開発中バージョンのリリースノート¶
26.0.0.0rc1-74¶
新機能¶
Updated RBAC rules so that they allow the
servicerole to pass the following policies by default:get_subnetget_network_ip_availabilitycreate_port:allowed_address_pairscreate_port:allowed_address_pairs:mac_addresscreate_port:allowed_address_pairs:ip_addressupdate_port:allowed_address_pairsupdate_port:allowed_address_pairs:mac_addressupdate_port:allowed_address_pairs:ip_address
This allows for integration with the Octavia project using the
servicerole instead of theadminrole for integration with Neutron.
Added
servicerole to thecreate_port:device_idandupdate_port:device_idpolicies to allow service users for other OpenStack projects to complete Secure RBAC.
既知の問題¶
The ML2/OVN Placement initial configuration is executed now in the Neutron API process and removed from the maintenance worker; since the migration to WSGI, now the API and the maintenance worker are different processes. When an OVN
Chassiscreation event is received, the configuration is read, aPlacementStateobject created and sent to the Placement API.
アップグレード時の注意¶
Default RBAC policies for
get_subnet,get_network_ip_availability,create_port:allowed_address_pairs,create_port:allowed_address_pairs:mac_address,create_port:allowed_address_pairs:ip_address,update_port:allowed_address_pairs,update_port:allowed_address_pairs:mac_addressandupdate_port:allowed_address_pairs:ip_addresshave been updated to allow theservicerole.
バグ修正¶
The OVN QoS floating IP rule has precedence over the OVN QoS router rule. If both are present in the same router and port (the one assigned to the floating IP), the floating IP rule will now apply. For more information, see bug 2110018.
その他の注意点¶
The ML2/OVN Placement extension now removes any existing resource provider deleted from the updated local node configuration. If the resource provider has allocations, Placement will return an exception and it will not be deleted.
