@@ -35,41 +35,35 @@ Notable changes in the |current_release| Release
3535There are many changes in the OpenStack |current_release | release described in
3636the release notes for each project. Here are some notable ones.
3737
38- Rocky Linux 9
39- -------------
40-
41- The Zed release first introduced support for Rocky Linux 9 as a host operating
42- system, and Rocky Linux 9 support was subsequently added to Yoga. CentOS
43- Stream 8 users upgrading from Yoga should first migrate to Rocky Linux 9 before
44- upgrading to Zed.
45-
46- Ubuntu Jammy 22.04
47- ------------------
48-
49- The Zed release first introduced support for Ubuntu Jammy 22.04 as a host
50- operating system, and Jammy support was subsequently added to Yoga. Ubuntu
51- Focal 20.04 users upgrading from Yoga should first migrate to Jammy before
52- upgrading to Zed.
53-
54- OpenSearch
55- ----------
38+ Systemd container management
39+ ----------------------------
5640
57- The Zed release no longer supports Elasticsearch or Kibana, with these having
58- been replaced by OpenSearch and OpenSearch Dashboard. The Yoga release provides
59- the opportunity to migrate to OpenSearch.
41+ Containers deployed by Kolla Ansible are now managed by Systemd. Containers log
42+ to journald and have a unit file in ``/etc/systemd/system `` named
43+ ``kolla-<container name>-container.service ``. Manual control of containers
44+ should be performed using ``systemd start|stop|restart `` etc. rather than using
45+ the Docker CLI.
6046
61- Kolla images
62- ------------
47+ Secure RBAC
48+ -----------
6349
64- Kolla no longer supports "binary" (RPM/Deb) type images, only "source". As
65- such, there is no longer a ``kolla_install_type `` option, and the naming scheme
66- for images has changed from::
50+ Secure Role Based Access Control (RBAC) is an ongoing effort in OpenStack, and
51+ new policies have been evolving alongside the deprecated legacy policies.
52+ Several projects have changed the default value of the ``[oslo_policy]
53+ enforce_new_defaults `` configuration option to ``True ``, meaning that the
54+ deprecated legacy policies are no longer applied. This results in more strict
55+ policies that may affect existing API users. The following projects have made
56+ this change:
6757
68- ark.stackhpc.com/stackhpc/centos-source-etcd:yoga-20230515T145140
58+ * Glance
59+ * Nova
6960
70- to: :
61+ Some things to watch out for :
7162
72- ark.stackhpc.com/stackhpc/etcd:zed-rocky-9-20230821T155947
63+ * Policies may require the ``member `` role rather than the deprecated
64+ ``_member_ `` and ``Member `` roles.
65+ * Application credentials may need to be regenerated to grant any new roles.
66+ This may include the implicit ``reader `` role.
7367
7468OVN enabled by default
7569----------------------
0 commit comments