[release-announce] puppet-keystone 14.2.0 (stein)
no-reply at openstack.org
no-reply at openstack.org
Fri Feb 15 00:13:59 UTC 2019
We are ecstatic to announce the release of:
puppet-keystone 14.2.0: Puppet module for OpenStack Keystone
This release is part of the stein release series.
Download the package from:
https://tarballs.openstack.org/puppet-keystone/
For more details, please see below.
14.2.0
^^^^^^
Prelude
*******
This release puppet-keystone no longer deploys keystone with separated
ports (admin and public as they were called in v2.0). By default
keystone will only listen to port 5000, you need to make sure all your
services are configured to use the correct port to talk to keystone.
New Features
************
* In Keystone, we can set group_members_are_ids option. This
parameter enables the members of the group object class to be
keystone user IDs rather than LDAP DNs. This is the case when using
posixGroup as the group object class in Open Directory.
* Added new parameter keystone::federation::openidc::keystone_url
that can be used to set the keystone url for federation, if not
provided it will use keystone::public_endpoint.
Upgrade Notes
*************
* The deprecated parameters keystone::debug, keystone::use_syslog,
keystone::use_stderr and keystone::log_facility is removed, please
set them in the keystone::logging class.
* The deprecated params keystone::enable_pki_setup,
signing_certfile, signing_keyfile, signing_ca_certs, signing_ca_key,
signing_cert_subject and signing_key_size is now removed.
* The deprecated parameter keystone::memcache_servers is now removed
and the automatic behavior to set cache_enabled and cache_backend
has been removed. You must now set the cache_memcached_servers and
explicitly set cache_enabled to true and cache_backend to the
backend you want to use for caching.
* Keystone is now deployed with only port 5000, you can change this
with keystone::wsgi::apache::api_port, you need to make sure all
your services are configured to talk to keystone on this port. If
you want to keep backward compatibility with port 35357 you should
pass an array to api_port with both port 35357 and 5000.
* The providers has been updated to read DEFAULT/public_port which
defaults to 5000 and use that port to talk to Keystone when managing
resources. You need to make sure that keystone::public_port and
keystone::wsgi::apache::api_port is set to the same value if you are
deploying keystone with Apache WSGI.
* keystone::federation::mellon is now added to Keystone WSGI for
port 5000 by default and admin_port and main_port parameters does
not do anything and is deprecated.
* keystone::federation::shibboleth is now added to Keystone WSGI for
port 5000 by default and admin_port and main_port parameters does
not do anything and is deprecated.
* keystone::federation::openidc is now added to Keystone WSGI for
port 5000 by default and admin_port and main_port parameters does
not do anything and is deprecated.
* keystone::federation::openidc::keystone_url parameter has been
added to give the keystone endpoint, if it's not provided
keystone::public_endpoint will be used. We recommend that you set
this since keystone::public_endpoint might be deprecated in a future
release.
* The deprecated keystone::python class is now removed.
* The deprecated parameter keystone::wsgi::wsgi_script_ensure is now
deleted.
Deprecation Notes
*****************
* keystone_paste_ini resource,
keystone::config::keystone_paste_config,
keystone::disable_admin_token_auth, keystone::disable_v2_api and
keystone::paste_config is all deprecated and has no effect on how
Keystone behaves. These will be removed in the next release,
keystone is not reading the paste configuration in Stein.
* keystone::federation::mellon::module_plugin,
keystone::federation::shibboleth::module_plugin,
keystone::federation::openidc::module_plugin have been removed.
* The keystone::cache_dir parameter is now deprecated and will be
removed in a future release. It has no effect since it was only
related to PKI which is removed.
* The parameter
keystone::resource::authtoken::check_revocations_for_cached is
deprecated and will be removed in a future release. It was related
to PKI which is removed.
* The parameter keystone::resource::authtoken::hash_algorithms is
deprecated and will be removed in a future release. It was related
to PKI which is removed.
* As of the removal of port 35357 the following parameters are
deprecated in the keystone::wsgi::apache class and has no effect:
* "servername_admin" please use "servername"
* "public_port" and "admin_port" please use "api_port"
* "admin_bind_host" please use "bind_host"
* "public_path" and "admin_path" please use "path"
* "ssl_cert_admin" and "ssl_key_admin" please use "ssl_cert"
and "ssl_key"
* "wsgi_admin_script_source" and "wsgi_public_script_source"
please use "wsgi_script_source"
* "custom_wsgi_process_options_main" and
"custom_wsgi_process_options_admin" please use
"custom_wsgi_process_options"
* keystone::federation::mellon::admin_port and main_port is
deprecated and has no effect and will be removed in a future
release.
* keystone::federation::shibboleth::admin_port and main_port is
deprecated and has no effect and will be removed in a future
release.
* keystone::federation::openidc::admin_port and main_port is
deprecated and has no effect and will be removed in a future
release.
* keystone::federation::openidc_httpd_configuration is deprecated
and will be removed in a future release.
Changes in puppet-keystone 14.1.0..14.2.0
-----------------------------------------
4d679a4 Prepare Stein M2
ace7aeb Remove port 35357 deployment
5a93287 Revert "Remove auth_uri"
2dbb1f3 Add rabbitmq dependency
3288bfc Fix editorial problem
95f02a4 Correct openid federation protocol name in httpd template
7397dae Fix lint
2f8d0c3 Remove auth_uri
5f5eb4c Cleanup documentation
f349eb8 Remove module_plugins
d3c3ff0 Fix module structure
b141b3a Fix lint
8e44af1 update support for openidc in puppet-keystone
a25e8ee Remove deprecated PKI
a2a6d22 Remove deprecated logging parameters
287b45d Change openstack-dev to openstack-discuss
fa21938 Add a LDAP param group_members_are_ids
7ecf923 Remove deprecated class keystone::python
1235a79 Remove deprecated keystone::memcache_servers
ebd139c Remove deprecated keystone::wsgi::wsgi_script_ensure
697be3b Deprecate all paste code
Diffstat (except docs and test files)
-------------------------------------
README.md | 2 +-
ext/keystone_test.rb | 55 ---
ext/keystone_test_v3.rb | 64 ---
lib/puppet/provider/keystone.rb | 4 +-
.../provider/keystone_paste_ini/ini_setting.rb | 1 +
lib/puppet/type/keystone_paste_ini.rb | 3 +
manifests/config.pp | 20 +-
manifests/db/mysql.pp | 16 +-
manifests/db/sync.pp | 4 +-
manifests/deps.pp | 1 +
manifests/disable_admin_token_auth.pp | 34 +-
manifests/disable_v2_api.pp | 24 +-
manifests/federation.pp | 31 ++
manifests/federation/identity_provider.pp | 4 +-
manifests/federation/mellon.pp | 77 ++-
manifests/federation/openidc.pp | 89 ++--
.../federation/openidc_httpd_configuration.pp | 16 +-
manifests/federation/shibboleth.pp | 57 +--
manifests/init.pp | 223 ++-------
manifests/ldap.pp | 6 +
manifests/ldap_backend.pp | 6 +
manifests/logging.pp | 220 ++++-----
manifests/params.pp | 8 +-
manifests/policy.pp | 4 +-
manifests/python.pp | 21 -
manifests/resource/authtoken.pp | 48 +-
manifests/wsgi/apache.pp | 306 +++++-------
metadata.json | 10 +-
...add-group_members_are_ids-7decbef235d0afd8.yaml | 7 +
.../deprecate-keystone-paste-01d714353e5544df.yaml | 8 +
...remove-deprecated-logging-d3004849c0e4e66a.yaml | 6 +
...-deprecated-module_plugin-2a8159de7e119dda.yaml | 6 +
.../remove-deprecated-pki-9a1c242be81e5104.yaml | 19 +
.../remove-memcache-servers-26d449260910ac1c.yaml | 7 +
.../notes/remove-port-35357-ba49d2cf102f8c38.yaml | 64 +++
.../remove-python-class-50fd67c3fcabdac1.yaml | 4 +
...remove-wsgi-script-ensure-8507f913c9d6076c.yaml | 4 +
setup.cfg | 2 +-
.../keystone_federation_identity_provider_spec.rb | 4 -
.../keystone_federation_shibboleth_spec.rb | 4 -
spec/acceptance/keystone_wsgi_apache_spec.rb | 4 -
spec/classes/keystone_config_spec.rb | 13 -
.../keystone_disable_admin_token_auth_spec.rb | 20 -
spec/classes/keystone_federation_mellon_spec.rb | 38 +-
spec/classes/keystone_federation_openidc_spec.rb | 50 +-
.../classes/keystone_federation_shibboleth_spec.rb | 65 +--
spec/classes/keystone_federation_spec.rb | 36 ++
spec/classes/keystone_init_spec.rb | 186 +------
spec/classes/keystone_ldap_spec.rb | 2 +
spec/classes/keystone_wsgi_apache_spec.rb | 547 +++++----------------
spec/defines/keystone_ldap_backend_spec.rb | 2 +
spec/defines/keystone_resource_authtoken_spec.rb | 6 -
spec/unit/provider/keystone_spec.rb | 14 +-
spec/unit/type/keystone_paste_ini_spec.rb | 1 +
templates/openidc.conf.erb | 18 +-
56 files changed, 830 insertions(+), 1726 deletions(-)
More information about the Release-announce
mailing list