manila/releasenotes/notes/deprecate-old-ks-opts-in-nova-neutron-cinder-groups-e395015088d93fdc.yaml
Goutham Pacha Ravi 4947cb0f6c Deprecate old keystone session config opts
In the past, the options ca_certificates_file,
nova_ca_certificates_file, cinder_ca_certificates_file,
api_insecure, nova_api_insecure, cinder_api_insecure
were supplied to instantiate nova, neutron and cinder
clients. These options have now been subsumed in a more
generic way into the Keystone session logic as 'cafile'
and 'insecure'. Deprecate the older options in Stein so
that we can remove them in a future release.

This deprecation began many releases ago when we switched
to using keystone sessions [1]. However, we were still
overriding the values of "insecure" and "cafile" if provided,
forcing users to continue using deprecated parameters
"api_insecure" and "ca_certificates_file". So despite
this fix originating in the Stein release, it would be
prudent to backport it to all maintained releases and
remove support for these older options in/beyond Train
release (9.0.0).

[1] Ic211a11308a3295409467efd88bff413482ee58d
Change-Id: I148e9079c7c1ab119f519f727d4ad97758473325
Related-Bug: #1802393
Closes-Bug: #1809318
(cherry picked from commit 198bea78ac)
2018-12-26 20:37:30 +00:00

20 lines
941 B
YAML

---
fixes:
- |
`Launchpad bug 1809318 <https://bugs.launchpad.net/manila/+bug/1809318>`_
has been fixed. The deprecated options ``api_insecure`` and
``ca_certificates_file`` from nova, cinder, neutron or DEFAULT
configuration groups no longer override the newer ``insecure`` option if
provided. Always use ``insecure`` and ``cafile`` to control SSL
and validation since the deprecated options will be removed in a future
release.
deprecations:
- |
The options ``ca_certificates_file``, ``nova_ca_certificates_file``,
``cinder_ca_certificates_file``, ``api_insecure``, ``nova_api_insecure``
and ``cinder_api_insecure`` have been deprecated from the ``DEFAULT``
group as well as ``nova``, ``neutron`` and ``cinder`` configuration
groups. Use ``cafile`` to specify the CA certificates and ``insecure``
to turn off SSL validation in these respective groups (nova, neutron and
cinder).