Rocky Series Release Notes¶
14.1.0-9¶
Security Issues¶
An open redirect has been fixed, that could redirect users to arbitrary addresses from certain views by specifying a “next” parameter in the URL. Now the redirect will only work if the target URL is in the same domain, and uses the same protocol.
14.1.0¶
Upgrade Notes¶
publicize_image
policy now has the same name both for image create and edit features and corresponds to the same one in Glance. If you changed the policy name manually to get feature working you have to rollback your changes before Horizon update.
Bug Fixes¶
[bug:1859041]
image:publicize_image
policy is renamed topublicize_image
to be the same as Glance has.
14.0.4¶
Bug Fixes¶
[bug:1840465] Fixed a bug where listing security groups did not work if one or more security groups had no rules in them.
14.0.2¶
Bug Fixes¶
Fixed a bug where non-admin users would be shown the “Change Password” button for users listed under the Identity panel.
[bug:1544703] Add a new optional WEBSSO_KEYSTONE_URL property to facilitate WEBSSO deployments where network segmentation is used per security requirement. In this case, the controllers are not reachable from public network. Therefore, user’s browser will not be able to access OPENSTACK_KEYSTONE_URL if it is set to the internal endpoint.
14.0.0¶
New Features¶
Added server groups and server group members quota management. Users can specify their values when creating or modifying project information, and users can also change their quota default values on the Admin-> System-> Defaults page.
[blueprint application-credentials] Adds a new panel for creating, viewing, and deleting Keystone application credentials.
DEFAULT_SERVICE_REGIONS can now take ‘*’ as a key which serves either as a fallback service region, or the default region if no other keys are set.
[blueprint ng-server-groups] This blueprint add Angular server groups panel below the Project->Compute panel group. The panel turns on if Nova API extension ‘ServerGroups’ is available. It displays information about server groups. The details page for each server group also shows information about instances of that server group. Supported actions: create, delete.
[blueprint ng-users] AngularJS-based Users panel is added. The features in the legacy panel are almost implemented. The Users panel now may be configured to use either the legacy or AngularJS-based codes. The ANGULAR_FEATURES setting now allows for a users_panel. If set to True, then the AngularJS-Based Users panel will be used, while the Django version will be used if set to False. Default value for users_panel is False, due to lack of extensional buttons, i.e. for showing password and adding project, see also [bug/1733271].
Floating IP can be released when it is disassociated from a server. “Release Floating IP” checkbox is now available in “Disassociate Floating IP” form.
[bug:1755339] (for horizon plugin developers) A new plugin option
ADD_XSTATIC_MODULES
is now available and Horizon plugins can add extra xstatic modules via the Horizon plugin “enabled” file. For more detail, seeADD_XSTATIC_MODULES
description in Pluggable Panels and Groups in Horizon documentation.
Security groups now can be specified when creating a port. When the port security is enabled, the security groups tab will be displayed in create port workflow.
“Interfaces” tab is added to the instance detail page. The new tab shows a list of ports attached to an instance. Users now have an easy way to access the list of ports of the instance and edit security groups per port. In addition, “Edit Port Security Groups” menu is added as an action of the instance table.
Support has been added to set and display DNS attributes for Floating IPs (DNS Name and DNS Domain). These attributes are only available if Neutron has the dns-integration extension enabled.
[blueprint:cinder-generic-volume-groups] Cinder generic groups is now supported. Consistency groups views will be disabled if the generic group support is available. User is able to create generic groups and snapshots now.
Note that operators need to create at least one group type so that users can use the generic group feature. Otherwise, it might be better to disable the group and group snapshot panels by the Horizon plugin
enabled
files.
[bug:1690433] “Get me a network” feature provided by Nova and Neutron is now exposed in the launch server form. This feature will sets up a Neutron network topology for a project if there is no network in the project. It simplifies the workflow when launching a server. In the Horizon support, when there is no network which can be used for a server, a dummy network named ‘auto_allocated_network’ is shown in the network choices. The feature is disabled by default because it requires preparations in your neutron deployment. To enable it, set
enable_auto_allocated_network
inOPENSTACK_NEUTRON_NETWORK
toTrue
.
[bug:1746754] (for horizon plugin developers) Django tab is now pluggable and Horizon plugins can add extra tab(s) to an existing tab provided by Horizon or other Horizon plugins. Extra tabs can be added via the Horizon plugin “enabled” file. For more detail, see
EXTRA_TABS
description in Pluggable Panels and Groups of the Horizon documentation.
Quota information panel and forms are now tabbified per back-end service.
Admin -> Defaults -> Default Quotas table
Admin -> Defaults -> Update Defaults form
Identity -> Projects -> Modify Quotas form
[blueprint:horizon-plugin-tab-for-info-and-quotas] (for horizon plugin developers) Django workflow step is now pluggable and Horizon plugins can add extra step(s) to an existing workflow provided by Horizon or other Horizon plugins. Extra steps can be added via the Horizon plugin “enabled” file. For more detail, see
EXTRA_TABS
description in Pluggable Panels and Groups of the Horizon documentation.
[bug:1742332] Description for security group rule is supported.
Added support for Swift object copy as one of row actions. Destination container must exist in advance. To avoid overwriting an existing object, you cannot copy an object if a specified destination object already exists.
Known Issues¶
[bug/1733271] Users panel has Angularised, but buttons showing passwords is not implemented, i.e. for Password, Confirm Password and Admin password. Also, button adding project for selection of Primary Project is not implemented.
Upgrade Notes¶
[bug:1772345]
DEFAULT_SERVICE_REGIONS
no longer overrides the cookie value fromservices_region
. This fixes the UX where a user controlled value keeps being overridden by a setting and changesDEFAULT_SERVICE_REGIONS
to act as a default (as the name implies) per endpoint if the cookie is not set rather than an override. The cookie will still be overridden when it is for a region not present in the user’s current catalogue, so this will still handle the original multi-keystone case that required the introduction ofDEFAULT_SERVICE_REGIONS
.
simple_ip_management
setting inHORIZON_CONFIG
was dropped. This actually has no meaning after Nova-Network support was dropped in Pike. If you use this setting to hideDisassociate Floating IP
button in the instance table, use the policy file instead.
Add
OPENSTACK_KEYSTONE_BACKEND
manually intoREST_API_REQUIRED_SETTINGS
onlocal_settings.py
, if your deployment uses Angularised identity panels and needs to enablecan_edit_*
settings inOPENSTACK_KEYSTONE_BACKEND
.
The deprecated feature of “Edit Flavour” was deleted. Historically, Horizon has provided the ability to edit Flavours by deleting and creating a new one with the same information. This is not supported in the Nova API and causes unexpected issues and breakages.
Django 2.0 support is added as experimental. Support for Django 1.10 or older releases is dropped. Django 1.11 (LTS) is still the primary supported Django version.
The following deprecated settings have been dropped.
HORIZON_IMAGES_ALLOW_UPLOAD
(deprecated in Newton): UseHORIZON_IMAGES_UPLOAD_MODE
instead.CUSTOM_THEME_PATH
andDEFAULT_THEME_PATH
(both deprecated in Mitaka): Use AVAILABLE_THEMES instead.OPENSTACK_TOKEN_HASH_ENABLED
(deprecated in Mitaka): PKI tokens currently work with hashing (before Ocata) and Keystone already dropped PKI token support in Ocata.TOKEN_DELETION_DISABLED
(deprecated in Ocata): It was not marked as deprecated in the horizon documentation, but this had no effect since Ocata release.
The “Quotas” tab in the “Create Project” form was split out into a new separate form “Modify Quotas”. Quotas for a new project need to be configured from “Modify Quotas” action after creating a new project.
Remove deprecated Cinder API V1 support. Cinder V1 API was deprecated for a while and removed in Queens release. If you need to enable Cinder support you should update the OPENSTACK_API_VERSIONS configuration option to use Cinder V2 or V3 API.
Deprecation Notes¶
[bug:1763204] Use of this ‘djano.wsgi’ file has been deprecated since the Rocky release in favour of ‘wsgi.py’ in the ‘openstack_dashboard’ module. This file is a legacy naming from before Django 1.4 and an importable ‘wsgi.py’ is now the default. This file will be removed in the T release cycle.
Bug Fixes¶
Do not redirect to the /identity tab admin users on login. Now user_home config options works in the same way for all users. [bug/1778006]
[bug:1746706] Fixed a bug the navigation menu and breadcrumb list are not reproduced properly when reloading or opening Angular-based detail page directly.
[bug:1779268] Supported
can_edit_*
settings in Angularised identity panels. To enable this settings in Angularised identity panels, addOPENSTACK_KEYSTONE_BACKEND
intoREST_API_REQUIRED_SETTINGS
onlocal_settings.py
. For more detail, see REST_API_REQUIRED_SETTINGS in horizon settings documentation.
Fix an error on image description field when it is changed in the Angularised panel [:bug: 1779879]
Other Notes¶
Deprecated function fix_auth_url_version is removed from openstack_auth library. fix_auth_url_version_prefix function should be used instead of it.
UpdateAction was deprecated in Newton and removed now. You should not use inline edit functionality in your plugins any more.