Merge pull request #877 from stackhpc/update-upgrade-docs

Add new known issues and workarounds/fixes

Author: MoteHue

doc/source/operations/upgrading.rst

@@ -68,6 +68,14 @@ Some things to watch out for:
   will not be granted those roles. This may include the ``reader`` role, which
   is referenced in some of the new secure RBAC policies.  See `Keystone bug
   2030061 <https://bugs.launchpad.net/keystone/+bug/2030061>`_.
+* If you have overwritten ``[auth] tempest_roles`` in your Tempest config, such
+  as to add the ``creator`` role for Barbican, you will need to also add the
+  ``member role``. eg:
+
+  .. code-block:: ini
+
+     [auth]
+     tempest_roles = creator,member
 
 OVN enabled by default
 ----------------------
@@ -107,6 +115,29 @@ Known issues
 * The OVN sync repair tool removes metadata ports, breaking OVN load balancers.
   See `LP#2038091 <https://bugs.launchpad.net/neutron/+bug/2038091>`__.
 
+* When you try to generate config before the 2023.1 upgrade (i.e. using 2023.1
+  Kolla-Ansible but still running Zed kolla-toolbox), it will fail on Octavia.
+  This patch is needed to fix this:
+  https://review.opendev.org/c/openstack/kolla-ansible/+/905500
+
+* If you run ``kayobe overcloud service upgrade`` twice, it will cause shard
+  allocation to be disabled in OpenSearch. See `LP#2049512
+  <https://bugs.launchpad.net/kolla-ansible/+bug/2049512>`__ for details.
+
+  You can check if this is affecting your system with the following command. If
+  ``transient.cluster.routing.allocation.enable=none`` is present, shard
+  allocation is disabled.
+
+  .. code-block:: console
+
+     curl http://<controller-ip>:9200/_cluster/settings
+
+  For now, the easiest way to fix this is to turn allocation back on:
+
+  .. code-block:: console
+
+     curl -X PUT http://<controller-ip>:9200/_cluster/settings -H 'Content-Type:application/json' -d '{"transient":{"cluster":{"routing":{"allocation":{"enable":"all"}}}}}'
+
 Security baseline
 =================