Correct the release notes related to nova-consoleauth

The release notes said it was okay not to run the nova-consoleauth service in Rocky, but that's not true because the Rocky code is storing new console authorization tokens in both the database backend and the existing nova-consoleauth backend. The use of nova-consoleauth will be discontinued in Stein (for non-cells v1). We can't remove nova-consoleauth until we remove cells v1. Closes-Bug: #1788470 Change-Id: Ibbdc7c50c312da2acc59dfe64de95a519f87f123 (cherry picked from commit 4f01f4ff88)
2018-08-23 04:53:18 +00:00 · 2018-08-23 04:53:18 +00:00 · 212a2c5fee
parent 7ffc1e7d77
commit 212a2c5fee
3 changed files with 31 additions and 20 deletions
--- a/nova/conf/workarounds.py
+++ b/nova/conf/workarounds.py
@ -166,11 +166,15 @@ Operators that have much longer token TTL configured or otherwise wish to avoid
 immediately resetting all existing consoles can enable this flag to continue
 using the ``nova-consoleauth`` service in addition to the database backend.
 Once all of the old ``nova-consoleauth`` supported console tokens have expired,
-this flag should be disabled and it will be no longer necessary to run the
-``nova-consoleauth`` service. For example, if a deployment has configured a
-token TTL of one hour, the operator may disable the flag and stop running the
-``nova-consoleauth`` service one hour after deploying the new code during an
-upgrade.
+this flag should be disabled. For example, if a deployment has configured a
+token TTL of one hour, the operator may disable the flag, one hour after
+deploying the new code during an upgrade.
+
+.. note:: Cells v1 was not converted to use the database backend for
+  console token authorizations. Cells v1 console token authorizations will
+  continue to be supported by the ``nova-consoleauth`` service and use of
+  the ``[workarounds]/enable_consoleauth`` option does not apply to
+  Cells v1 users.

 Related options:

--- a/releasenotes/notes/deprecate-nova-consoleauth-ed6ccbc324a0fb10.yaml
+++ b/releasenotes/notes/deprecate-nova-consoleauth-ed6ccbc324a0fb10.yaml
@ -1,6 +1,12 @@
 ---
 deprecations:
  - |
-    The ``nova-consoleauth`` service is deprecated as console token
-    authorization storage has moved from the ``nova-consoleauth`` service
-    backend to the database backend.
+    The ``nova-consoleauth`` service has been deprecated. Console token
+    authorization storage is moving from the ``nova-consoleauth`` service
+    backend to the database backend, with storage happening in both, in Rocky.
+    In Stein, only the database backend will be used for console token
+    authorization storage.
+
+    .. note:: Cells v1 was not converted to use the database backend for
+      console token authorizations. Cells v1 console token authorizations will
+      continue to be supported by the ``nova-consoleauth`` service.
--- a/releasenotes/notes/workarounds-enable-consoleauth-71d68c3879dc2c8a.yaml
+++ b/releasenotes/notes/workarounds-enable-consoleauth-71d68c3879dc2c8a.yaml
@ -2,11 +2,11 @@
 upgrade:
  - |
    The ``nova-consoleauth`` service has been deprecated and new consoles will
-    have their token authorizations stored in cell databases instead of in the
-    ``nova-consoleauth`` service backend. With this, console proxies are
-    required to be deployed per cell. All existing consoles will be reset. For
-    most operators, this should be a minimal disruption as the default TTL of a
-    console token is 10 minutes.
+    have their token authorizations stored in cell databases, in addition to
+    the ``nova-consoleauth`` service backend, in Rocky. With this, console
+    proxies are required to be deployed per cell. All existing consoles will be
+    reset. For most operators, this should be a minimal disruption as the
+    default TTL of a console token is 10 minutes.

    Operators that have configured a much longer token TTL or otherwise wish to
    avoid immediately resetting all existing consoles can use the new
@ -14,11 +14,12 @@ upgrade:
    the ``nova-consoleauth`` service for locating existing console
    authorizations. The option defaults to False. Once all of the existing
    consoles have naturally expired, operators may unset the configuration
-    option and discontinue running the consoleauth service. For example, if
-    a deployment has configured a token TTL of one hour, the operator may
-    disable the ``[workarounds]/enable_consoleauth`` option and stop running
-    the ``nova-consoleauth`` service one hour after deploying the new code.
+    option. For example, if a deployment has configured a token TTL of one
+    hour, the operator may disable the ``[workarounds]/enable_consoleauth``
+    option, one hour after deploying the new code.

-    Operators who do not need to use the ``[workarounds]/enable_consoleauth``
-    configuration option may discontinue running the consoleauth service
-    immediately.
+    .. note:: Cells v1 was not converted to use the database backend for
+      console token authorizations. Cells v1 console token authorizations will
+      continue to be supported by the ``nova-consoleauth`` service and use of
+      the ``[workarounds]/enable_consoleauth`` option does not apply to
+      Cells v1 users.