There are cases where policy file is re-generated freshly
and end up having the new defaults only but expectation is that
old deprecated rule keep working.
If a rule is present in policy file then, that has priority over
its defaults so either rules should not be present in policy file
or users need to update their token to match the overridden rule
permission.
This issue was always present when any policy defaults were changed
with old defaults being supported as deprecated. This is we have
changed all the policy for new defaults so it came up as broken case.
Adding nova-status upgrade check also to detect such policy file.
Related-Bug: #1875418
Change-Id: Id9cd65877e53577bff22e408ca07bbeec4407f6e
This legacy service is no longer used and was deprecated during the
Stein cycle [1]. It's time to say adios and remove them in their
entirety. This is pretty straightforward, with the sole exception of
schema for the 'remote-consoles' API, which has to continue supporting
requests for type 'xvpvnc' even if we can't fulfil those requests now.
[1] https://review.opendev.org/#/c/610076/
Part of blueprint remove-xvpvncproxy
Depends-On: https://review.opendev.org/695853
Change-Id: I2f7f2379d0cd54e4d0a91008ddb44858cfc5a4cf
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
Get excited, people. It's finally dying, for real. There is a lot more
doc work needed here, but this is a start. No need for a release note
modification since we've already said that nova-network has been
removed, so there's no point in saying that the service itself has been
removed since that's implicit.
Change-Id: I18d73212f9d98bc75974a024cf6fd872fdfb1ca4
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
The "Request Spec Migration" upgrade status check was added
in Rocky [1] and the related online data migration was removed
in Stein [2]. Now that we're in Train we should be able to
remove the upgrade status check.
The verify install docs are updated to remove the now-removed
check along with "Console Auths" which were removed in Train [3].
[1] I1fb63765f0b0e8f35d6a66dccf9d12cc20e9c661
[2] Ib0de49b3c0d6b3d807c4eb321976848773c1a9e8
[3] I5c7e54259857d9959f5a2dfb99102602a0cf9bb7
Change-Id: I6dfa0b226ab0b99864fc27209ebb7b73e3f73512
The output of 'nova-manage cell_v2 list_cells' command
has been modified since Idb306e4f854957fd2ded9ae061fc27f0ef768fc0 and
I96a6d5e59d33c65314fc187c0286ce3408d30bdc.
Fix the output of the command in the install documents.
Change-Id: I45d0e2ee1ff182347345af46f9a388f2884ba6cd
Closes-Bug: #1833647
We're going to remove all the code, but first, remove the docs.
Part of blueprint remove-consoleauth
Change-Id: Ie96e18ea7762b93b4116b35d7ebcfcbe53c55527
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
ZeroMQ driver is deprecated, as per the Dublin 2018 PTG decision:
http://lists.openstack.org/pipermail/openstack-dev/2018-March/128055.html
This change simply replaces the zeromq mention with a link to the
other oslo.messaging drivers.
Co-Authored-By: Matt Riedemann <mriedem.os@gmail.com>
Change-Id: I0c8d488c1daecc71d7d2817ffb4ae10727771d19
There is an inconsistency for keystone domain names
in the nova doc. ('default' and 'Default')
Replace 'default' with 'Default'.
Change-Id: I437092d04b0cbea78942efd5f565734f34bcbcb2
Closes-Bug: #1821411
In a fairly hack and slash fashion, remove the installation of placement
from the nova install docs. Placement will have its own installation
docs.
Configuring access to placement from the controller and compute nodes is
still described.
The depends-on is to the patch that provides placement install docs.
The output of 'nova-status upgrade check' is updated to reflect the
current state of the output of that command; this means it now
includes a fair bit more than checking cells v2 and the existence
of the placement API.
Depends-On: https://review.openstack.org/#/c/628220/
Change-Id: I9e082a9c6d4b6369f1ec6c17bbd3ccc417a5e97b
The installation of the nova-consoleauth service was erroneously
removed from the docs prematurely. The nova-consoleauth service
is still being used in Rocky, with the removal being possible in
Stein.
This should have been fixed as part of change
Ibbdc7c50c312da2acc59dfe64de95a519f87f123 but was missed.
This is also related to the release note update in Rocky
under change Ie637b4871df8b870193b5bc07eece15c03860c06.
Co-Authored-By: Matt Riedemann <mriedem.os@gmail.com>
Closes-Bug: #1793255
Related-Bug: #1798188
Change-Id: Ied268da9e70bd2807c2dfe7a479181fbec52979d
Placement documents have been published since
I667387ec262680af899a628520c107fa0d4eec24.
So use links to placement documents
https://docs.openstack.org/placement/latest/
in nova documents.
Change-Id: I218a6d11fea934e8991e41b4b36203c6ba3e3dbf
after the changed[1], the nubmers of service components on
controller node should be two rather than three.
[1]: https://review.openstack.org/#/c/604277/
Change-Id: Iada43eb7f36f946d1713b20a50ebdeb8c69d0545
Closes-Bug: #1801444
This is a relic that has long since been replaced by the noVNC proxy
service. Start preparing for its removal.
Change-Id: Icb225dec3ad291b751e475bd3703ce0eb30b44db
Because nova-consoleauth had deprecated since version 18.0.0,
it is better not to give reference of this service in verify operation
documentation file.
Change-Id: I0c3b9cfe96bcc3d7b6106c3e972ee9e2f79e419b
This adds some background, guidelines and structural
notes on writing nova-status upgrade checks.
This is intentionally written with some potentially
redundant information or nova developers as it's
also meant to be consumed outside nova as part of the
community-wide "upgrade-checkers" goal for Stein [1].
Story: 2003570
[1] https://governance.openstack.org/tc/goals/stein/upgrade-checkers.html
Change-Id: I340b25edeab3ac19c5d0bedfc69acd037d57bdd2
The document doesn't follow previous pattern to guide use
in using nova user to execute command and lead to issue
Change-Id: I795706a8f78ab4154bd39ce6259901800b34890e
Closes-Bug: 1781573
Option "os_region_name" from group "placement" is deprecated. Use
option "region_name" from group "placement".
Change-Id: Id44d456bb1bdb0c5564ad4f5d9cdee2f41226052
Related-Bug: #1762106
1. Beginning with the Queens release, the keystone install guide
recommends running all interfaces on the same port. This patch
updates the install guide to reflect that change.
2. update the deprecated neutron auth options
Change-Id: I5c0a6389b759153bae06fa43846f03ac083c3db4
This ensures we have version-specific references to other projects [1].
Note that this doesn't mean the URLs are actually valid - we need to do
more work (linkcheck?) here, but it's an improvement nonetheless.
[1] https://docs.openstack.org/openstackdocstheme/latest/#external-link-helper
Change-Id: Ifb99e727110c4904a85bc4a13366c2cae300b8df
The auth_uri option was deprecated and renamed in Queens:
I0cf11da3d395749df28077427689fdafc8a6b981
The auth_uri option is also no longer necessary, at least
for the purpose of the nova install guide, since all identity
service requests can be served through the single auth_url.
This change removes auth_uri usage and also updates the
auth_url value to match what is in the keystone install
guide:
https://docs.openstack.org/keystone/queens/install/keystone-install-ubuntu.html
Change-Id: Iff332890cbe1ba5b3876874e351b09c377d8dd5d
Closes-Bug: #1765144
It is not uncommon to triage bugs on a weekly basis where the
[neutron] auth credentials are not configured in nova.conf, which
generally leads to a 500 response in the compute API because of
the auth error.
With respect to neutron, the compute install guides really only
say to set use_neutron=True, but don't mention that configuring
the [neutron] section for auth is required. The networking service
install guide does, so it's a bit confusing why people make this
mistake in the first place, but as a reminder, this change adds
links from the compute install guide to the relevant sections
in the networking service install guides.
Change-Id: Id17457bd2770fcbebd6231919ba4002e75410089
Closes-Bug: #1761487
The metadata service docs were hard to find since they were nested
down in some nova-network admin guide docs, and they were a mix of
end user and admin deployment guide information.
This change splits out the end-user facing content into a user
guide and leaves the deployment-specific information in the admin
guide, and links are updated appropriately.
The admin guide portion also referenced some config options that no
longer exist, so those are also removed and vendordata_providers
is added with a link to the vendordata guide. The options themselves
are cleaned up for their current groups and linked to the config option
docs.
Change-Id: I66035366f3a7ca62ea12d6afa74d13db01ec9f8d
The formatting of the console commands is inconsistent between the
endpoint creation of the `compute` and the `placement` services. This
change reformats the commands.
Change-Id: I18f1cb8d5b3335d03e20c955c3c901b8dc1a8129
The bug report says all:
"There is a mismatch configuration for placement.
In the controller configuration, the guide suggests endpoints creation
pointing to port 8778, however in the default file provided in SLES 12
SP3, the port used is 8780."
Fix documentation to match sample file.
Change-Id: Ib4c881058b9b90ba136ff223064c113e63f98379
Closes-Bug: #1741329
