Current Series Release Notes

21.0.0.0rc1-214

New Features

  • Added support for RabbitMQ management interface SSL configuration.

  • Add support for libvirt vTPM (swtpm) configuration. LP#2106219

  • Ironic DHCP can now be configured to supply DNS servers via ironic_dnsmasq_dhcp_ranges. This enables the inspection ramdisk (IPA) to reach FQDN API endpoints.

Upgrade Notes

  • Minimum supported Ansible version is now 12 (ansible-core 2.19) and maximum supported is 13 (ansible-core 2.20).

  • lightbits_JWT variable has been renamed to lightbits_jwt

  • The global variable distro_python_version has been removed

  • designate-api is now running under uWSGI and now supports backend TLS.

  • glance-api is now running under uWSGI and supports backend TLS without the additional haproxy container. The glance-tls-proxy container will be removed during the upgrade process.

  • magnum-api is now running under uWSGI and now supports backend TLS.

Bug Fixes

  • Fixes an issue where OpenSearch log retention check would fail due to plugins not being fully loaded, resulting in a timeout error. This was caused by the task that checks for the existence of a log. Added a check before plugin tasks to ensure plugins are fully loaded.

  • Make generation of prometheus.yml consistent when using custom override files.

    Previous behaviour would lead to changes in prometheus.yml on every run when custom override files were used, as the find result was not sorted. This could lead to unnecessary restarts and unreadable diffs of the prometheus service. LP#2126635

  • Fixed an issue where redundant HAProxy backend configuration was generated for the memcached service. The memcached backend entries are no longer created since no OpenStack service uses HAProxy to reach memcached. LP#2130641

  • Fixes issue where ProxySQL certificates were copied over even with kolla_externally_managed_cert set to True. LP#2073159

  • Adds logrotate configuration for OpenSearch Dashboards. Previously, logs located in /var/log/kolla/opensearch-dashboards/ were not included in the rotation schedule, which could lead to excessive disk space consumption. LP#2137716

  • Fixed an issue where Valkey logs were not being correctly parsed by Fluentd. The timestamp format in the Fluentd configuration has been updated to match the format used by Valkey, ensuring logs are properly collected and indexed in the logging backend. LP#2138451

  • Fixed a critical issue in kolla-mergepwd where the migration from Redis to Valkey resulted in authentication failures. The tool now automatically inherits the existing redis_master_password into the new valkey_master_password field during upgrades. This prevents serious cluster damage in deployments using custom Keystone caching solutions and ensures Octavia remains stable throughout the upgrade process, avoiding global HTTP 401 Unauthorized errors caused by password mismatches. LP#2138461

  • Fixes a placement problem for cyborg api and conductor services, that would be also be scheduled on compute nodes, rather than being exclusively on control plane. LP#2087552

  • Fix generating passwords longer than 72 characters. This fixes prometheus configuration. LP#2126975