docs: Add notable changes in upgrade notes for Antelope

stackhpc · Nov 9, 2023 · d4cbea6 · d4cbea6
1 parent 205d8da
commit d4cbea6
Showing 1 changed file with 46 additions and 0 deletions.
diff --git a/doc/source/operations/upgrading.rst b/doc/source/operations/upgrading.rst
@@ -38,9 +38,55 @@ the release notes for each project. Here are some notable ones.
 Systemd container management
 ----------------------------
 
+Containers deployed by Kolla Ansible are now managed by Systemd. Containers log
+to journald and have a unit file in ``/etc/systemd/system`` named
+``kolla-<container name>-container.service``. Manual control of containers
+should be performed using ``systemd start|stop|restart`` etc. rather than using
+the Docker CLI.
+
 Secure RBAC
 -----------
 
+Secure Role Based Access Control (RBAC) is an ongoing effort in OpenStack, and
+new policies have been evolving alongside the deprecated legacy policies.
+Several projects have changed the default value of the ``[oslo_policy]
+enforce_new_defaults`` configuration option to ``True``, meaning that the
+deprecated legacy policies are no longer applied. This results in more strict
+policies that may affect existing API users. The following projects have made
+this change:
+
+* Glance
+* Nova
+
+Some things to watch out for:
+
+* Policies may require the ``member`` role rather than the deprecated
+  ``_member_`` and ``Member`` roles.
+* Application credentials may need to be regenerated to grant any new roles.
+  This may include the implicit ``reader`` role.
+
+OVN enabled by default
+----------------------
+
+OVN is now enabled by default in StackHPC Kayobe Configuration. Additionally,
+OVN distributed floating IPs are enabled by default. This change was made to
+align with our standard deployment configuration.
+
+If you are using a Neutron plugin other than ML2/OVN, set ``kolla_enable_ovn``
+to ``false`` in ``etc/kayobe/kolla.yml``.
+
+Known issues
+============
+
+* Rebuilds of servers with volumes are broken if there are any Nova compute
+  services running an older release, including any that are down. Old compute
+  services should be removed using ``openstack compute service delete``, then
+  remaining compute services restarted. See `LP#2040264
+  <https://bugs.launchpad.net/nova/+bug/2040264>`__.
+
+* The OVN sync repair tool removes metadata ports, breaking OVN load balancers.
+  See `LP#2038091 <https://bugs.launchpad.net/neutron/+bug/2038091>`__.
+
 Security baseline
 =================