openshift
diff --git a/‎ocp-product-docs-plaintext/4.15/installing/installing_openstack/installing-openstack-user.txt
Lines changed: 23 additions & 8 deletions b/‎ocp-product-docs-plaintext/4.15/installing/installing_openstack/installing-openstack-user.txt
Lines changed: 23 additions & 8 deletions
diff --git a/‎ocp-product-docs-plaintext/4.15/installing/installing_openstack/uninstalling-openstack-user.txt
Lines changed: 3 additions & 4 deletions b/‎ocp-product-docs-plaintext/4.15/installing/installing_openstack/uninstalling-openstack-user.txt
Lines changed: 3 additions & 4 deletions
diff --git a/‎ocp-product-docs-plaintext/4.15/networking/ovn_kubernetes_network_provider/migrate-from-openshift-sdn.txt
Lines changed: 12 additions & 0 deletions b/‎ocp-product-docs-plaintext/4.15/networking/ovn_kubernetes_network_provider/migrate-from-openshift-sdn.txt
Lines changed: 12 additions & 0 deletions
diff --git a/‎ocp-product-docs-plaintext/4.15/observability/distr_tracing/distr-tracing-rn.txt
Lines changed: 51 additions & 0 deletions b/‎ocp-product-docs-plaintext/4.15/observability/distr_tracing/distr-tracing-rn.txt
Lines changed: 51 additions & 0 deletions
diff --git a/‎ocp-product-docs-plaintext/4.15/observability/distr_tracing/distr-tracing-tempo-configuring.txt
Lines changed: 101 additions & 2 deletions b/‎ocp-product-docs-plaintext/4.15/observability/distr_tracing/distr-tracing-tempo-configuring.txt
Lines changed: 101 additions & 2 deletions
diff --git a/‎ocp-product-docs-plaintext/4.15/observability/distr_tracing/distr_tracing_jaeger/distr-tracing-jaeger-configuring.txt
Lines changed: 2 additions & 3 deletions b/‎ocp-product-docs-plaintext/4.15/observability/distr_tracing/distr_tracing_jaeger/distr-tracing-jaeger-configuring.txt
Lines changed: 2 additions & 3 deletions
diff --git a/‎ocp-product-docs-plaintext/4.15/observability/distr_tracing/distr_tracing_jaeger/distr-tracing-jaeger-installing.txt
Lines changed: 2 additions & 3 deletions b/‎ocp-product-docs-plaintext/4.15/observability/distr_tracing/distr_tracing_jaeger/distr-tracing-jaeger-installing.txt
Lines changed: 2 additions & 3 deletions
diff --git a/‎ocp-product-docs-plaintext/4.15/observability/distr_tracing/distr_tracing_jaeger/distr-tracing-jaeger-removing.txt
Lines changed: 2 additions & 3 deletions b/‎ocp-product-docs-plaintext/4.15/observability/distr_tracing/distr_tracing_jaeger/distr-tracing-jaeger-removing.txt
Lines changed: 2 additions & 3 deletions
diff --git a/‎ocp-product-docs-plaintext/4.15/observability/distr_tracing/distr_tracing_jaeger/distr-tracing-jaeger-updating.txt
Lines changed: 2 additions & 3 deletions b/‎ocp-product-docs-plaintext/4.15/observability/distr_tracing/distr_tracing_jaeger/distr-tracing-jaeger-updating.txt
Lines changed: 2 additions & 3 deletions
diff --git a/‎ocp-product-docs-plaintext/4.15/observability/monitoring/configuring-core-platform-monitoring/configuring-alerts-and-notifications.txt
Lines changed: 2 additions & 2 deletions b/‎ocp-product-docs-plaintext/4.15/observability/monitoring/configuring-core-platform-monitoring/configuring-alerts-and-notifications.txt
Lines changed: 2 additions & 2 deletions
@@ -96,9 +96,19 @@ The bootstrap machine requires:
 
 # Downloading playbook dependencies
 
-The Ansible playbooks that simplify the installation process on user-provisioned
-infrastructure require several Python modules. On the machine where you will run the installer,
-add the modules' repositories and then download them.
+The Ansible playbooks that simplify the installation process on user-provisioned infrastructure require several ansible collections and Python modules. On the machine where you will run the installation program, add the Red Hat OpenStack Platform (RHOSP) repositories and then install the packages.
+
+The following dependencies are required:
+
+* Python modules:
+* openstackclient
+* openstacksdk
+* netaddr
+* pip
+* Ansible collections:
+* ansible-collections-openstack, which installs Ansible Core
+* ansible-collection-community-general
+* ansible-collection-ansible-netcommon
 
 
 [NOTE]
@@ -131,16 +141,21 @@ $ sudo subscription-manager repos --disable=* # If not done already
 
 ```terminal
 $ sudo subscription-manager repos \
-  --enable=rhel-8-for-x86_64-baseos-rpms \
-  --enable=openstack-16-tools-for-rhel-8-x86_64-rpms \
-  --enable=ansible-2.9-for-rhel-8-x86_64-rpms \
-  --enable=rhel-8-for-x86_64-appstream-rpms
+  --enable=rhel-9-for-x86_64-appstream-rpms \
+  --enable=rhel-9-for-x86_64-baseos-rpms \
+  --enable=openstack-17.1-for-rhel-9-x86_64-rpms
 ```
 
 2. Install the modules:
 
 ```terminal
-$ sudo yum install python3-openstackclient ansible python3-openstacksdk python3-netaddr ansible-collections-openstack
+$ sudo dnf install ansible-collection-ansible-netcommon \
+    ansible-collection-community-general \
+    ansible-collections-openstack \
+    python3-netaddr \
+    python3-openstackclient \
+    python3-openstacksdk \
+    python3-pip
 ```
 
 3. Ensure that the python command points to python3:
 
@@ -40,10 +40,9 @@ $ sudo subscription-manager repos --disable=* # If not done already
 
 ```terminal
 $ sudo subscription-manager repos \
-  --enable=rhel-8-for-x86_64-baseos-rpms \
-  --enable=openstack-16-tools-for-rhel-8-x86_64-rpms \
-  --enable=ansible-2.9-for-rhel-8-x86_64-rpms \
-  --enable=rhel-8-for-x86_64-appstream-rpms
+  --enable=rhel-9-for-x86_64-appstream-rpms \
+  --enable=rhel-9-for-x86_64-baseos-rpms \
+  --enable=openstack-17.1-for-rhel-9-x86_64-rpms
 ```
 
 2. Install the modules:
 
@@ -313,6 +313,12 @@ $ oc get network.config cluster -o=jsonpath='{.status.conditions}' | jq .
 
 
 You can check limited live migration metrics for troubleshooting issues. For more information, see "Checking limited live migration metrics".
+3. After a successful migration operation, remove the network.openshift.io/network-type-migration- annotation from the network.config custom resource by entering the following command:
+
+```terminal
+$ oc annotate network.config cluster network.openshift.io/network-type-migration-
+```
+
 
 ### Patching OVN-Kubernetes address ranges
 
@@ -1124,6 +1130,12 @@ $ oc patch Network.operator.openshift.io cluster --type='merge' \
 $ oc delete namespace openshift-sdn
 ```
 
+4. After a successful migration operation, remove the network.openshift.io/network-type-migration- annotation from the network.config custom resource by entering the following command:
+
+```terminal
+$ oc annotate network.config cluster network.openshift.io/network-type-migration-
+```
+
 
 * Optional: After cluster migration, you can convert your IPv4 single-stack cluster to a dual-network cluster network that supports IPv4 and IPv6 address families. For more information, see "Converting to IPv4/IPv6 dual-stack networking".
 
 
@@ -21,6 +21,57 @@ You can use the Red Hat OpenShift distributed tracing platform (Tempo) in combin
 Only supported features are documented. Undocumented features are currently unsupported. If you need assistance with a feature, contact Red Hat's support.
 ----
 
+# Release notes for distributed tracing platform 3.6
+
+## Red Hat OpenShift distributed tracing platform (Tempo)
+
+The Red Hat OpenShift distributed tracing platform (Tempo) 3.6 is provided through the Tempo Operator 0.16.0.
+
+The Red Hat OpenShift distributed tracing platform (Tempo) 3.6 is based on the open source Grafana Tempo 2.7.2.
+
+
+[WARNING]
+----
+This is the first release of the Red Hat OpenShift distributed tracing platform that is shipped only with the Red Hat OpenShift distributed tracing platform (Tempo) and without the deprecated Red Hat OpenShift distributed tracing platform (Jaeger).
+If you have not migrated from the deprecated Red Hat OpenShift distributed tracing platform (Jaeger) Operator to the Tempo Operator and the Red Hat build of OpenTelemetry Operator for distributed tracing collection and storage, see "Release notes for Red Hat OpenShift distributed tracing platform 3.5".
+----
+
+### Technology Preview features
+
+This update introduces the following Technology Preview feature:
+
+* TempoStack deployment combined with the distributed tracing UI plugin of the Cluster Observability Operator (COO) supports fine-grained query role-based access control (RBAC). With the enabled RBAC, your users can see the attributes only from the namespaces to which they are given access.
+
+
+[IMPORTANT]
+----
+{FeatureName} is a Technology Preview feature only. Technology Preview features are not supported with Red Hat production service level agreements (SLAs) and might not be functionally complete. Red Hat does not recommend using them in production. These features provide early access to upcoming product features, enabling customers to test functionality and provide feedback during the development process.
+For more information about the support scope of Red Hat Technology Preview features, see Technology Preview Features Support Scope.
+----
+
+### New features and enhancements
+
+This update introduces the following enhancements:
+
+* Support for authentication using the Google Cloud Platform (GCP) Workload Identity Federation short-lived tokens. This enables secure and temporary credential access for workloads running with the GCP.
+* Support for authentication using the Azure Workload Identity Federation short-lived tokens. This allows secure and temporary access for workloads federated with the Azure Active Directory.
+* Support for the AWS Security Token Service (STS) through the CloudCredential Operator. This allows the use of dynamic and temporary AWS credentials for workloads.
+
+### Bug fixes
+
+This update introduces the following bug fixes:
+
+* Before this update, the per-tenant retention configuration was not properly configured in the TempoStack instance. With this update, the per-tenant retention is properly configured in the TempoStack deployment.
+* Before this update, the oauth-proxy container did not have any compute resources assigned to it. With this update, the container correctly sets the resources as specified in the TempoStack custom resource.
+
+### Known issues
+
+The Red Hat OpenShift distributed tracing platform (Tempo) 3.6 has the following known issue:
+
+* Currently, when the OpenShift tenancy mode is enabled, the ServiceAccount object of the gateway component of either a TempoStack or TempoMonolithic instance requires the TokenReview and SubjectAccessReview permissions for authorization.
+
+Workaround: Deploy the instance in a dedicated namespace, and carefully audit which users have the permission to read the secrets in this namespace.
+
 # Release notes for Red Hat OpenShift distributed tracing platform 3.5
 
 This release of the Red Hat OpenShift distributed tracing platform includes the Red Hat OpenShift distributed tracing platform (Tempo) and the deprecated Red Hat OpenShift distributed tracing platform (Jaeger).
 
@@ -22,7 +22,10 @@ spec: 5
   storage: {} 6
   resources: {} 7
   replicationFactor: 1 8
-  retention: {} 9
+  retention: 9
+    global:
+      traces: 48h
+    perTenant: {}
   template:
       distributor: {} 10
       ingester: {} 11
@@ -51,7 +54,7 @@ Contains all of the configuration parameters of the TempoStack instance. When a
 Storage is specified at instance deployment. See the installation page for information about storage options for the instance.
 Defines the compute resources for the Tempo container.
 Integer value for the number of ingesters that must acknowledge the data from the distributors before accepting a span.
-Configuration options for retention of traces.
+Configuration options for retention of traces. The default value is 48h.
 Configuration options for the Tempo distributor component.
 Configuration options for the Tempo ingester component.
 Configuration options for the Tempo compactor component.
@@ -367,6 +370,102 @@ Minimal configuration for the TLS at the Tempo Distributor.
 * Understanding service serving certificates
 * Service CA certificates
 
+# Configuring the query RBAC
+
+As an administrator, you can set up the query role-based access control (RBAC) to filter the span attributes for your users by the namespaces for which you granted them permissions.
+
+
+[NOTE]
+----
+When you enable the query RBAC, users can still access traces from all namespaces, and the service.name and k8s.namespace.name attributes are also visible to all users.
+----
+
+* An active OpenShift CLI (`oc`) session by a cluster administrator with the cluster-admin role.
+
+[TIP]
+----
+* Ensure that your OpenShift CLI (`oc`) version is up to date and matches your Red Hat OpenShift Container Platform version.
+* Run oc login:
+
+```terminal
+$ oc login --username=<your_username>
+```
+
+----
+
+1. Enable multitenancy and query RBAC in the TempoStack custom resource (CR), for example:
+
+```yaml
+apiVersion: tempo.grafana.com/v1alpha1
+kind: TempoStack
+metadata:
+  name: simplest
+  namespace: chainsaw-multitenancy
+spec:
+  storage:
+    secret:
+      name: minio
+      type: s3
+  storageSize: 1Gi
+  resources:
+    total:
+      limits:
+        memory: 2Gi
+        cpu: 2000m
+  tenants:
+    mode: openshift
+    authentication:
+      - tenantName: dev
+        tenantId: "1610b0c3-c509-4592-a256-a1871353dbfb"
+  template:
+    gateway:
+      enabled: true 1
+      rbac:
+        enabled: true 2
+    queryFrontend:
+      jaegerQuery:
+        enabled: false 3
+```
+
+Always set to true.
+Always set to true.
+Always set to false.
+2. Create a cluster role and cluster role binding to grant the target users the permissions to access the tenant that you specified in the TempoStack CR, for example:
+
+```yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: tempo-dev-read
+rules:
+- apiGroups: [tempo.grafana.com]
+  resources: [dev] 1
+  resourceNames: [traces]
+  verbs: [get]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: tempo-dev-read
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: tempo-dev-read
+subjects:
+  - kind: Group
+    apiGroup: rbac.authorization.k8s.io
+    name: system:authenticated 2
+```
+
+Tenant name in the TempoStack CR.
+Means all authenticated OpenShift users.
+3. Grant the target users the permissions to read attributes for the project. You can do this by running the following command:
+
+```bash
+$ oc adm policy add-role-to-user view <username> -n <project>
+```
+
+
 # Using taints and tolerations
 
 To schedule the TempoStack pods on dedicated nodes, see How to deploy the different TempoStack components on infra nodes using nodeSelector and tolerations in OpenShift 4.
 
@@ -4,9 +4,8 @@
 
 [WARNING]
 ----
-The Red Hat OpenShift distributed tracing platform (Jaeger) 3.5 is the last release of the Red Hat OpenShift distributed tracing platform (Jaeger) that Red Hat plans to support.
-In the Red Hat OpenShift distributed tracing platform 3.5, Jaeger and support for Elasticsearch remain deprecated.
-Support for the Red Hat OpenShift distributed tracing platform (Jaeger) ends on November 3, 2025.
+The deprecated Red Hat OpenShift distributed tracing platform (Jaeger) 3.5 was the last release of the Red Hat OpenShift distributed tracing platform (Jaeger) that Red Hat supports.
+Support for the deprecated Red Hat OpenShift distributed tracing platform (Jaeger) ends on November 3, 2025.
 The Red Hat OpenShift distributed tracing platform Operator (Jaeger) will be removed from the redhat-operators catalog on November 3, 2025. For more information, see the Red Hat Knowledgebase solution Jaeger Deprecation and Removal in OpenShift.
 You must migrate to the Red Hat build of OpenTelemetry Operator and the Tempo Operator for distributed tracing collection and storage. For more information, see "Migrating" in the Red Hat build of OpenTelemetry documentation, "Installing" in the Red Hat build of OpenTelemetry documentation, and "Installing" in the distributed tracing platform (Tempo) documentation.
 ----
 
@@ -4,9 +4,8 @@
 
 [WARNING]
 ----
-The Red Hat OpenShift distributed tracing platform (Jaeger) 3.5 is the last release of the Red Hat OpenShift distributed tracing platform (Jaeger) that Red Hat plans to support.
-In the Red Hat OpenShift distributed tracing platform 3.5, Jaeger and support for Elasticsearch remain deprecated.
-Support for the Red Hat OpenShift distributed tracing platform (Jaeger) ends on November 3, 2025.
+The deprecated Red Hat OpenShift distributed tracing platform (Jaeger) 3.5 was the last release of the Red Hat OpenShift distributed tracing platform (Jaeger) that Red Hat supports.
+Support for the deprecated Red Hat OpenShift distributed tracing platform (Jaeger) ends on November 3, 2025.
 The Red Hat OpenShift distributed tracing platform Operator (Jaeger) will be removed from the redhat-operators catalog on November 3, 2025. For more information, see the Red Hat Knowledgebase solution Jaeger Deprecation and Removal in OpenShift.
 You must migrate to the Red Hat build of OpenTelemetry Operator and the Tempo Operator for distributed tracing collection and storage. For more information, see "Migrating" in the Red Hat build of OpenTelemetry documentation, "Installing" in the Red Hat build of OpenTelemetry documentation, and "Installing" in the distributed tracing platform (Tempo) documentation.
 ----
 
@@ -4,9 +4,8 @@
 
 [WARNING]
 ----
-The Red Hat OpenShift distributed tracing platform (Jaeger) 3.5 is the last release of the Red Hat OpenShift distributed tracing platform (Jaeger) that Red Hat plans to support.
-In the Red Hat OpenShift distributed tracing platform 3.5, Jaeger and support for Elasticsearch remain deprecated.
-Support for the Red Hat OpenShift distributed tracing platform (Jaeger) ends on November 3, 2025.
+The deprecated Red Hat OpenShift distributed tracing platform (Jaeger) 3.5 was the last release of the Red Hat OpenShift distributed tracing platform (Jaeger) that Red Hat supports.
+Support for the deprecated Red Hat OpenShift distributed tracing platform (Jaeger) ends on November 3, 2025.
 The Red Hat OpenShift distributed tracing platform Operator (Jaeger) will be removed from the redhat-operators catalog on November 3, 2025. For more information, see the Red Hat Knowledgebase solution Jaeger Deprecation and Removal in OpenShift.
 You must migrate to the Red Hat build of OpenTelemetry Operator and the Tempo Operator for distributed tracing collection and storage. For more information, see "Migrating" in the Red Hat build of OpenTelemetry documentation, "Installing" in the Red Hat build of OpenTelemetry documentation, and "Installing" in the distributed tracing platform (Tempo) documentation.
 ----
 
@@ -4,9 +4,8 @@
 
 [WARNING]
 ----
-The Red Hat OpenShift distributed tracing platform (Jaeger) 3.5 is the last release of the Red Hat OpenShift distributed tracing platform (Jaeger) that Red Hat plans to support.
-In the Red Hat OpenShift distributed tracing platform 3.5, Jaeger and support for Elasticsearch remain deprecated.
-Support for the Red Hat OpenShift distributed tracing platform (Jaeger) ends on November 3, 2025.
+The deprecated Red Hat OpenShift distributed tracing platform (Jaeger) 3.5 was the last release of the Red Hat OpenShift distributed tracing platform (Jaeger) that Red Hat supports.
+Support for the deprecated Red Hat OpenShift distributed tracing platform (Jaeger) ends on November 3, 2025.
 The Red Hat OpenShift distributed tracing platform Operator (Jaeger) will be removed from the redhat-operators catalog on November 3, 2025. For more information, see the Red Hat Knowledgebase solution Jaeger Deprecation and Removal in OpenShift.
 You must migrate to the Red Hat build of OpenTelemetry Operator and the Tempo Operator for distributed tracing collection and storage. For more information, see "Migrating" in the Red Hat build of OpenTelemetry documentation, "Installing" in the Red Hat build of OpenTelemetry documentation, and "Installing" in the distributed tracing platform (Tempo) documentation.
 ----
 
@@ -242,8 +242,8 @@ Alertmanager does not send notifications by default. It is strongly recommended
 ----
 
 * Sending notifications to external systems
-* PagerDuty (PagerDuty official site)
-* Prometheus Integration Guide (PagerDuty official site)
+* PagerDuty website
+* Prometheus Integration Guide (PagerDuty documentation)
 * Support version matrix for monitoring components
 * Enabling alert routing for user-defined projects