[release-announce] [puppet] puppet-keystone 11.0.0 (pike)

no-reply at openstack.org no-reply at openstack.org
Wed Apr 12 18:36:07 UTC 2017 

We are jazzed to announce the release of:

puppet-keystone 11.0.0: Puppet module for OpenStack Keystone

This release is part of the pike release series.

Download the package from:

    https://tarballs.openstack.org/puppet-keystone/

For more details, please see below.

11.0.0
^^^^^^


New Features
************

* The flag 'create_domain_entry' was added to the
  'keystone::ldap_backend' resource. It defaults to false. But, if set
  to true, it will create the domain in keystone and will attempt to
  refresh the keystone server. Note that in order for the keystone
  server to be refreshed, the 'manage_service' and 'enabled' flags
  need to be set in the base ::keystone module.

* Add new parameter "rpc_response_timeout", seconds to wait for a
  response from a call

* Add support for oslo_messaging_amqp 1.0 backend via puppet-oslo
  resource

* Calls to the '::keystone::resource::service_identity' will
  automatically create roles as needed. So if a role is specified, the
  resource will make sure it exists.

* Implement a basic crontab that does fernet keys rotations with
  keystone::cron::fernet_rotate class. This crontab won't take care of
  the key distribution but just run *keystone-manage fernet_rotate*
  command in a scheduled way.

* The parameter 'fernet_replace_keys' was added; this tells the
  manifest to not replace the fernet keys if they have been added
  already. This is useful in cases where rotation happens outside of
  puppet, and running puppet again would replace the keys and result
  in an invalid setup.


Deprecation Notes
*****************

* keystone::endpoint::version is not default to undef which means
  Keystone endpoints will be versionless by default, so it enables
  services to reach Keystone v3 with is the current stable version.
  Therefore, we don't need the version parameter, so we deprecate it
  in this cycle and will remove it later. If the user used to set
  'unset' to $version, it will keep v2.0 endpoint but a migration to
  undef is recommended.

Changes in puppet-keystone 10.3.0..11.0.0
-----------------------------------------

f7d70a8 oslo db: check puppet resource instead of actual config in spec
d7bc690 Enable creating the domain for LDAP backends
127b42c Drop -dev for release prep
85e2dba Ensure role when to assigning a role for a service user to a project
8513563 Make replacing fernet keys if they already exist configurable
7b1df19 Update test-requirements.txt
c92454d Implement crontab to perform Fernet keys rotations
92144af oslo log: check puppet resource instead of actual config in spec
b87e23f Fix typo
6c5c862 rabbitmq SSL: check puppet resource instead of actual config
8fd9f18 Replace obsolete vanity openstack.org URLs
e1e256a Prepare Pike metadata
283ef7f Deprecate keystone::endpoint::version
f311e30 Introduce support for oslo.messaging amqp driver configuration
cc50dfb Add rpc_response_timeout option
d369e3a Fix shibboleth tests
b0ee242 Update reno for stable/ocata


Diffstat (except docs and test files)
-------------------------------------

ext/keystone_test.rb                               |   2 +-
ext/keystone_test_v3.rb                            |   2 +-
manifests/cron/fernet_rotate.pp                    |  81 ++++++++
manifests/endpoint.pp                              |  10 +-
manifests/init.pp                                  |  17 +-
manifests/ldap_backend.pp                          |  15 ++
manifests/messaging/amqp.pp                        |  63 +++++++
manifests/resource/service_identity.pp             |   7 +
metadata.json                                      | 138 +++++++-------
...-on-ldap_backend-resource-ac3cc85bc101883e.yaml |   7 +
...saging_default_parameters-8719a35df77146e1.yaml |   4 +
.../add_oslo_messaging_amqp1-04e7a2a4951c65f4.yaml |   3 +
.../autocreate-keystone-role-98c565ce590d9d32.yaml |   5 +
.../fernet_rotate_crontab-aad7ddda61d8ee31.yaml    |   7 +
.../notes/keystonev3-919f2e4842670c0f.yaml         |   9 +
...-fernet-keys-configurable-4e8f342f4a8ec67a.yaml |   6 +
releasenotes/source/conf.py                        |  12 +-
releasenotes/source/index.rst                      |   1 +
releasenotes/source/ocata.rst                      |   6 +
spec/classes/keystone_cron_fernet_rotate_spec.rb   | 105 +++++++++++
spec/classes/keystone_db_spec.rb                   |  46 ++---
spec/classes/keystone_endpoint_spec.rb             |  22 +--
.../classes/keystone_federation_shibboleth_spec.rb | 207 ++++++++++++++++-----
spec/classes/keystone_init_spec.rb                 |  74 ++++++--
spec/classes/keystone_logging_spec.rb              | 125 ++++++-------
spec/classes/keystone_messaging_amqp_spec.rb       |  67 +++++++
spec/defines/keystone_ldap_backend_spec.rb         |  19 ++
.../keystone_resource_service_identity_spec.rb     |   3 +
test-requirements.txt                              |  11 +-
29 files changed, 810 insertions(+), 264 deletions(-)


Requirements updates
--------------------

diff --git a/test-requirements.txt b/test-requirements.txt
index bedd666..1ea50a8 100644
--- a/test-requirements.txt
+++ b/test-requirements.txt
@@ -1,4 +1,7 @@
-# this is required for the docs build jobs
-sphinx!=1.2.0,!=1.3b1,<1.3,>=1.1.2
-oslosphinx>=2.5.0 # Apache-2.0
-reno>=0.1.1 # Apache-2.0
+# This is required for the docs build jobs
+sphinx>=1.5.1  # BSD
+oslosphinx>=4.7.0  # Apache-2.0
+
+# This is required for the releasenotes build jobs
+# FIXME: reno is manually pinned to !=2.0.0 because of bug #1651995
+reno>=1.8.0,!=2.0.0  # Apache-2.0

More information about the Release-announce mailing list