Current Series Release Notes

22.0.0.0rc1-41

New Features

  • Add support for VAST cinder driver.

  • Adds support for serving architecture-specific Ironic Python Agent images for mixed x86_64 and aarch64 iPXE deployments.

  • The nova_libvirt container now runs virtlogd as a sidecar alongside libvirtd, and qemu.conf is configured with stdio_handler = "logd" so that libvirt routes instance console chardevs through virtlogd. This allows guest console logs to be rotated according to /etc/libvirt/virtlogd.conf (by default 2MB per file with 3 backups), instead of growing without bound as they did when stdio_handler was set to "file".

    Note that existing instances must be hard rebooted to pick up the new console handler, as the chardev mode is fixed at qemu launch.

  • Add Alertmanager container healthcheck support.

  • Removed obsolete configuration options from the Horizon local_settings.py template:

    • TEMPLATE_DEBUG: No longer supported

    • enable_lb, enable_firewall, and enable_vpn: These keys inside OPENSTACK_NEUTRON_NETWORK are now invalid.

Upgrade Notes

  • Support for networking-infoblox, to use Infblox as neutron’s IPAM backend, has been removed. The networking-infoblox project is unmaintained.

  • The [redis:children] inventory group, redis_master_password password, and all Redis-to-Valkey migration code, which were kept for migration purposes since the Gazpacho (2026.1) release, have now been removed. Operators should remove redis_master_password from their passwords.yml file.

Bug Fixes

  • Fixes overly restrictive permissions on certificates in /var/lib/kolla/share/ca-certificates path in containers that require access to these certificates.

  • Fixes the Ironic temp directory causing invalid cross device links when deploying baremetal images using the virtualmedia boot interface.

  • Fixes an issue in the Docker container worker where reconfiguring containers with cpuset_cpus or cpuset_mems dimensions could fail with an IndexError when the existing container had no explicit cpuset constraint configured.

Other Notes

  • This release exposes additional configuration options for OpenStack Compute consoles which utilize the SPICE protocol. You can now require that such consoles use channels secured by TLS using the nova_spice_require_secure configuration option. This option defaults to false as it implies that TLS certificates have been distributed to your nova-compute nodes.