2023.1 - Antelope

The 2023.1 (Antelope) OpenStack Charms release includes updates for the charms described on the Supported charms page. As of this release, the project consists of 62 stable charms.

For scheduling information of past and future releases see the Release schedule.

Note

Release notes contents is superseded by updated information published in the Release notes (this guide) after the release of any given OpenStack Charms version.

Important

Always upgrade to the latest stable charms before making any major changes to your cloud and before filing bug reports. Note that charm upgrades and OpenStack upgrades are functionally different. For instructions on performing the different upgrade types see the Upgrades overview page.

New stable charms

ironic-dashboard

This charm provides the Ironic Dashboard plugin for use with the OpenStack Dashboard charm.

Usage example:

juju deploy --channel 2023.1/stable openstack-dashboard
juju deploy --channel 2023.1/stable ironic-dashboard
juju integrate openstack-dashboard:dashboard-plugin ironic-dashboard:dashboard

Infinidat storage charms

There are three new storage charms that allow the Infinidat storage appliance to be used with Charmed OpenStack systems.

These charms are:

• infinidat-tools

• cinder-infinidat

• manila-infinidat

They have been developed specifically for OpenStack Ussuri on Ubuntu 20.04 LTS (Focal) and thus have a ‘stable’ risk level for the ‘ussuri’ track. For more recent tracks, the charms have been assigned the ‘candidate’ risk level and due consideration should be taken to validate them prior to production usage. The following channels (track/risk combination) are now available:

• ussuri/stable

• victoria/candidate

• wallaby/candidate

• xena/candidate

• yoga/candidate

• zed/candidate

• 2023.1/candidate

As testing occurs, on a per-track basis, the candidate charms will be promoted to stable.

New stable charm features

With each new feature, there is a corresponding example bundle in the form of a test bundle, and/or a section in the current guide (Charm Guide) that details its usage. Test bundles are located in the src/tests/bundles directory of the relevant charm repository (see all charm repositories).

Service tokens

Charmed OpenStack configures the deployed services to send service tokens now. This change benefits users in, at least, the following situations:

• Security enhancement: Service tokens allow the control plane to differentiate between a privileged operation issued by another service (e.g. Nova requesting a volume operation to Cinder) and a regular user operation.

• Long running jobs: If an operation takes longer than the life of a regular user token, queries can fail, preventing the completion of requested operations.

For more details see Using service tokens in Cinder and bug LP #1992840.

ironic-conductor charm

Two new configuration options have been added to the ironic-conductor charm.

ovn-central charm

ovn-central charm is now capable of seamlesly downscaling units. More details can be found in “OVN Central” downscaling guide

Hardware enablement configuration

Option hardware-enablement-options allows operators to enable hardware specific options in the Ironic Conductor service.

For example, to enable the iDrac driver the following commands can be used:

cat << EOF > ./idrac.ini
[DEFAULT]
enabled_hardware_types = intel-ipmi, ipmi, idrac
enabled_management_interfaces = intel-ipmitool, ipmitool, noop, idrac-wsman
enabled_inspect_interfaces = no-inspect, idrac-wsman
enabled_power_interfaces = ipmitool, idrac-wsman
enabled_console_interfaces = ipmitool-shellinabox, ipmitool-socat, no-console
enabled_vendor_interfaces = ipmitool, no-vendor, idrac-wsman
enabled_raid_interfaces = agent, no-raid, idrac-wsman
EOF

juju config ironic-conductor hardware-enablement-options=@./idrac.ini

Temporary URL timeout

Option swift-temp-url-duration allows operators to fine tune the duration of temporary URLs passed to ironic-python-agent to download the image that needs to be installed. Environments that use large images and/or slow IO baremetal nodes are encouraged to increase it.

For example, to set the duration to one hour:

juju config ironic-conductor swift-temp-url-duration=3600

Stable hostname for nova-compute service

The nova-compute charm now supports a stable hostname for the nova-compute service when rendering the nova.conf file. This prevents the daemon from registering multiple entries (with different hostnames) in the Nova control plane. This also affects the hostname used by ovn-controller, which allows for situations where a new instance is allocated to nova-compute hostname “foo.example.com” but the corresponding ovn-chassis is registered to “foo”. For more details see bug LP #1896630.

Service user password rotation

The keystone, mysql-innodb-cluster, and rabbitmq-server charms have gained actions to assist with rotating the passwords for the service users in an OpenStack model. The passwords are auto-generated (not user-defined). Each charm can rotate their service user passwords independently of the other charms. These three charms represent all of the service user passwords in an OpenStack system.

Service users are those users that are associated with applications that provide services within an OpenStack system. Examples are ‘glance’, ‘nova’, ‘heat’, and ‘keystone’.

Two actions are provided for each of the three above-mentioned charms:

• list-service-usernames

• rotate-service-user-password

They must be run on the leader unit:

juju run-action --wait <application>/leader list-service-usernames
juju run-action --wait <application>/leader rotate-service-user-password service-user=glance

Note

In Juju 3.x the run-action command has been changed to run.

The list-service-usernames action provides a list of usernames that can be rotated, and the rotate-service-user-password actually performs a password rotation for a single service user.

There may be a control plane interruption when a password is rotated. This is due to the password being changed in the service provider (MySQL, Keystone, and RabbitMQ) before it has been pushed out to the corresponding service user applications. This may be mitigated however by the restart of the service application, which will force a re-authentication of the service.

Issues discovered during this release cycle

Neutron ML2 OVS plugin on DVR mode

Environments configured to use the ML2 OVS plugin in DVR mode and have configured an external network of type flat will be affected by bug LP #2015090. The symptom of an affected system is that newly launched instances won’t have access to the Metadata service and the neutron-dhcp-agent service log will contain the following error:

[...]
2023-03-31 19:35:06.095 58625 ERROR neutron.agent.dhcp.agent return self._name[:constants.DEVICE_NAME_MAX_LEN]
2023-03-31 19:35:06.095 58625 ERROR neutron.agent.dhcp.agent TypeError: 'bool' object is not subscriptable

Documentation updates

Regular improvements and bug fixes. A new page on Network spaces was landed.