Yoga Series Release Notes


Bug Fixes

  • Adds missing Ansible group following the addition of support in Kolla Ansible for forwarding Prometheus alerts to Microsoft Teams.

  • Fixes an error when generating passwords.yml if an unencrypted file exists but a password has been supplied.


New Features

  • Updates base CentOS Stream 8 cloud image to CentOS-Stream-GenericCloud-8-20220913.0.x86_64.


Bug Fixes

  • Fixes an issue with nclu-switch command ordering, when description was applied first to a non-existent (virtual) interface. See story 2010279 for details.


Upgrade Notes

  • Updates base Rocky Linux 8 cloud image to Rocky-8-GenericCloud.latest.x86_64.qcow2

Bug Fixes

  • Fixes an issue where a custom playbook using become_user could fail when setting permissions on temporary files. The acl package is now installed on all systems by default.


Bug Fixes

  • Fixes an issue with undefined kolla_enable_hacluster variable.


Bug Fixes

  • Fixes an issue where hacluster images are not built when the service is enabled.

  • Fixes an issue where the MTU defined in Kayobe was not applied to Ironic provisioning and cleaning networks in Neutron.


New Features

  • Adds dependencies for EFI and LVM based overcloud images.

  • Adds support for custom Placement configuration.

  • Adds support for custom Horizon themes.

  • Adds support for setting root filesystem’s UUID via a new variable kolla_bifrost_deploy_image_rootfs. This is useful when deploying overcloud hosts with software RAID based root disk devices.

  • Adds the kolla_ansible_venv_ansible configuration option. This allows you to override the version of ansible installed in the kolla-ansible virtualenv.

  • Adds support for global configuration options for Apt in files in /etc/apt/apt.conf.d/ on Ubuntu systems. See story 2009655 for details.

  • Adds support for configuring Apt repositories on Ubuntu hosts. See story 2009655 for details.

  • Add the bonding 802.3ad aggregation selection option.

  • Adds support for building overcloud root disk images directly with DIB rather than through Bifrost. This includes support for building multiple images, each with a different configuration. See story 2002098 for details.

  • Add support for a state parameter in repositories listed in dnf_custom_repos.

  • Enables hardware clock (RTC) synchronisation by default when applying the chrony role. This setting is configurable with the new variable chrony_rtcsync_enabled.

  • Improves error handling by adding a top-level playbook for the kayobe * host configure and kayobe * host upgrade commands. This ensures that if a host fails during a host configuration command, other hosts are able to continue to completion. This is useful at scale, where host failures occur more frequently. See story 2009854 for details.

  • Adds support for inspection of L3-routed Ironic networks via DHCP-relay.

  • The new filter net_no_ip adds the attribute no_ip which can be set to true to skip IP address allocation and configuration for specific networks.

  • Adds support for running a libvirt daemon on the host, rather than in a container. This is done by setting kolla_enable_nova_libvirt_container to false. See story 2009858 for details.

  • Adds support for configuring HTTP(S) proxy settings using the http_proxy, https_proxy and no_proxy variables in proxy.yml. These variables are passed down to Kolla Ansible which uses them to configure Docker, allowing container image pull operations and container networking to use HTTP(S) proxies.

  • Adds a new variable seed_hypervisor_enable_snat that allows users to enable SNAT service on the seed hypervisor. The default value is false.

  • Adds support for Rocky Linux 8 as Host OS.

  • Adds support for running package updates on Ubuntu hosts via the following existing commands:

    • kayobe seed host package update --packages <packages>

    • kayobe seed hypervisor host package update --packages <packages>

    • kayobe infra vm host package update --packages <packages>

    • kayobe overcloud host package update --packages <packages>

  • Updates base CentOS Stream cloud image to CentOS-Stream-GenericCloud-8-20210603.0.x86_64.

Upgrade Notes

  • Updates the maximum supported version of Ansible from 4.x (ansible-core 2.11) to 5.x (ansible-core 2.12). The minimum supported version is updated from 2.10 to 4.x. This is true for both Kayobe and Kolla Ansible. Note that environments with Python 3.7 or lower (e.g. CentOS Stream 8) will be limited to Ansible 4.x (ansible-core 2.11).

  • Upgrading directly from Ansible 2.10 to Ansible 4 or later is known to cause problems. You should uninstall ansible and ansible-base before upgrading your Kayobe virtual environment:

    pip uninstall ansible ansible-base
  • The default value of dnf_install_epel has been changed to false. This means that the EPEL DNF repository is no longer installed by default. Neither existing EPEL repositories nor the epel-release package will be removed. If necessary, EPEL may be enabled by setting dnf_install_epel to true in dnf.yml. See story 2009757 for details.

  • Removes support for deploying vmtp, following its removal from Kolla.

  • Starting with Yoga, Ironic has changed the default PXE from plain PXE to iPXE. Kayobe follows this upstream decision but allows users to revert to the previous default of plain PXE. For details, please refer to Kolla Ansible’s documentation.

  • The variable kolla_tls_cert which was deprecated in the Train release has been removed. Use kolla_external_tls_cert instead.

Security Issues

  • Fixes an issue where any passwords in kolla_ansible_custom_passwords were exposed in Ansible logs. When using verbosity level 3 (-vvv), they were also exposed in Ansible output.

Bug Fixes

  • Ironic inspection through Bifrost now work even if DHCP-relay is used. The dhcp-range in dnsmasq.conf corrctly configured with network mask.

  • In production environments, the provision network may be separated from the other networks, so in this case, if you want Bifrost’s DHCP service provides the correct gateway for the clients the inspection_gateway should be used instead of the gateway attribute for the provision network. This also avoids configuring the multiple IP gateways on a single host which leads to unpredictable results.

  • Fixes an issue where the Neutron SR-IOV agent image is not built when the service is enabled.

  • Fixes an issue with idempotence of local Kolla Ansible configuration generation.

  • Fixes an issue with the seed’s configdrive when the admin network is a VLAN. See story 2008089 for details.

  • Enables deployment of Grafana when Monasca is enabled, as a replacement for the retired monasca-grafana image. See story 2009717 for details.

  • Fixes some issues seen when using the --check argument with kayobe overcloud host configure. See story 2004798.

  • is now only generated if the file generated by Kolla Ansible exists. This fixes an issue where the task would fail, when running in a clean environment, with a set of Kolla Ansible tags that did not include the generation of See story 2009323.

  • Fixes Ansible inventory generation with some custom group mappings using the same group names for Kayobe and Kolla Ansible. See story 2009927 for details.

  • The set of commands starting with kayobe overcloud database now generate the kolla configuration necessary to login to the nodes running the database.

  • Fixes an issue with config drive generation for infrastructure and seed VMs when using untagged interfaces. The symptom of this issue is that kayobe cannot login to the instance. If you check the libvirt console log, you will see KeyError: 'vlan_link'. See story 2009910 for details.

  • Fixes a failure to detect the Kayobe installation prefix when lib is present multiple times in the installation path. See story 2009721 for details.

  • Fixes an issue with IPA image builds which used the master branch of ironic-python-agent, even on stable releases of Kayobe, or when explicitly setting ipa_build_source_version.

  • Fixes an issue seen when using Jinja2 3.1.0.

  • Fixes an issue where any passwords in kolla_ansible_custom_passwords were exposed in Ansible logs. When using verbosity level 3 (-vvv), they were also exposed in Ansible output.

  • Fixes an issue where patch links could be erroneously created on hosts not in the overcloud group. See Story 2009911 for details.

  • Deployment image (IPA) build no longer uses master version of upper-constraints. Instead, it defaults to using the constraints for the OpenStack release associated with the version of Kayobe being used. See story 2009810 for details.

  • Fixes failures to run kayobe overcloud bios raid configure by upgrading the stackhpc.drac role to version 1.1.6.

  • Fixes an issue where cached seed VM images are unnecessarily owned by root. See story 2009277 for details.

  • Fixes an issue with masking NTP services which are not found. See story 2009821 for details.