Current Series Release Notes¶
17.0.0.0rc1-142¶
New Features¶
Adds a new variable
prometheus_ceph_exporter_interval
for controlling Ceph’s metrics scrape interval.
Exposes a flag,
bifrost_enable_ironic_inspector
, to enable ironic-inspector in Bifrost. This option defaults toTrue
as it can be useful for backwards compatibility. It is still possible to use native in-band inspection when Ironic Inspector is enabled by settinginspect_interface
toagent
. Please see the Ironic documentation for more details.
Implements [Configure tap-as-a-service plugin on neutron containers]. Adds the needed changes and configurations in order to use the neutron plugin, tap-as-a-service, to create por mirrors using openstack tap commands. Blueprint configure-taas-plugin
Implements [Enable Fluentd Plugin Systemd]. Adds the needed changes and configurations in order to use the fluentd plugin, systemd, to read logs from /var/log/journal by default. This allows us to read and manipulate this logs for monitoring purposes.
These logs will be sent to OpenSearch by default, to disable this behavior, set the value of the variable
enable_fluentd_systemd
tofalse
in the configuration file/etc/kolla/globals.yml
.By default, when enabling central logging, we also enable the
systemd
plugin. To disable this behavior when central logging is enabled, set the value of the variableenable_fluentd_systemd
tofalse
in the configuration file/etc/kolla/globals.yml
.fluent-plugin-systemd source: https://github.com/fluent-plugin-systemd/fluent-plugin-systemd
Adds new variables to be used by the neutron role,
neutron_dns_integration
andneutron_dns_domain
. They allow to enable/disable internal/external DNS integrations, or their combinations.
Configures the log level field for the Grafana OpenSearch datasource. This allows for logs to be coloured based on log level. To apply this you need to delete the datasource and reconfigure grafana.
Removed configuration and deployment of
prometheus-haproxy-exporter
as its repository is now archived. We now use the native support for Prometheus which is now built into HAProxy. For consistency this is exposed on theprometheus_haproxy_exporter_port
port.prometheus-haproxy-exporter
containers and config are automatically removed.
Enable elevated access for project scoped service role in Ironic. Ironic recently started to enforce new policies and scope. And Ironic is one of the sole openstack project which need system scope for some admin related api calls. However Ironic also started to allow project-scope behaviour for service role with setting
rbac_service_role_elevated_access
. This change enables this setting to get similar behaviour of service role as other openstack projects.
Add the service role to ironic service users. Ironic recently enforced new policy validation and added service role support.
Adds support for setting the max fail percentage for Ansible plays via
kolla_max_fail_percentage
. It can also be set on a per-service basis, e.g.nova_max_fail_percentage
.
Set a log retention policy for OpenSearch via Index State Management (ISM). Documentation.
Configure Skyline’s Prometheus connection to make the Monitor Center work. The latest Skyline Console has now a Monitor Center in the administrator view that displays information from Prometheus. For that to work the Prometheus connection needs to be set up in skyline.yaml.
Allow overriding of Skyline configuration files by supplying your own version of nginx.conf for Skyline Console, gunicorn.py and skyline.yaml for Skyline API Server. Place the files in the skyline subfolder of your Kolla config directory, skyline.yaml will be merged with the Kolla provided version.
Add more services now supported by Skyline to the configuration to make them accessible to Skylines’s frontend console. New services include Barbican, Designate, Masakari and Swift or Ceph RGW. Only one of Swift and CEph RGW can be used, if both are enabled, Swift is configured.
Allow to overwrite Skyline Console logos. Some of the Skyline logos can be replaced. You can now do this. See the reference documentation for details documentation.
Enables SSO in Skyline Console if Keystone federation is enabled and at least one identity provider with protocol openid is set up. Skyline Console’s redirect URI is added to Keystone’s trusted dashboards.
Upgrade Notes¶
Minimum supported Ansible version is now
8
(ansible-core 2.15) and maximum supported is9
(ansible-core 2.16).
Support for deploying
Freezer
has been dropped.
Support for deploying
Murano
has been dropped. In addition to that support for deploying outward RabbitMQ (only used for Murano) has been dropped as well.
Support for deploying
Sahara
has been dropped.
Support for deploying
Senlin
has been dropped.
Support for deploying
Solum
has been dropped.
Support for deploying
Vitrage
has been dropped.
Changes configuration variable
designate_enable_notifications_sink
tono
which configures notifications for designate in neutron, nova and control deployment ofdesignate-sink
which is now optional.Operators that want to keep the previous behavior should set this to
true
.
The
grafana
volume is no longer used. If you wish to automatically remove the old volume, setgrafana_remove_old_volume
totrue
. Note that doing this will lose any plugins installed via the cli directly and not through kolla. If you have previously installed Grafana plugins via the Grafana UI, or CLI, you must change to installing them at image build time. The grafana volume, which will contain existing custom plugins, will be automatically removed in the D release.
Due to the change from using the
prometheus-haproxy-exporter
to using the native support for Prometheus which is now built into HAProxy, metric names may have been replaced and/or removed, and in some cases the metric names may have remained the same but the labels may have changed. Alerts and dashboards may also need to be updated to use the new metrics. Please review any configuration that references the old metrics as this is not a backwards compatible change.
Horizon role was reworked to preferred local_settings.d configuration model. Files
local_settings
andcustom_local_settings
were renamed to_9998-kolla-settings.py
and_9999-custom-settings.py
Users who use horizon’s custom configuration have to change the names of those files in/etc/kolla/config/horizon
also.
Added log retention in OpenSearch, previously handled by Elasticsearch Curator. By default the soft and hard retention periods are 30 and 60 days respectively. If you are upgrading from Elasticsearch, and have previously configured
elasticsearch_curator_soft_retention_period_days
orelasticsearch_curator_hard_retention_period_days
, those variables will be used instead of the defaults. You should migrate your configuration to use the new variable names before the Caracal release.
If credentials are updated in
passwords.yml
kolla-ansible is now able to update these credentials in the keystone database and in the on disk config files.The changes to
passwords.yml
are applied oncekolla-ansible -i INVENTORY
reconfigure has been run.If you want to revert to the old behavior - credentials not automatically updating during reconfigure if they changed in
passwords.yml
- you can specify this by settingupdate_keystone_service_user_passwords: false
in your globals.yml.Notice that passwords are only changed if you change them in
passwords.yml
. This mechanism is not a complete solution for automatic credential rollover. No passwords are changed if you do not change them insidepasswords.yml
.
Deprecation Notes¶
Support for deploying Masakari is no longer deprecated. The Masakari CI scenarios are now working again, and commitment has been made to improve the health of the project.
Bug Fixes¶
Adds separate role for changing sysctl settings. This role automatically checks if the systems supports IPv6 and if not, skips the IPv6 sysctl settings. This role expands previous backportable fix of this issue at Icccfc1c509179c3cfd59650b7917a637f9af9646 LP#1906306
Add conditionals for IPv6 sysctl settings that have IPV6 disabled in kernel. Changing sysctl settings related to IPv6 on those systems lead to errors. LP#1906306
Fixes nova-cell not updating the cell0 database address when VIP changes. LP#1915302
Fixes non-persistent Neutron agent state data. LP2009884
Fixes
ovs-dpdk
images pull. LP#[2041864]
Starting with ansible-core 2.13, list concatenation format is changed which resulted in inability to override horizon policy files. See LP#2045660 for more details.
Fixes long service restarts while using systemd LP#2048130.
Fixes an issue with high CPU usage of the cAdvisor container by setting the per-container housekeeping interval to the same value as the Prometheus scrape interval. LP#2048223
Fixes glance image import LP#2048525.
Fixes Nova operations using the
scp
command, such as cold migration or resize, on Debian Bookworm. LP#2048700
Fixes configuration of nova-compute and nova-compute-ironic, that will enable exposing vendordata over configdrive. LP#2049607
Fixes mariadb role deployment when using Ansible check mode. LP#2052501
Fixes an issue with
openvswitch
bridge creation whenneutron_bridge_name
was specified as two bridges. LP#2056332
Fixes the use of redis as coordination backend. LP#2056667
Fix the wrong configuration of the ovs-dpdk service. this breaks the deployment of kolla-ansible. For more details please see bug 2058372.
Incorrect condition in Podman part prevented the retrieval of facts of all the containers when no names were provided. LP#2058492
Updated configuration of service user tokens for all Nova and Cinder services to stop using admin role for service_token and use service role.
See LP#[2004555] and LP#[2049762] for more details.
Fixes enabled usage audit notifications when they are not needed. See LP##2049503.
Fixed ‘cinder-backup’ service when Swift with TLS enabled. LP#2051986
Fixes configuration of DNS integrations. See LP##2049503, DNS Integration and the DNS Integration with an External Service for details.
Fixes an idempotency issue in the OpenSearch upgrade tasks where subsequent runs of kolla-ansible upgrade would leave shard allocation disabled. LP#2049512
Fixes Docker health check for the
sahara_engine
container. LP#2046268
Fix a trove deployment bug where trove guest-agent failed to connect to RabbitMQ due to the missing of the oslo_messaging_rabbit config in guest-agent.conf. see bug 2048822
Fix trove failed to discover swift endpoint due to the missing of service_credentials in guest-agent.conf. see bug 2048829
Fixed an issue where the MariaDB Cluster recovery process would fail if the sequence number was not found in the logs. The recovery process now checks the complete log file for the sequence number and recovers the cluster. See LP#1821173 for details.
Fix the Octavia jobboard boolean value. See https://bugs.launchpad.net/kolla-ansible/+bug/2058046 for details.
Updates the default Grafana OpenSearch datasource configuration to use values for OpenSearch that work out of the box. Replaces the Elasticsearch values that were previously being used. The new configuration can be applied by deleting your datasource and reconfiguring Grafana through kolla ansible. In order to prevent dashboards from breaking when the datasource is deleted, one should use datasource variables in Grafana. See bug 2039500.
Fixes bug #2039498 where the grafana docker volume was bind mounted over Grafana plugins installed at image build time. This is fixed by copying the dashboards into the container from an existing bind mount instead of using the
grafana
volume. This however leaves behind the volume which can be removed by settinggrafana_remove_old_volume
totrue
. Please note that any plugins installed via the cli directly and not through kolla will be lost when doing this. In a future releasegrafana_remove_old_volume
will default totrue
.
Added log retention in OpenSearch, previously handled by Elasticsearch Curator, now using Index State Management (ISM) OpenSearch bundled plugin. LP#2047037.
Adds missing support for friendly labels for Prometheus Ironic exporter and Alertmanager metrics. LP#2041855
A precheck has been added to catch when
om_enable_rabbitmq_quorum_queues
is set toTrue
, but quorum queues have not been configured on all appropriate queues. A manual migration is required, see here for details: https://docs.openstack.org/kolla-ansible/latest/reference/message-queues/rabbitmq.html#high-availability LP#2045887
Changes to service user passwords in
passwords.yml
will now be applied when reconfiguring services.This behaviour can reverted by setting
update_keystone_service_user_passwords: false
.Fixes LP#2045990
17.0.0.0rc1¶
New Features¶
Adds support for copying in
{{ node_custom_config }}/magnum/kubeconfig
to Magnum containers formagnum-cluster-api
driver.