Stein (6.x.y) Series Release Notes

6.0.0-15

Bug Fixes

  • Fixes an issue with kayobe overcloud post configure when Ironic is disabled, but ironic_serial_console_autoenable is set to true. See story 2006662 for details.

  • Fixes an issue when specifying multiple regular expressions to the kayobe seed container image build and kayobe overcloud container image build commands. See story 2006475 for details.

6.0.0

New Features

  • Adds support for custom Blazar configuration.

  • Adds support for custom Ceilometer configuration.

  • Adds support for custom CloudKitty configuration.

  • Adds support for custom Gnocchi configuration.

  • Adds support for overriding configuration globally for all OpenStack services by generating a global.conf file for use by Kolla Ansible. See story 2005904 for details.

  • Adds support for customising the refactored HAProxy configuration introduced in Kolla Ansible in the Stein release, using $KAYOBE_CONFIG_PATH/kolla/config/haproxy-config/.

  • Adds support for custom Keepalived configuration.

  • Adds support for configuration of Arista switches running EOS 4.15 or later. This is integrated with the kayobe physical network configure command.

  • Adds commands to make use of the database backup and recovery features in Kolla Ansible.

    kayobe overcloud database backup [--incremental] can be used to take a full or incremental backup of the database using Xtrabackup.

    kayobe overcloud database recover [--force-recovery-host <host>] can be used to recover a database cluster that has lost Quorum.

  • Adds support for arbitrary Docker storage drivers, configured via docker_storage_driver. Previously only devicemapper and overlay were supported.

  • Adds support for skipping configuration of a network, by setting its name to None. This is done in networks.yml as follows:

    admin_oc_net_name:
    
  • Adds support for custom configuration of keystone.conf.

  • Adds support for configuring software RAID arrays using mdadm. Software RAID configuration is applied before LVM configuration, which allows creating LVM volumes on top of software RAID arrays. See story 2005017 for details.

  • Adds two new variables, openstack_release and openstack_branch, in ${KAYOBE_CONFIG_PATH}/openstack.yml for setting the current OpenStack release and branch in a single place.

  • Add command to update packages on the seed hypervisor host, as already available for seed and overcloud hosts:

    kayobe seed hypervisor host package update --packages <packages>

  • Add support for separate storage networks for both Ceph and Swift. This adds four additional networks, which can be used to separate the storage network traffic as follows:

    • Ceph storage network (ceph_storage_net_name) is used to carry Ceph storage data traffic. Defaults to the storage network (storage_net_name).

    • Ceph storage management network (ceph_storage_mgmt_net_name) is used to carry storage management traffic. Defaults to the storage management network (storage_mgmt_net_name).

    • Swift storage network (swift_storage_net_name) is used to carry Swift storage data traffic. Defaults to the storage network (storage_net_name).

    • Swift storage replication network (swift_storage_replication_net_name) is used to carry storage management traffic. Defaults to the storage management network (storage_mgmt_net_name).

  • Adds a new configuration variable, pip_upper_constraints_file, which is used to configure the file or URL containing the python upper version contraints. Its default value is https://releases.openstack.org/constraints/upper/{{ openstack_branch }}.

  • Improvements to Swift device management and ring generation.

    The device management and ring generation are now separate, with device management occurring during ‘kayobe overcloud host configure’, and ring generation during a new command, ‘kayobe overcloud swift rings generate’.

    For the device management, we now use standard Ansible modules rather than commands for device preparation. File system labels can be configured for each device individually.

    For ring generation, all commands are run on a single host, by default a host in the Swift storage group. A python script runs in one of the kolla Swift containers, which consumes an autogenerated YAML config file that defines the layout of the rings.

Upgrade Notes

  • Updates the minimum supported version of Ansible from 2.4 to 2.5, and the maximum supported version from 2.6 to 2.7. This is true for both Kayobe and Kolla Ansible.

  • Removes the inspector_manage_firewall variable. This is supported in Kolla Ansible via the ironic_inspector_pxe_filter variable, which can be added to ${KAYOBE_CONFIG_PATH}/kolla/globals.yml. The default value for that variable changed in the Stein release from ‘iptables’ to ‘dnsmasq’, since the iptables filter does not work with Docker CE.

  • Controllers are no longer connected to the storage management network by default, since generally only storage nodes need access to this network. If needed, the existing configuration can be retained by adding the storage management network to the controller_extra_network_interfaces list.

  • The default value of kolla_upper_constraints_file has been changed to {{ pip_upper_constraints_file }}.

Security Issues

  • Fixes an issue when generating the passwords.yml file for Kolla Ansible where if the contents of the file have not changed, a plain text copy of the file would be left in /tmp on the Ansible control host.

    The temporary files are typically named /tmp/tmpXXXXXX, and are owned by the user that runs kayobe, with permissions 664 (rw-rw-r–).

    It is recommended to check any systems on which Kayobe has been run for copies of the passwords file in /tmp. A simple check for this is grep -rn database_password /tmp.

Bug Fixes

  • Fixes an issue where the admin-openrc.sh and public-openrc.sh files would not be generated when preparing a new control host environment for an existing cloud. These files are now generated during kayobe control host bootstrap if the Kolla Ansible passwords.yml file exists in the Kayobe configuration. See story 2001667 for details.

  • Fixes an issue where multiple NTP daemons could be running on the overcloud hosts, due to Kolla Ansible deploying a chrony container by default starting with the Rocky release.

    Kayobe now overrides this default, to ensure that chrony does not conflict with the NTP daemon deployed on the host. To use the containerised chrony daemon instead, set kolla_enable_chrony to true in ${KAYOBE_CONFIG_PATH}/kolla.yml. This will also disable the host NTP daemon.

    To ensure that chrony is not running, Kayobe removes the chrony container if kolla_enable_chrony is false in the following commands:

    • kayobe overcloud service deploy

    • kayobe overcloud service reconfigure

    • kayobe overcloud service upgrade

    The play in Kayobe is tagged with stop-chrony.

    See story 2005272 for details.

  • Fixes an issue with hardware inspection of bare metal compute nodes configured to use UEFI. See story 2006214 for details.

  • Modifies provisioning and cleaning networks in multi-tenant ironic environments to be non-shared. Flat networks remain shared. To apply the change to an existing environment, run kayobe overcloud post configure. See story 2006409 for details.

  • Fixes an issue when generating the passwords.yml file for Kolla Ansible where if the contents of the file have not changed, a plain text copy of the file would be left in /tmp on the Ansible control host.

    The temporary files are typically named /tmp/tmpXXXXXX, and are owned by the user that runs kayobe, with permissions 664 (rw-rw-r–).

    It is recommended to check any systems on which Kayobe has been run for copies of the passwords file in /tmp. A simple check for this is grep -rn database_password /tmp.

  • Stops allocating network and broadcast addresses to hosts when an allocation pool is not defined.

  • Uses BatchMode to check whether a host is accessible via SSH. This prevents Kayobe from hanging on a password prompt when password authentication is enabled on the host and the Kayobe Ansible user is not yet configured.

  • Fixes an issue with virtual environments on remote hosts, which may over the course of time become stale and incompatible with Kayobe or other software. This was fixed by installing the latest version of packages allowed by OpenStack upper constraints. See story 2005923 for details.