We are psyched to announce the release of:
puppet-keystone 10.0.0: Puppet module for OpenStack Keystone
This release is part of the ocata release series.
Download the package from:
https://tarballs.openstack.org/puppet-keystone/
For more details, please see below.
10.0.0
^^^^^^
New Features
************
* keystone-manage can be used to setup Keystone Fernet Keys.
Disabled by default as long as the proper version of keystone is not
in UCA. Upstream Keystone is moving to Fernet token support as the
default provider. With recent issues witj PKI, Fernet is the only
viable token format for multisite. Note, if fernet_keys parameter is
set to a valid hash, keystone-manage won't be used to generate
credential keys but Puppet will manage file resources for each key
in the hash. It allows ensures that a the keys are synchronized in
a multinode environment.
Known Issues
************
* Python memcache package install when memcache servers are
specified. This solves the issue where a dependency on the package
was missed for components using memcache.
Deprecation Notes
*****************
* user_allow_* options for ldap are deprecated in Keystone. Setting
these will now have no effect and these will be removed as
parameters in a future release.
* keystone::rabbit_host, keystone::rabbit_hosts,
keystone::rabbit_password, keystone::rabbit_port,
keystone::rabbit_userid and keystone::rabbit_virtual_host are
deprecated. keystone::default_transport_url should be used instead.
Security Issues
***************
* Make the fernet key directory, fernet keys, credential folder, and
credentials have mode 0600. This ensures that only the keystone user
can read the keys.
Bug Fixes
*********
* Fixed documentation for log_dir parameter
Other Notes
***********
* Parameters that control the number of spawned child processes for
distributing processing have had their default value changed from
::processorcount to ::os_workers.
* The verbose option was marked to be removed in Ocata, in Newton
the option was deprecated.
Changes in puppet-keystone 9.4.0..10.0.0
----------------------------------------
d131cdc Prepare 10.0.0 release
0f8ef09 Deprecate rabbitmq connection parameters
92696d8 Fix puppet version for requirements in metadata
dfd9690 Revert "Make fernet the default token provider"
ef836e2 Make fernet the default token provider
4b7c000 Fix the test file name of init.pp
eb8acb8 Remove verbose
5ceee03 set 0600 permissions on fernet keys & folder
60a1147 Fix documentation for log_dir parameter
ed61f3f Change worker defaults to ::os_workers
714d8ef Enable release notes translation
eb7a9fa user_allow_* options for ldap are deprecated
348a7bf Fix boolean typo in documentation
c97d3a4 Changed the home-page to point Openstack Puppet Homepage
78ab9aa Move rspec-puppet-facts to spec helper
057b176 Install python memcache package
28c0429 Added retries for db_sync
cf5a131 Allow the management of the Fernet Keys
2704d1f Update reno for stable/newton
d5a1b27 Resolve OpenID Connect Integration issues
Diffstat (except docs and test files)
-------------------------------------
README.md | 4 +-
manifests/db/sync.pp | 2 +
manifests/federation/openidc.pp | 6 +
.../federation/openidc_httpd_configuration.pp | 1 -
manifests/init.pp | 141 ++-
manifests/ldap.pp | 39 +-
manifests/logging.pp | 15 +-
manifests/resource/authtoken.pp | 12 +
manifests/wsgi/apache.pp | 4 +-
metadata.json | 10 +-
...uthtoken_memcache_package-3b459c97a205cdf1.yaml | 3 +
...te-user_allow_ldap-params-0b8b6d2a53d7d818.yaml | 5 +
...fix_log_dir_documentation-0ecb8eb4c98c5cbf.yaml | 3 +
.../keystone-fernet-setup-227ef6d380519cce.yaml | 12 +
..._workers_for_worker_count-50c1f496bf4dc954.yaml | 5 +
...issions_on_keys_and_creds-9c0b9f56dfc1fd63.yaml | 5 +
...ection-params-deprecation-c6e990b4f788505d.yaml | 6 +
.../notes/remove_verbose-6cbdd66294362090.yaml | 4 +
releasenotes/source/conf.py | 7 +-
releasenotes/source/index.rst | 3 +-
releasenotes/source/newton.rst | 6 +
setup.cfg | 2 +-
spec/classes/keystone_db_postgresql_spec.rb | 2 +-
spec/classes/keystone_init_spec.rb | 1228 ++++++++++++++++++++
spec/classes/keystone_ldap_spec.rb | 6 -
spec/classes/keystone_roles_admin_spec.rb | 2 +-
spec/classes/keystone_spec.rb | 1190 -------------------
spec/classes/keystone_wsgi_apache_spec.rb | 2 +-
spec/defines/keystone_resource_authtoken_spec.rb | 5 +
spec/spec_helper.rb | 10 +-
templates/openidc.conf.erb | 15 +-
31 files changed, 1445 insertions(+), 1310 deletions(-)
_______________________________________________
OpenStack-announce mailing list
OpenStack-announce@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-announce
puppet-keystone 10.0.0: Puppet module for OpenStack Keystone
This release is part of the ocata release series.
Download the package from:
https://tarballs.openstack.org/puppet-keystone/
For more details, please see below.
10.0.0
^^^^^^
New Features
************
* keystone-manage can be used to setup Keystone Fernet Keys.
Disabled by default as long as the proper version of keystone is not
in UCA. Upstream Keystone is moving to Fernet token support as the
default provider. With recent issues witj PKI, Fernet is the only
viable token format for multisite. Note, if fernet_keys parameter is
set to a valid hash, keystone-manage won't be used to generate
credential keys but Puppet will manage file resources for each key
in the hash. It allows ensures that a the keys are synchronized in
a multinode environment.
Known Issues
************
* Python memcache package install when memcache servers are
specified. This solves the issue where a dependency on the package
was missed for components using memcache.
Deprecation Notes
*****************
* user_allow_* options for ldap are deprecated in Keystone. Setting
these will now have no effect and these will be removed as
parameters in a future release.
* keystone::rabbit_host, keystone::rabbit_hosts,
keystone::rabbit_password, keystone::rabbit_port,
keystone::rabbit_userid and keystone::rabbit_virtual_host are
deprecated. keystone::default_transport_url should be used instead.
Security Issues
***************
* Make the fernet key directory, fernet keys, credential folder, and
credentials have mode 0600. This ensures that only the keystone user
can read the keys.
Bug Fixes
*********
* Fixed documentation for log_dir parameter
Other Notes
***********
* Parameters that control the number of spawned child processes for
distributing processing have had their default value changed from
::processorcount to ::os_workers.
* The verbose option was marked to be removed in Ocata, in Newton
the option was deprecated.
Changes in puppet-keystone 9.4.0..10.0.0
----------------------------------------
d131cdc Prepare 10.0.0 release
0f8ef09 Deprecate rabbitmq connection parameters
92696d8 Fix puppet version for requirements in metadata
dfd9690 Revert "Make fernet the default token provider"
ef836e2 Make fernet the default token provider
4b7c000 Fix the test file name of init.pp
eb8acb8 Remove verbose
5ceee03 set 0600 permissions on fernet keys & folder
60a1147 Fix documentation for log_dir parameter
ed61f3f Change worker defaults to ::os_workers
714d8ef Enable release notes translation
eb7a9fa user_allow_* options for ldap are deprecated
348a7bf Fix boolean typo in documentation
c97d3a4 Changed the home-page to point Openstack Puppet Homepage
78ab9aa Move rspec-puppet-facts to spec helper
057b176 Install python memcache package
28c0429 Added retries for db_sync
cf5a131 Allow the management of the Fernet Keys
2704d1f Update reno for stable/newton
d5a1b27 Resolve OpenID Connect Integration issues
Diffstat (except docs and test files)
-------------------------------------
README.md | 4 +-
manifests/db/sync.pp | 2 +
manifests/federation/openidc.pp | 6 +
.../federation/openidc_httpd_configuration.pp | 1 -
manifests/init.pp | 141 ++-
manifests/ldap.pp | 39 +-
manifests/logging.pp | 15 +-
manifests/resource/authtoken.pp | 12 +
manifests/wsgi/apache.pp | 4 +-
metadata.json | 10 +-
...uthtoken_memcache_package-3b459c97a205cdf1.yaml | 3 +
...te-user_allow_ldap-params-0b8b6d2a53d7d818.yaml | 5 +
...fix_log_dir_documentation-0ecb8eb4c98c5cbf.yaml | 3 +
.../keystone-fernet-setup-227ef6d380519cce.yaml | 12 +
..._workers_for_worker_count-50c1f496bf4dc954.yaml | 5 +
...issions_on_keys_and_creds-9c0b9f56dfc1fd63.yaml | 5 +
...ection-params-deprecation-c6e990b4f788505d.yaml | 6 +
.../notes/remove_verbose-6cbdd66294362090.yaml | 4 +
releasenotes/source/conf.py | 7 +-
releasenotes/source/index.rst | 3 +-
releasenotes/source/newton.rst | 6 +
setup.cfg | 2 +-
spec/classes/keystone_db_postgresql_spec.rb | 2 +-
spec/classes/keystone_init_spec.rb | 1228 ++++++++++++++++++++
spec/classes/keystone_ldap_spec.rb | 6 -
spec/classes/keystone_roles_admin_spec.rb | 2 +-
spec/classes/keystone_spec.rb | 1190 -------------------
spec/classes/keystone_wsgi_apache_spec.rb | 2 +-
spec/defines/keystone_resource_authtoken_spec.rb | 5 +
spec/spec_helper.rb | 10 +-
templates/openidc.conf.erb | 15 +-
31 files changed, 1445 insertions(+), 1310 deletions(-)
_______________________________________________
OpenStack-announce mailing list
OpenStack-announce@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-announce