We have droped the system scope from Nova policy
and keeping the legacy admin behaviour same. This
commit adds the releasenotes and update the policy
configuration documentation accordingly.
Also, remove the upgrade check for policy which was
added for the system scope configuration protection.
Change-Id: I127cc4da689a82dbde07059de90c451eb09ea4cf
This command was helpful to assist users FFUing past the Pike release,
however, it's no longer helpful and should be removed now. Do just that.
Change-Id: Ib42f65dbcf61ead571e9107e7ffbba2b29f48d64
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
Report a warning during upgrade checks if there are computes older than
the previous major nova release in the system.
So if code is upgraded to Wallaby and the upgrade check was run before
the restart of the services with W code then the check warns for Ussuri
computes in the system.
Change-Id: I873b0c1e6e695ae88241bbf75ac9f80ecc6f5664
Default value of 'CONF.oslo_policy.policy_file' config option
has been changed from 'policy.json' to 'policy.yaml'. If new default
file 'policy.yaml' does not exist but old default 'policy.json' exist
then fallback to use old default file.
An upgrade checks is added to check the policy_file format and
fail upgrade checks if it is JSON formatted.
Added a warning in policy doc about JSON formatted file is deprecated,
also removed all the reference to policy.json file in doc as well as
in tests.
Related Blueprint: policy-json-to-yaml
Closes-Bug: #1875418
Change-Id: Ic4d3b998bb9701cb1e3ef12d9bb6f4d91cc19c18
There are cases where policy file is re-generated freshly
and end up having the new defaults only but expectation is that
old deprecated rule keep working.
If a rule is present in policy file then, that has priority over
its defaults so either rules should not be present in policy file
or users need to update their token to match the overridden rule
permission.
This issue was always present when any policy defaults were changed
with old defaults being supported as deprecated. This is we have
changed all the policy for new defaults so it came up as broken case.
Adding nova-status upgrade check also to detect such policy file.
Related-Bug: #1875418
Change-Id: Id9cd65877e53577bff22e408ca07bbeec4407f6e
The "Request Spec Migration" upgrade status check was added
in Rocky [1] and the related online data migration was removed
in Stein [2]. Now that we're in Train we should be able to
remove the upgrade status check.
The verify install docs are updated to remove the now-removed
check along with "Console Auths" which were removed in Train [3].
[1] I1fb63765f0b0e8f35d6a66dccf9d12cc20e9c661
[2] Ib0de49b3c0d6b3d807c4eb321976848773c1a9e8
[3] I5c7e54259857d9959f5a2dfb99102602a0cf9bb7
Change-Id: I6dfa0b226ab0b99864fc27209ebb7b73e3f73512
In a fairly hack and slash fashion, remove the installation of placement
from the nova install docs. Placement will have its own installation
docs.
Configuring access to placement from the controller and compute nodes is
still described.
The depends-on is to the patch that provides placement install docs.
The output of 'nova-status upgrade check' is updated to reflect the
current state of the output of that command; this means it now
includes a fair bit more than checking cells v2 and the existence
of the placement API.
Depends-On: https://review.openstack.org/#/c/628220/
Change-Id: I9e082a9c6d4b6369f1ec6c17bbd3ccc417a5e97b
after the changed[1], the nubmers of service components on
controller node should be two rather than three.
[1]: https://review.openstack.org/#/c/604277/
Change-Id: Iada43eb7f36f946d1713b20a50ebdeb8c69d0545
Closes-Bug: #1801444
Because nova-consoleauth had deprecated since version 18.0.0,
it is better not to give reference of this service in verify operation
documentation file.
Change-Id: I0c3b9cfe96bcc3d7b6106c3e972ee9e2f79e419b
This adds some background, guidelines and structural
notes on writing nova-status upgrade checks.
This is intentionally written with some potentially
redundant information or nova developers as it's
also meant to be consumed outside nova as part of the
community-wide "upgrade-checkers" goal for Stein [1].
Story: 2003570
[1] https://governance.openstack.org/tc/goals/stein/upgrade-checkers.html
Change-Id: I340b25edeab3ac19c5d0bedfc69acd037d57bdd2
1. Beginning with the Queens release, the keystone install guide
recommends running all interfaces on the same port. This patch
updates the install guide to reflect that change.
2. update the deprecated neutron auth options
Change-Id: I5c0a6389b759153bae06fa43846f03ac083c3db4
Import all docs from openstack-manuals.
Part of bp: doc-migration
Change-Id: If1fa15f5495a8a207042e7a43d34d32671c59ee1
Co-Authored-By: Stephen Finucane <sfinucan@redhat.com>
ghanshyam mann