Victoria Series Release Notes


New Features

  • Updates base CentOS Stream 8 cloud image to CentOS-Stream-GenericCloud-8-20220913.0.x86_64.

Security Issues

  • Fixes an issue where any passwords in kolla_ansible_custom_passwords were exposed in Ansible logs. When using verbosity level 3 (-vvv), they were also exposed in Ansible output.

Bug Fixes

  • Fixes an issue where any passwords in kolla_ansible_custom_passwords were exposed in Ansible logs. When using verbosity level 3 (-vvv), they were also exposed in Ansible output.

  • Fixes an issue where the MTU defined in Kayobe was not applied to Ironic provisioning and cleaning networks in Neutron.

  • Fixes failures to run kayobe overcloud bios raid configure by upgrading the stackhpc.drac role to version 1.1.6.


Upgrade Notes

  • Kayobe now defaults to building CentOS Stream 8 IPA and root disk images, following the end of life of CentOS Linux 8.

Bug Fixes

  • In production environments, the provision network may be separated from the other networks, so in this case, if you want Bifrost’s DHCP service provides the correct gateway for the clients the inspection_gateway should be used instead of the gateway attribute for the provision network. This also avoids configuring the multiple IP gateways on a single host which leads to unpredictable results.

  • Fixes IPA and root disk image builds, following the end of life of CentOS Linux 8.

  • Fixes an issue with idempotence of local Kolla Ansible configuration generation.

  • Fixes an issue with the seed’s configdrive when the admin network is a VLAN. See story 2008089 for details.

  • Fixes Ansible inventory generation with some custom group mappings using the same group names for Kayobe and Kolla Ansible. See story 2009927 for details.

  • The set of commands starting with kayobe overcloud database now generate the kolla configuration necessary to login to the nodes running the database.

  • Fixes an issue with config drive generation for infrastructure and seed VMs when using untagged interfaces. The symptom of this issue is that kayobe cannot login to the instance. If you check the libvirt console log, you will see KeyError: 'vlan_link'. See story 2009910 for details.

  • Fixes an issue with IPA image builds which used the master branch of ironic-python-agent, even on stable releases of Kayobe, or when explicitly setting ipa_build_source_version.

  • Fixes an issue where patch links could be erroneously created on hosts not in the overcloud group. See Story 2009911 for details.

  • Deployment image (IPA) build no longer uses master version of upper-constraints. Instead, it defaults to using the constraints for the OpenStack release associated with the version of Kayobe being used. See story 2009810 for details.


New Features

  • Adds support for inspection of L3-routed Ironic networks via DHCP-relay.

Bug Fixes

  • Fixes an issue where the Neutron SR-IOV agent image is not built when the service is enabled.


New Features

  • Adds a new kolla_bifrost_use_firewalld variable used to define whether Bifrost uses firewalld, which is now disabled by default.

  • Adds support for configuring the filter and gather_subset arguments for the setup module via kayobe_ansible_setup_filter and kayobe_ansible_setup_gather_subset respectively. These can be used to reduce the number of facts, which can have a significant effect on performance of Ansible.

  • Adds a new command, kayobe overcloud facts gather, to gather Ansible facts for overcloud hosts. This may be useful for populating a fact cache.

  • Adds support for the metalink option in custom DNF repositories configured with dnf_custom_repos in dnf.yml.

Upgrade Notes

  • Updates all references to Ansible facts within Kayobe from using individual fact variables to using the items in the ansible_facts dictionary. This allows users to disable fact variable injection in their Ansible configuration, which may provide some performance improvement. Check for facts referenced in local configuration files, and update to use ansible_facts before disabling fact variable injection.

  • Bifrost is now configured to avoid using firewalld, to prevent conflicts with firewall rules set by Kayobe on the seed host. The existing behaviour can be retained by setting kolla_bifrost_use_firewalld to True in bifrost.yml.

  • Removes the workaround for bogus name server entries in some CentOS 7 images, together with the overcloud_host_image_workaround_resolv_enabled variable.

Bug Fixes

  • Prevents Bifrost from using firewalld to avoid conflicts with firewall rules set by Kayobe on the seed host. See story 2009252 for more details.

  • Sets proxy option when using dnf during user bootstrapping, before dnf.conf is updated. This allows Kayobe to install Python 3 during host configuration when dnf requires a proxy to operate.

  • Fixes an issue bug where introspection data save would fail. See story 2009129 for more details.

  • Filter out 25 Gigabit Ethernet interface names in the Ironic inspector rule setting node names from interface LLDP switch port descriptions.

  • Fixes a failure to detect the Kayobe installation prefix when lib is present multiple times in the installation path. See story 2009721 for details.


New Features

  • Supports extra kernel options specified as strings instead of lists.

  • Adds the ipa_build_upper_constraints_file variable to select the upper constraints file used to install diskimage-builder in the virtual environment used for building IPA images. This allows you to install a newer release than the one allowed by the default constraints.

  • Updates the default image for the seed VM to CentOS 8.3.

Upgrade Notes

  • When interacting with Bifrost, sourcing the env-vars file is not supported anymore. Set the OS_CLOUD environment variable to bifrost instead or run . ~/openrc bifrost.

  • When interacting with Bifrost, it is recommended to use the ironic native baremetal command instead of openstack baremetal, as the availability of OpenStackClient inside the Bifrost container is not guaranteed.

  • Until the Victoria release, Bifrost disabled node cleaning, however it became enabled in Victoria. To maintain backward compatibility, Kayobe now modifies the configuration in Bifrost to disable node cleaning of overcloud hosts.

Deprecation Notes

  • When interacting with Bifrost, the use of OS_CLOUD=bifrost-inspector is deprecated and should be replaced by OS_CLOUD=bifrost.

Bug Fixes

  • Fixes failure in the kayobe seed deployment image build command due to changes in Bifrost.

  • Fixes formatting of extra kernel options configured with kolla_bifrost_extra_kernel_options when passed to Bifrost. See story 2008714 for details.

  • Fixes an issue when using the --limit argument with a host pattern including commas. See story 2008255 for details.

  • Fixes an issue where custom SSH arguments, such as when setting ansible_ssh_extra_args, were not being respected when rebooting a host to disable selinux.

  • Fixes calls to kolla-ansible when arguments to --kolla-limit contain special characters such as ~ or &.

  • Fixes an issue with copying Swift ring files. See story 2007297 for details.

  • Fixes issue with deleting swift ring temporary files. See story 2008354 for details.

  • Fixes an issue with the kayobe seed service deploy command on CentOS 8.3 release. See story 2008430 for details.


New Features

  • Adds support for custom Aodh configuration.

  • Adds support for custom Masakari configuration.

  • Adds a new configuration variable, kolla_bifrost_extra_kernel_options, which allows to provide a list of extra kernel parameters for Bifrost’s Ironic PXE configuration. It defaults to an empty list. See story 2001987 for details.

  • Adds support for passing custom TLS certificates to Kolla Ansible via ${KAYOBE_CONFIG_PATH}/kolla/certificates/. See story 2007679 for details.

  • Adds support for custom options in static routes. See story 2007835 for details.

  • New feature to deploy user-defined containers on seed node with pre and post scripts has been added to Kayobe.

  • Adds support for deploying a Docker registry with HTTP basic authentication.

  • Adds support for deploying a Docker registry with TLS.

  • Adds support for configuring ethtool options on physical network interfaces. See story 2008020 for details.

  • Adds controller_network_host_default_network_interfaces and controller_network_host_extra_network_interfaces variables which define the networks to which separate network hosts are attached.

  • Adds a seed_vm_interfaces variable which defines the network interfaces to which the seed VM is attached.

  • Adds two new configuration variables, kolla_bifrost_inspection_timeout and inspector_inspection_timeout, which allow to customise timeouts of hardware inspection (in seconds) respectively for overcloud nodes and baremetal compute nodes. inspector_inspection_timeout defaults to 1200 and kolla_bifrost_inspection_timeout defaults to the value of inspector_inspection_timeout. See story 2007844 for details.

  • Adds support for deploying the Neutron Mellanox agent.

  • Updates the default image for the seed VM to CentOS 8.2.

Upgrade Notes

  • Kayobe configures Bifrost to use the trusted zone of firewalld, ensuring that all services running on the seed host are accessible. Deployments with stricter firewall policies can select another zone by setting the kolla_bifrost_firewalld_internal_zone variable in ${KAYOBE_CONFIG_PATH}/bifrost.yml. To avoid loss of connectivity to the seed host, ensure that firewalld is already configured on the seed host before deploying seed services.

  • Reverts to use the Kolla Ansible default value for kolla_external_fqdn_cert and kolla_internal_fqdn_cert when kolla_external_tls_cert and kolla_internal_tls_cert are respectively not set. This allows for the standard Kolla Ansible configuration approach of dropping these certificates into the $KAYOBE_CONFIG_PATH/kolla/certificates directory, rather than defining them as variables. This can be useful if using the kolla-ansible certificates command to generate certificates for testing.

  • Ironic is now disabled by default in the overcloud. This brings Kayobe’s default set of services into line with Kolla Ansible. For environments using Ironic in the overcloud, set kolla_enable_ironic to true in kolla.yml.

  • The default Docker storage driver has been changed from devicemapper to overlay2, which is the storage driver preferred by Docker. Environments using devicemapper should set docker_storage_driver to devicemapper in ${KAYOBE_CONFIG_PATH}/docker.yml.

  • The overcloud networks for Ironic (workload out-of-band, workload provisioning, workload cleaning and workload inspection) are now disabled by default if Ironic is not enabled.

  • The default value of controller_network_host_network_interfaces is now the combination of unique networks listed in new variables named controller_network_host_default_network_interfaces and controller_network_host_extra_network_interfaces. As a result controller_network_host_network_interfaces now contains the following additional networks: overcloud admin network, internal network and storage network. See network configuration of network hosts for more details.

  • The default order of network interfaces in the seed VM is now sorted alphabetically based on their Kayobe network name. This may require the seed’s network interface names to be changed in configuration if the seed VM is recreated. See story 2007259 for details.

  • The default timeout for the overcloud hardware inspection operation is increased from 10 minutes to 20 minutes, to avoid issues when using the extra-hardware collector on hardware booting slowly.

  • Changes Ironic Python Agent (IPA) image builds to use IPA builder. The following variables have been added to configure the IPA builder source location: ipa_builder_source_url, ipa_builder_source_version. See story 2007070 for details.

  • Adds new variables to allow extension of the list of Disk Image Builder (DIB) git repositories available when building Ironic Python Agent (IPA) images: ipa_build_dib_git_elements_default and ipa_build_dib_git_elements_extra. The existing ipa_build_dib_git_elements variable is a concatenation of these. By default there is now one git repository configured for IPA builder, and use of ipa_build_dib_git_elements should typically be replaced with ipa_build_dib_git_elements_extra to avoid losing this default.

  • The file extension used for the Ironic Python Agent (IPA) kernel image has changed from vmlinuz to kernel, in line with upstream changes in Ironic. This affects both Bifrost running on the seed and Ironic running in the overcloud for bare metal compute. If building images locally, this should be done prior to upgrading services.

  • The congress project is no longer maintained. This has been retired since Victoria and has not been used by other OpenStack services since.

  • Support for deploying with mongodb integrations has been removed.

  • The neutron-fwaas project is no longer maintained. This has been retired and will be removed in the Victoria cycle.

  • The opendaylight service, which was deprecated in the Ussuri cycle, has been removed.

  • The Yum configuration variables in yum.yml which were deprecated in the Ussuri release have been removed. Adapt any configuration overrides to use the DNF variables in dnf.yml instead.

  • The yum-cron configuration variables in yum-cron.yml which were deprecated in the Ussuri release have been removed. Adapt any configuration overrides to use the DNF Automatic variables in dnf.yml.

Bug Fixes

  • Adds support for a custom Barbican configuration file (barbican.conf), as only extended configuration stored under a barbican folder was supported.

  • Fixes loss of connectivity to the seed host after deploying seed services, when using a shared provisioning and admin network. This was caused by Bifrost configuring firewalld to only allow Ironic traffic. Kayobe now configures Bifrost to use the trusted zone, which allows all traffic.

  • Fix an issue when dnf proxy is set and python3-pip package fails during host configure.

  • Fixes a number of issues with using Kayobe on CentOS 8.3.

  • Fixes issues running the following commands:

    • kayobe baremetal compute inspect

    • kayobe baremetal compute manage

    • kayobe baremetal compute provide

    See story 2007797 for details.

  • The default value for controller_network_host_network_interfaces was updated to connect network hosts to all their required networks.

  • Fixes issues when network interfaces are configured without IP addresses. See story 2007900 for details.

  • Fixes an issue with Python setup when venv is not used. See story 2008378 for details.

  • Fixes an issue with seed VMs with multiple network interfaces where interfaces could come up in a different order if the VM is recreated. The interfaces are now created in alphabetical order of their Kayobe network name by default. See story 2007259 for details.

  • Kayobe now updates openrc files when using the kayobe overcloud service upgrade command.

  • Fixes generation of pip configuration when using a pip proxy without a local mirror.

  • Changes the value of OS_ENDPOINT_TYPE, OS_MANILA_ENDPOINT_TYPE, and OS_MISTRAL_ENDPOINT_TYPE in to use publicURL, which should fix issues with legacy CLI tools on hosts without access to the internal API. See story 2007950 for details.

  • Removes the ifcfg-eth0 network interface configuration file when not required, using a new version of the MichaelRigaert.interfaces Ansible role. This file ships with CentOS 8 cloud images and can prevent the network service from starting successfully when no eth0 interface is present or being configured. See story 2007913 for details.

  • Fix the implementation of the kayobe seed hypervisor host package update command, which was incomplete. See story 2008458 for details.

  • Fixes an issue with seed service deployment where modifying the overcloud image fails on a CentOS 8.1 host with a CentOS 8.2 bifrost_deploy container, by updating the default image for the seed VM to CentOS 8.2. See story 2007942 for details.