openstack/puppet-keystone
Code Issues Proposed changes
dd210ead39
puppet-keystone/releasenotes/notes/remove-port-35357-ba49d2cf102f8c38.yaml
Tobias Urdin 5fb09e66a2 Improve release note for port 35357 removal 
Add more upgrade information for the [1] change.

[1] https://review.openstack.org/#/c/619257/

Change-Id: I951e863e7e7c8f409a13398b397b82ef70d7c123
2019-01-10 17:30:44 +01:00

77 lines
4.1 KiB
YAML
Raw Blame History

---
prelude: >
This release puppet-keystone no longer deploys keystone with separated
ports (admin and public as they were called in v2.0). By default keystone
will only listen to port 5000, you need to make sure all your services are
configured to use the correct port to talk to keystone.
features:
- |
Added new parameter keystone::federation::openidc::keystone_url that can be
used to set the keystone url for federation, if not provided it will use
keystone::public_endpoint.
upgrade:
- |
Keystone is now deployed with only port 5000, you can change this with
keystone::wsgi::apache::api_port, you need to make sure all your services are
configured to talk to keystone on this port. If you want to keep backward
compatibility with port 35357 you should pass an array to api_port with
both port 35357 and 5000.
- |
Now that keystone::wsgi::apache::admin_bind_host is deprecated and has no effect
if you are deploying separated networks that was used by specifying admin_bind_host
and bind_host you must now merge the value set in admin_bind_host and set it together
with the value bind_host parameter. The default value for parameter bind_host has not
changed and is still undef which will the Keystone vhost listen to 0.0.0.0
- |
The providers has been updated to read DEFAULT/public_port which defaults
to 5000 and use that port to talk to Keystone when managing resources.
You need to make sure that keystone::public_port is set to *one* port that
Keystone is listening to that is configured with keystone::wsgi::apache::api_port
if you are deploying Keystone with Apache WSGI.
- |
If you are setting keystone::admin_bind_host and/or keystone::public_bind_host you
need to make sure they are properly set to networks which both have access to the port
specified in the new param keystone::wsgi::apache::api_port which is what Apache should
listen to and to the port configured with keystone::public_port that is used by providers.
- |
keystone::federation::mellon is now added to Keystone WSGI for port 5000 by
default and admin_port and main_port parameters does not do anything and is
deprecated.
- |
keystone::federation::shibboleth is now added to Keystone WSGI for port 5000
by default and admin_port and main_port parameters does not do anything and is
deprecated.
- |
keystone::federation::openidc is now added to Keystone WSGI for port 5000
by default and admin_port and main_port parameters does not do anything and is
deprecated.
- |
keystone::federation::openidc::keystone_url parameter has been added to give the
keystone endpoint, if it's not provided keystone::public_endpoint will be used.
We recommend that you set this since keystone::public_endpoint might be deprecated
in a future release.
deprecations:
- |
As of the removal of port 35357 the following parameters are deprecated
in the keystone::wsgi::apache class and has no effect:
- ``servername_admin`` please use ``servername``
- ``public_port`` and ``admin_port`` please use ``api_port``
- ``admin_bind_host`` please use ``bind_host``
- ``public_path`` and ``admin_path`` please use ``path``
- ``ssl_cert_admin`` and ``ssl_key_admin`` please use ``ssl_cert`` and ``ssl_key``
- ``wsgi_admin_script_source`` and ``wsgi_public_script_source`` please use ``wsgi_script_source``
- ``custom_wsgi_process_options_main`` and ``custom_wsgi_process_options_admin`` please use ``custom_wsgi_process_options``
- |
keystone::federation::mellon::admin_port and main_port is deprecated and has no effect
and will be removed in a future release.
- |
keystone::federation::shibboleth::admin_port and main_port is deprecated and has no effect
and will be removed in a future release.
- |
keystone::federation::openidc::admin_port and main_port is deprecated and has no effect
and will be removed in a future release.
- |
keystone::federation::openidc_httpd_configuration is deprecated and will be removed in
a future release.
View Git Blame Copy Permalink