2023.1 - Antelope¶
The 2023.1 (Antelope) OpenStack Charms release includes updates for the charms described on the Supported charms page. As of this release, the project consists of 62 stable charms.
For scheduling information of past and future releases see the Release schedule.
Release notes contents is superseded by updated information published in the Release notes (this guide) after the release of any given OpenStack Charms version.
Always upgrade to the latest stable charms before making any major changes to your cloud and before filing bug reports. Note that charm upgrades and OpenStack upgrades are functionally different. For instructions on performing the different upgrade types see the Upgrades overview page.
Summary of changes:
juju deploy --channel antelope/stable openstack-dashboard juju deploy --channel antelope/stable ironic-dashboard juju integrate openstack-dashboard:dashboard-plugin ironic-dashboard:dashboard
There are three new storage charms that allow the Infinidat storage appliance to be used with Charmed OpenStack systems.
These charms are:
They have been developed specifically for OpenStack Ussuri on Ubuntu 20.04 LTS (Focal) and thus have a ‘stable’ risk level for the ‘ussuri’ track. For more recent tracks, the charms have been assigned the ‘candidate’ risk level and due consideration should be taken to validate them prior to production usage. The following channels (track/risk combination) are now available:
As testing occurs, on a per-track basis, the candidate charms will be promoted to stable.
With each new feature, there is a corresponding example bundle in the form of a
test bundle, and/or a section in the current guide (Charm Guide) that details
its usage. Test bundles are located in the
src/tests/bundles directory of
the relevant charm repository (see all charm repositories).
Charmed OpenStack configures the deployed services to send service tokens now. This change benefits users in, at least, the following situations:
Security enhancement: Service tokens allow the control plane to differentiate between a privileged operation issued by another service (e.g. Nova requesting a volume operation to Cinder) and a regular user operation.
Long running jobs: If an operation takes longer than the life of a regular user token, queries can fail, preventing the completion of requested operations.
Two new configuration options have been added to the ironic-conductor charm.
ovn-central charm is now capable of seamlesly downscaling units. More
details can be found in “OVN Central” downscaling guide
Hardware enablement configuration¶
hardware-enablement-options allows operators to enable hardware
specific options in the Ironic Conductor service.
For example, to enable the iDrac driver the following commands can be used:
cat << EOF > ./idrac.ini [DEFAULT] enabled_hardware_types = intel-ipmi, ipmi, idrac enabled_management_interfaces = intel-ipmitool, ipmitool, noop, idrac-wsman enabled_inspect_interfaces = no-inspect, idrac-wsman enabled_power_interfaces = ipmitool, idrac-wsman enabled_console_interfaces = ipmitool-shellinabox, ipmitool-socat, no-console enabled_vendor_interfaces = ipmitool, no-vendor, idrac-wsman enabled_raid_interfaces = agent, no-raid, idrac-wsman EOF juju config ironic-conductor hardware-enablement-options=@./idrac.ini
Temporary URL timeout¶
swift-temp-url-duration allows operators to fine tune the duration
of temporary URLs passed to ironic-python-agent to download the image that
needs to be installed. Environments that use large images and/or slow IO
baremetal nodes are encouraged to increase it.
For example, to set the duration to one hour:
juju config ironic-conductor swift-temp-url-duration=3600
The nova-compute charm now supports a stable hostname for the nova-compute
service when rendering the
nova.conf file. This prevents the daemon from
registering multiple entries (with different hostnames) in the Nova control
plane. This also affects the hostname used by ovn-controller, which allows for
situations where a new instance is allocated to nova-compute hostname
“foo.example.com” but the corresponding ovn-chassis is registered to “foo”. For
more details see bug LP #1896630.
The keystone, mysql-innodb-cluster, and rabbitmq-server charms have gained actions to assist with rotating the passwords for the service users in an OpenStack model. The passwords are auto-generated (not user-defined). Each charm can rotate their service user passwords independently of the other charms. These three charms represent all of the service user passwords in an OpenStack system.
Service users are those users that are associated with applications that provide services within an OpenStack system. Examples are ‘glance’, ‘nova’, ‘heat’, and ‘keystone’.
Two actions are provided for each of the three above-mentioned charms:
They must be run on the leader unit:
juju run-action --wait <application>/leader list-service-usernames juju run-action --wait <application>/leader rotate-service-user-password service-user=glance
In Juju 3.x the run-action command has been changed to run.
list-service-usernames action provides a list of usernames that can be
rotated, and the
rotate-service-user-password actually performs a password
rotation for a single service user.
There may be a control plane interruption when a password is rotated. This is due to the password being changed in the service provider (MySQL, Keystone, and RabbitMQ) before it has been pushed out to the corresponding service user applications. This may be mitigated however by the restart of the service application, which will force a re-authentication of the service.
Environments configured to use the ML2 OVS plugin in DVR mode and have
configured an external network of type
flat will be affected by bug LP
#2015090. The symptom of an affected system is that newly launched instances
won’t have access to the Metadata service and the
service log will contain the following error:
[...] 2023-03-31 19:35:06.095 58625 ERROR neutron.agent.dhcp.agent return self._name[:constants.DEVICE_NAME_MAX_LEN] 2023-03-31 19:35:06.095 58625 ERROR neutron.agent.dhcp.agent TypeError: 'bool' object is not subscriptable
Regular improvements and bug fixes. A new page on Network spaces was landed.