@@ -35,41 +35,39 @@ Notable changes in the |current_release| Release
3535There are many changes in the OpenStack |current_release | release described in
3636the release notes for each project. Here are some notable ones.
3737
38- Rocky Linux 9
39- -------------
40-
41- The Zed release first introduced support for Rocky Linux 9 as a host operating
42- system, and Rocky Linux 9 support was subsequently added to Yoga. CentOS
43- Stream 8 users upgrading from Yoga should first migrate to Rocky Linux 9 before
44- upgrading to Zed.
45-
46- Ubuntu Jammy 22.04
47- ------------------
48-
49- The Zed release first introduced support for Ubuntu Jammy 22.04 as a host
50- operating system, and Jammy support was subsequently added to Yoga. Ubuntu
51- Focal 20.04 users upgrading from Yoga should first migrate to Jammy before
52- upgrading to Zed.
53-
54- OpenSearch
55- ----------
56-
57- The Zed release no longer supports Elasticsearch or Kibana, with these having
58- been replaced by OpenSearch and OpenSearch Dashboard. The Yoga release provides
59- the opportunity to migrate to OpenSearch.
60-
61- Kolla images
62- ------------
63-
64- Kolla no longer supports "binary" (RPM/Deb) type images, only "source". As
65- such, there is no longer a ``kolla_install_type `` option, and the naming scheme
66- for images has changed from::
67-
68- ark.stackhpc.com/stackhpc/centos-source-etcd:yoga-20230515T145140
69-
70- to::
38+ Systemd container management
39+ ----------------------------
7140
72- ark.stackhpc.com/stackhpc/etcd:zed-rocky-9-20230821T155947
41+ Containers deployed by Kolla Ansible are now managed by Systemd. Containers log
42+ to journald and have a unit file in ``/etc/systemd/system `` named
43+ ``kolla-<container name>-container.service ``. Manual control of containers
44+ should be performed using ``systemd start|stop|restart `` etc. rather than using
45+ the Docker CLI.
46+
47+ Secure RBAC
48+ -----------
49+
50+ Secure Role Based Access Control (RBAC) is an ongoing effort in OpenStack, and
51+ new policies have been evolving alongside the deprecated legacy policies.
52+ Several projects have changed the default value of the ``[oslo_policy]
53+ enforce_new_defaults `` configuration option to ``True ``, meaning that the
54+ deprecated legacy policies are no longer applied. This results in more strict
55+ policies that may affect existing API users. The following projects have made
56+ this change:
57+
58+ * Glance
59+ * Nova
60+
61+ Some things to watch out for:
62+
63+ * Policies may require the ``member `` role rather than the deprecated
64+ ``_member_ `` and ``Member `` roles.
65+ * Application credentials may need to be regenerated to grant any roles
66+ required by the secure RBAC policies.
67+ * Application credentials generated before the existence of any implicit roles
68+ will not be granted those roles. This may include the ``reader `` role, which
69+ is referenced in some of the new secure RBAC policies. See `Keystone bug
70+ 2030061 <https://bugs.launchpad.net/keystone/+bug/2030061> `_.
7371
7472OVN enabled by default
7573----------------------
0 commit comments