[openstack-dev] [requirements][FFE][keystone][release] block keystonemiddleware 4.0.0
Tony Breeds
tony at bakeyournoodle.com
Wed Sep 14 04:39:39 UTC 2016
On Tue, Sep 13, 2016 at 03:53:46PM -0400, Steve Martinelli wrote:
> A bug was recently filed against keystone [1]. As of the Newton release we
> depend on a class being public -- BaseAuthProtocol instead of
> _BaseAuthProtocol [2]. Which was introduced in 4.1.0 [3].
>
> The current requirement for keystonemiddleware is:
> keystonemiddleware>=4.0.0,!=4.1.0,!=4.5.0
>
> Blocking 4.0.0 would logically make it:
> keystonemiddleware>=4.2.0,!=4.5.0
>
> I've pushed a patch to the requirements repo for this change [4]. I'd like
> to know if blocking the lower value makes sense, I realize it's advertised,
> but we're up to 4.9.0 now.
>
> Unfortunately, many projects depend on keystonemiddleware, but (luckily ?)
> this should only be server side projects [5], most of which are going
> through their RC period now.
So the *only* reasons we can do this is because no prjects have tagged RC1 and
the only projects that this really impacts are all services:
Package : keystonemiddleware [keystonemiddleware!=4.1.0,!=4.5.0,>=4.0.0] (used by 37 projects)
Included in : 27 projects
openstack/barbican [type:service]
openstack/cinder [type:service]
openstack/congress [type:service]
openstack/designate [type:service]
openstack/freezer-api [type:service]
openstack/glance [type:service]
openstack/heat [type:service]
openstack/ironic [type:service]
openstack/karbor [type:service]
openstack/keystone [type:service]
openstack/magnum [type:service]
openstack/manila [type:service]
openstack/mistral [type:service]
openstack/monasca-api [type:service]
openstack/monasca-log-api [type:service]
openstack/murano [type:service]
openstack/neutron [type:service]
openstack/nova [type:service]
openstack/sahara [type:service]
openstack/searchlight [type:service]
openstack/senlin [type:service]
openstack/solum [type:service]
openstack/tacker [type:service]
openstack/trove [type:service]
openstack/vitrage [type:service]
openstack/watcher [type:service]
openstack/zaqar [type:service]
Also affects : 10 projects
openstack/astara [release:cycle-with-milestones]
openstack/cue []
openstack/ironic-inspector [release:cycle-with-intermediary]
openstack/kingbird []
openstack/kosmos []
openstack/networking-sfc [release:independent]
openstack/nimble []
openstack/octavia [release:independent]
openstack/tricircle []
openstack/zun []
This will means that *all* theose projects need to delay RC1 until they merge
the generated requirements update. It also adds another thing for the release
managers to check in a tight window.
So I'm inclined to delay this until after we branch stable/newton.
I get that it's wrong to list a minimum we know is broken but I think that's the
less bad option at this point in the cycle. Packagers/deployers have a pretty
easy solution: Grab one of the otehr 9 versions:
4.2.0, 4.3.0, 4.4.0, 4.4.1, 4.5.1, 4.6.0, 4.7.0, 4.8.0 or 4.9.0
preferably 4.9.0 as that's what we're testing with.
This will be better in Ocata.
Yours Tony.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20160914/1b4f0004/attachment.pgp>
More information about the OpenStack-dev
mailing list