Current Series Release Notes

Current Series Release Notes¶

26.0.0-14¶

New Features¶

Added insecure and cafile configuration options to the [rgw_client] section for controlling HTTPS certificate verification when connecting to the Ceph RGW Admin API. The insecure option disables certificate verification, and cafile specifies a PEM encoded Certificate Authority to use instead of the system CA bundle. Previously, RGW Admin API connections always skipped certificate verification.

Upgrade Notes¶

The [compute]/fetch_extra_metadata configuration option, introduced in the 2025.2 Flamingo release, allows configuring whether or not instance user metadata is fetched by compute pollsters via Nova API queries. This is used, for example, to fetch the metering.server_group metadata attribute, which sets the server_group attribute on Gnocchi resources.

[compute]/fetch_extra_metadata was previously set to True by default. To reduce load on Nova API, as of the 2026.2 Hibiscus release this option is now set to False by default.

If you are using Gnocchi and you require user metadata for some attributes (e.g. server_group), enabling this option should not be necessary in most cases as the notification meters will already set these on resources, even without compute pollsters fetching them.

If you use Prometheus and want this metadata included with all samples (e.g. for querying metrics by server group, Aodh alarms or Heat auto-scaling), you should explicitly enable this option by setting [compute]/fetch_extra_metadata to True in ceilometer.conf.

If resource metadata caching is enabled in Ceilometer Notification Agent, the Gnocchi resource metadata cache will be invalidated and refreshed upon upgrading due to the fix for updating resource project IDs.

Deprecation Notes¶

The [rgw_client] insecure option currently defaults to True to preserve backward compatibility. This will be changed to False in a future release. Deployments using HTTPS for RGW should set insecure to False and configure cafile if a custom CA is needed.

Security Issues¶

The RGW Admin API client previously hardcoded verify=False, unconditionally skipping HTTPS certificate verification. New [rgw_client] insecure and [rgw_client] cafile options allow operators to enable proper certificate verification for RGW connections.

Bug Fixes¶

An issue has been fixed where when publishing resource metadata changes to Gnocchi, the project ID field was not updated when changed (e.g. when transferring volumes from one project to another). Any existing resources that have changed ownership since being added to Gnocchi will have their project_id attribute updated to the correct value.

this page last updated: 2026-04-13 16:08:16

Creative Commons Attribution 3.0 License

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.