4f01f4ff88
The release notes said it was okay not to run the nova-consoleauth service in Rocky, but that's not true because the Rocky code is storing new console authorization tokens in both the database backend and the existing nova-consoleauth backend. The use of nova-consoleauth will be discontinued in Stein (for non-cells v1). We can't remove nova-consoleauth until we remove cells v1. Closes-Bug: #1788470 Change-Id: Ibbdc7c50c312da2acc59dfe64de95a519f87f123
26 lines
1.4 KiB
YAML
26 lines
1.4 KiB
YAML
---
|
|
upgrade:
|
|
- |
|
|
The ``nova-consoleauth`` service has been deprecated and new consoles will
|
|
have their token authorizations stored in cell databases, in addition to
|
|
the ``nova-consoleauth`` service backend, in Rocky. With this, console
|
|
proxies are required to be deployed per cell. All existing consoles will be
|
|
reset. For most operators, this should be a minimal disruption as the
|
|
default TTL of a console token is 10 minutes.
|
|
|
|
Operators that have configured a much longer token TTL or otherwise wish to
|
|
avoid immediately resetting all existing consoles can use the new
|
|
configuration option ``[workarounds]/enable_consoleauth`` to fall back on
|
|
the ``nova-consoleauth`` service for locating existing console
|
|
authorizations. The option defaults to False. Once all of the existing
|
|
consoles have naturally expired, operators may unset the configuration
|
|
option. For example, if a deployment has configured a token TTL of one
|
|
hour, the operator may disable the ``[workarounds]/enable_consoleauth``
|
|
option, one hour after deploying the new code.
|
|
|
|
.. note:: Cells v1 was not converted to use the database backend for
|
|
console token authorizations. Cells v1 console token authorizations will
|
|
continue to be supported by the ``nova-consoleauth`` service and use of
|
|
the ``[workarounds]/enable_consoleauth`` option does not apply to
|
|
Cells v1 users.
|