting the service has been reduced from 300 seconds to 120 seconds. This provides 2 minutes for long-lived sessions to drain while preventing new ones from starting before a restart or a stop. TheRestartSec
value which controls the time between the service stop and start when restarting has been reduced from 150 seconds to 2 seconds to make the restart happen faster. These values can be adjusted by using thekeystone_*_init_config_overrides
variables which use theconfig_template
task to change template defaults.
15.1.2¶
Critical Issues¶
A bug that caused the Keystone credential keys to be lost when the playbook is run during a rebuild of the first Keystone container has been fixed. Please see launchpad bug 1667960 for more details.
15.0.0¶
New Features¶
Capping the default value for the variable
keystone_wsgi_processes
to 16 when the user doesn’t configure this variable. Default value is half the number of vCPUs available on the machine with a capping value of 16.
The os_keystone role now performs a rolling upgrade without downtime during installation. The process for rolling upgrades is documented here.
Upgrade Notes¶
The variables
keystone_requirements_git_repo
andkeystone_requirements_git_install_branch
have been removed in favour of using the URL/path to the upper-constraints file using the variablepip_install_upper_constraints
instead.