Add new known issues and workarounds/fixes

MoteHue · MoteHue · commit 5759211e3035 · 2024-01-16T14:47:44.000Z
diff --git a/doc/source/operations/upgrading.rst b/doc/source/operations/upgrading.rst
@@ -68,6 +68,14 @@ Some things to watch out for:
   will not be granted those roles. This may include the ``reader`` role, which
   is referenced in some of the new secure RBAC policies.  See `Keystone bug
   2030061 <https://bugs.launchpad.net/keystone/+bug/2030061>`_.
+* If you have overwritten ``[auth] tempest_roles`` in your Tempest config, such
+  as to add the ``creator`` role for Barbican, you will need to also add the
+  ``member role``. eg:
+
+  .. code-block:: console
+
+     [auth]
+     tempest_roles = creator,member
 
 OVN enabled by default
 ----------------------
@@ -107,6 +115,20 @@ Known issues
 * The OVN sync repair tool removes metadata ports, breaking OVN load balancers.
   See `LP#2038091 <https://bugs.launchpad.net/neutron/+bug/2038091>`__.
 
+* When you try to generate config before the 2023.1 upgrade (i.e. using 2023.1
+  Kolla-Ansible but still running Zed kolla-toolbox), it will fail on Octavia.
+  This patch is needed to fix this:
+  https://review.opendev.org/c/openstack/kolla-ansible/+/905500
+
+* If you run ``kayobe overcloud service upgrade`` twice, it will cause shard
+  allocation to be disabled in OpenSearch. See `LP#2049512
+  <https://bugs.launchpad.net/kolla-ansible/+bug/2049512>`__ for details. For
+  now, the easiest way to fix this is to turn allocation back on:
+
+   .. code-block:: console
+
+      curl -X PUT http://<controller-ip>:9200/_cluster/settings -H 'Content-Type:application/json' -d '{"transient":{"cluster":{"routing":{"allocation":{"enable":"all"}}}}}'
+
 Security baseline
 =================
 
