20.10 (Draft version in progress)


The 20.10 OpenStack Charms project release includes updates for the charms described in the following sections. Refer to the 20.10 milestone in Launchpad for the list of resolved bugs and see the Release schedule for past and future releases.

Additional charm information is published in the OpenStack Charm Guide (this guide) which ultimately supersedes Release Notes contents.


Always upgrade to the latest stable charms before making any major changes to your cloud and before filing bug reports. Refer to section Upgrading charms below for details.

Other supporting charms (Stable)

These charms have stable releases with ongoing maintenance and testing. They are classified differently because the payload of each is not technically an OpenStack project.

Tech-preview charms (Beta)

These charms do not have stable releases, even though they may technically have “stable/yy.mm” branches. Regardless of any maintenance and testing that these charms may receive, some work (major bugs, payload packaging issues, project issues, general QA) is still required before the charms are ready for production use (promoted to Stable).

Alpha charms (Edge)

This classification of charms includes those which may be a proof-of-concept, a test fixture, or one which is in active development. They are not intended to be used in production. Supportability, upgradability, testability may be lacking, either from a charm perspective, or from the workload package perspective.

Maintenance-mode charms

These charms are in maintenance mode, meaning that new features and new releases are not actively being added or tested with them. Generally, these were produced for a demo, PoC, or as an example.

  • None at this time.

Removed charms


New charm features

With each new feature, there is a corresponding example bundle in the form of a test bundle, and/or a OpenStack Charms Deployment Guide section which details the use of the feature. For example test bundles, see the src/tests/bundles directory within the relevant charm repository.

Gnocchi and external root CA for S3

The gnocchi charm now supports an additional configuration option: trusted-external-ca-cert. This option installs and configures an external root CA in the gnocchi units. This is useful when an encrypted S3 (storage backend) endpoint uses certificates that are not managed by Vault.

Arista - Supported releases

The neutron-api-plugin-arista charm now supports all OpenStack releases starting with Queens. See LP #1890628 for more details.

Neutron Gateway and additional data on ports and bridges

The neutron-gateway charm now marks the openvswitch ports and bridges it creates as managed by the charm. It does so by setting an external-id on them. See the Open vSwitch Integration Guide for Centralized Control for details.

Even the ports and bridges created before upgrading to this release will be be marked. Marking our ports and bridges will allow us to implement some cleanup mechanism without risking removing too much.

See bug LP #1809190 for details.

cinder charm: Allow specifying the default_volume type

A new feature has been added to allow setting the default volume type, via the new configuration parameter default-volume-type, for new volumes if one is not specified at creation time. This is to support scenarios where multiple storage backends are to be used with cinder. Please see related Bug LP #1884548 for more details and consult the cinder charm.

New charms

Preview charm features

Deprecation notices

Removed features

Neutron Gateway and network bridges

The neutron-gateway charm no longer supports adding a Linux bridge to an openvswitch bridge.

Rationale: this feature relied on the NetworkManager (a.k.a. ifupdown) feature veth. Unfortunately starting from Bionic (18.04) ifupdown isn’t shipped by default anymore as it is being replaced by netplan.io, which doesn’t implement this feature yet (see bug LP #1876730). Using ifupdown on Bionic also causes issues with LXD containers (see bug`LP #1877594`_).

See bug LP #1877594 for details on how to migrate away from this feature.

Known issues

Designate and Vault at Ocata and earlier

The designate charm for OpenStack releases Pike and earlier does not yet support SSL via Vault and the certificates relation. See bug LP #1839019.

Current versions of OpenStack with Vault and the certificates relation are supported by the Designate charm.

Restart Nova services after adding certificates relation

A race condition exists with the use of the ‘certificates’ relation. When SSL certificates are issued Nova services may attempt to talk to the placement API over HTTP while the API has already changed to HTTPS. See bug LP #1826382.

To mitigate against this, restart the nova-compute and nova-scheduler services once certificates have been issued:

juju run --application nova-compute "systemctl restart nova-compute"
juju run --application nova-cloud-controller "systemctl restart nova-scheduler"

TrilioVault Data Mover charm upgrade

For deployments using prior versions of the trilio-data-mover charm (as provided by Trilio) the relation between the trilio-data-mover charm and rabbitmq-server must be removed and re-added to ensure that specific access for the data-mover service is provided for RabbitMQ.

juju remove-relation trilio-data-mover rabbitmq-server
juju add-relation trilio-data-mover rabbitmq-server

TrilioVault File Recovery Manager

Mounting snapshots using the File Recovery Manager appliance fails due to permissions errors encountered during the libvirt/qemu snapshot mount process on compute nodes. See bug LP #1888389 for details.

Octavia and neutron-openvswitch in LXD


This issue is due to a Juju bug, which was fixed in Juju 2.8.1.

The octavia charm requires a neutron-openvswitch subordinate which means that if it runs in a container, the openvswitch kernel module must be loaded before the container starts. Module loading is done by LXD based on the profile applied by Juju and taken from the neutron-openvswitch charm. However, due to LP #1876849 in Juju, there is no guarantee that the profile will be applied before neutron-openvswitch execution starts in a container.

The issue is more likely to happen on disaggregated deployments where octavia units run in LXD containers on machines that do not have any units of neutron-openvswitch running on bare metal.

In order to work around the error an operator needs to make sure the openswitch module is loaded on the host and then restart the openvswitch-switch.service service inside the LXD container where the respective neutron-openvswitch unit is present. After that the unit error can be resolved.

OpenStack os-brick, Ceph Octopus, and Focal

The Ceph RBD Mirror and Cinder Backup Swift Proxy charms do not work with Ceph Octopus due to an issue with the upstream OpenStack os-brick library (see bug LP #1865754). As Octopus is the default Ceph version on Ubuntu 20.04 LTS (Focal) these charms cannot be used on Focal until the issue is resolved. Here are the resulting charm-specific behaviours:

  • ceph-rbd-mirror charm: The charm will enter a blocked state after configuring pool mirroring (see bug LP #1879749).

  • cinder-backup-swift-proxy charm: If a backup volume operation is performed the resulting volume will be in error (see bug LP #1890821).

Series upgrade - percona-cluster and vault charms


During a series upgrade from Xenial (16.04) to Bionic (18.04) the percona-cluster charm may fail during the post-series-upgrade hook. This appears to be because the percona-cluster charm may erroneously delete the file /var/lib/percona-xtradb-cluster/seeded (see bug LP #1868326). If this occurs, then executing the following commands on the failed unit will recover the hook and allow it to complete the series upgrade:

juju run percona-cluster/N 'echo "done" > /var/lib/percona-xtradb-cluster/seeded'
juju resolved percona-cluster/N

This may be required for each percona-cluster unit.


If a series upgrade is attempted while Vault is sealed then manual intervention will be required (see bugs LP #1886083 and LP #1890106). The vault leader unit (which will be in error) will need to be unsealed and the hook error resolved. The Vault section in the OpenStack Charms Deployment Guide has detailed unsealing instructions and the hook error can be resolved with:

juju resolved vault/N

Upgrading charms

Always use the latest stable charm revision before proceeding with topological changes, application migrations, workload upgrades, series upgrades, or bug report filing.

Please ensure that the keystone charm is upgraded first.

To upgrade an existing deployment to the latest charm version simply use the upgrade-charm command. For example:

juju upgrade-charm keystone

Charm upgrades and OpenStack upgrades are functionally different. Charm upgrades ensure that the deployment has the latest charm revision, containing the latest charm fixes and features, whereas OpenStack upgrades influence the software package versions of OpenStack itself.

A charm upgrade does not trigger an OpenStack upgrade. An OpenStack upgrade is a separate process. However, an OpenStack upgrade does require the latest charm revision. Please refer to OpenStack upgrades in the OpenStack Charms Deployment Guide for more details.