Current Series Release Notes

12.0.0.0rc1-77

Prelude

Ubuntu Jammy Jellyfish (22.04) LTS and Rocky Linux 9 are now supported as a host Operating System and base container image.

New Features

  • Adds the --skip-hooks argument to ignore hooks for the execution of a command. See story 2009241 for details.

  • Adds support for configuring a firewall via firewalld on Ubuntu. See story 2010160 for details.

  • Adds support for configuring Dell OS10 Switches using the dellemc.os10 Ansible collection. This is integrated with the kayobe physical network configure command.

  • Adds support for installing additional build host dependencies when building IPA and overcloud host images via ipa_build_dib_host_packages_extra and overcloud_dib_host_packages_extra.

  • Adds support for specifying a custom playbook when running Kolla Ansible commands via a --kolla-playbook argument. For example:

    kayobe overcloud service deploy --kolla-playbook /path/to/playbook.yml
    

    This may be used to specify a playbook that replaces or extends the default site.yml playbook, and needs to execute in the Kolla Ansible context.

  • Adds support for copying $KAYOBE_CONFIG_PATH/kolla/config/nova_compute to Kolla configuration. This folder can contain a Nova release file which can configure the vendor or product strings used by Nova.

  • Adds functionality to configure desired SELinux state (in addition to disabling SELinux previously).

  • Adds support for copying the Bifrost clouds.yaml file and optionally a TLS CA certificate from the Bifrost container to the seed host. This makes it possible to enable authentication and TLS for Bifrost services.

  • Kayobe now configures SELinux on the seed hypervisor. The default is to set SELinux to permissive.

  • Adds support for specifying SNAT source and destination filters. This is useful if forwarded packets need to exit on a different interface depending on the source or destination IP address or port.

  • Adds the --add-known-hosts option to control host bootstrap. This will add SSH known hosts entries for each host. This should provide a way around the issues described in story 2001670.

  • Adds support for the ANSIBLE_VAULT_PASSWORD_FILE environment variable as a source for the Ansible Vault password. See story 2006766 for details.

  • Adds support for configuring swap files and devices on seed, seed hypervisor, overcloud and infra VM hosts during host configure commands.

  • Adds support for Ubuntu Jammy Jellyfish (22.04) LTS as a host and container Operating System for seed, seed hypervisor and overcloud hosts.

  • Updates base CentOS Stream 8 cloud image to CentOS-Stream-GenericCloud-8-20220913.0.x86_64.

Upgrade Notes

  • Changes the Kayobe playbook group variables in ansible/group_vars/ to be inventory group variables in ansible/inventory/group_vars. This has two important consequences:

    1. Inventory group variables have a lower precedence than playbook group variables. This means that these variables can now be overridden by group variables in the Kayobe configuration inventory.

    2. The new inventory group variables are automatically used by all Kayobe commands, and do not need to be in the same directory as the playbook being executed. This means that the previous workaround for custom playbooks involving symlinking to the group_vars directory from the directory containing the custom playbook is no longer necessary.

  • Removes the kolla_ironic_default_boot_option variable and the inspector_rule_local_boot inspector rule, since Ironic has removed support for defining a boot option configuration. The Set local boot capability rule should be removed from Bifrost and Ironic Inspector by the operator.

  • Starting with Yoga, Ironic has changed the default PXE from plain PXE to iPXE. Kayobe follows this upstream decision but allows users to revert to the previous default of plain PXE. For details, please refer to Kolla Ansible’s documentation.

  • Removes the kolla_install_type variable. This is due to removal of support for binary images from the Kolla project.

  • Overcloud host images are now built via DIB by default, rather than Bifrost. The old behaviour may be obtained by setting overcloud_dib_build_host_images to false.

  • The disable-selinux role has been renamed to selinux and so have been the related variables. If you set one of them, adapt your configuration:

    • disable_selinux_do_reboot becomes selinux_do_reboot

    • disable_selinux_reboot_timeout becomes selinux_reboot_timeout

  • Kayobe now sets SELinux to permissive by default (compared to disabled previously). This may require a reboot, which will only be triggered if selinux_do_reboot is set to true. If you want to retain previous behaviour, set selinux_state to disabled.

  • Updates base Rocky Linux 8 cloud image to Rocky-8-GenericCloud.latest.x86_64.qcow2

  • Enables authentication by default in Bifrost.

  • Updates the stackhpc.os-images role to version 0.16.0. This new release separates configuration of upper constraints for diskimage-builder (DIB) from those used by the OpenStack SDK and client. This allows operators to use a newer version of DIB while keeping compatible versions of the OpenStack SDK and client. This is configured with the following variables:

    • ipa_build_dib_upper_constraints_file in ipa.yml

    • overcloud_dib_dib_upper_constraints_file in overcloud-dib.yml

    The variables are empty by default in order to allow for Rocky Linux 9 image builds.

Deprecation Notes

  • Deprecates support for deploying Monasca and dependent services: Kafka, Storm and Zookeeper. The support will be removed in the Antelope cycle.

Security Issues

  • Fixes an issue where any passwords in kolla_ansible_custom_passwords were exposed in Ansible logs. When using verbosity level 3 (-vvv), they were also exposed in Ansible output.

Bug Fixes

  • Ironic inspection through Bifrost now work even if DHCP-relay is used. The dhcp-range in dnsmasq.conf corrctly configured with network mask.

  • Adds missing Ansible group following the addition of support in Kolla Ansible for forwarding Prometheus alerts to Microsoft Teams.

  • Fixes an issue with undefined kolla_enable_hacluster variable.

  • Fixes an issue where a host configure with --wipe-disks would wipe block devices that were mounted. See story 2010367 for details.

  • Fixes an error when generating passwords.yml if an unencrypted file exists but a password has been supplied.

  • Fixes an issue where hacluster images are not built when the service is enabled.

  • Fixes an issue where a custom playbook using become_user could fail when setting permissions on temporary files. The acl package is now installed on all systems by default.

  • Fixes an issue where any passwords in kolla_ansible_custom_passwords were exposed in Ansible logs. When using verbosity level 3 (-vvv), they were also exposed in Ansible output.

  • Fixes an issue with nclu-switch command ordering, when description was applied first to a non-existent (virtual) interface. See story 2010279 for details.

  • Fixes an issue where the MTU defined in Kayobe was not applied to Ironic provisioning and cleaning networks in Neutron.

  • Configures SELinux to permissive on the seed hypervisor, which fixes permission issues when provisioning seed or infra VMs.

  • Fixes failures to run kayobe overcloud bios raid configure by upgrading the stackhpc.drac role to version 1.1.6.