Queens Series Release Notes


New Features

  • Docker logs are no longer allowed to grow unbounded and have been limited to a fixed size per container. Two new variables have been added, docker_log_max_file and docker_log_max_size which default to 5 and 50MB respectively. This means that for each container, there should be no more than 250MB of Docker logs.

Upgrade Notes

  • The Keystone fernet key rotation scheduling algorithm has been modified to avoid issues with over-rotation of keys.

    The variables fernet_token_expiry, fernet_token_allow_expired_window and fernet_key_rotation_interval may be set to configure the token expiry and key rotation schedule.

    By default, fernet_token_expiry is 86400, fernet_token_allow_expired_window is 172800, and fernet_key_rotation_interval is the sum of these two variables. This allows for the minimum number of active keys - 3.

    See bug 1809469 for details.

Bug Fixes

  • Adds system hostnames to /etc/hosts, if different from short hostnames. This can fix live migration of Nova instances in some contexts. See bug 1830023 for details.

Other Notes

  • While Kolla Ansible now avoids duplicating Nova cells when messaging or database connection information are changed, operators of existing deployments should perform a manual cleanup of duplicate cells using the nova-manage cell_v2 command from a container running the nova_api image, leaving only two cells, one named cell0 and another one with the right connection information.


New Features

  • Adds support for configuring a default gateway to be used in the Ironic Inspector inspection network. This is configured via the ironic_dnsmasq_default_gateway variable, and is not set by default.

  • Set docker runtime directory by configure the docker daemon.An operator named “docker_runtime_directory” will be add.


New Features

  • Add support of custom configuration files for grafana.

  • Added new parameter in kolla_docker to support configuring TTY in containers, value is False by default

Upgrade Notes

  • The neutron-vpnaas-agent has been loaded just inside of the existing l3 agent rather than requiring operators to run a completely different binary with a subclass of the existing L3 agent.

Deprecation Notes

  • As neutron-vpnaas-agent can be loaded by the neutron l3 agent, neutron-vpnaas standalone mode is not supported. We have already removed the neutron-vpnaas-agent container, currently, there is no need to keep this role.


New Features

  • Adds support for installing python dependencies into a virtualenv on remote hosts.

    Installing python packages directly to the system site-packages can cause various problems, in particular when pip overwrites a system package. Python virtualenvs are one solution to this issue, as they allow python packages to be installed in an isolated environment. Typically we will need to enable use of system site-packages from within this virtualenv, to support the use of modules such as yum, apt, and selinux, which are not available on PyPI.

    The path to the virtualenv is configured via the virtualenv variable, and access to site-packages is controlled via virtualenv_site_packages. The default value for virtualenv is None, in which case the old behaviour of installing packages directly to the system site-packages is maintained.

    When executing other kolla-ansible commands, the variable ansible_python_interpreter should be set to the python interpreter installed in virtualenv. Note that this variable cannot be templated.



Specify Ansible “become” for only necessary tasks.

New Features

  • Add designate-producer ansible role. Orchestrates periodic tasks that are run by designate.

  • Allow use of separate backends for oslo.messaging rpc and notification.

  • Add CephFS driver support to manila

  • Add dvr_no_external l3 dvr agent mode. Introduce inner-compute and external-compute nodes group in inventory file to distinguish compute nodes which do not have external reachability from compute nodes which can reach outside.

  • Add Neutron SRIOV agent container The Neutron SRIOV agent changed from optional to required in the Mitaka release. This container runs on compute nodes to enable the use of Neutron SRIOV.

  • Add a new parameter for changing selinux state. The default value is “permissive”. Update a parameter named “disable_selinux”, use “change_selinux” instead of it.

  • Add vitrage ansible role

  • Allow cinder-volume to use Oracle ZFS Storage Appliance iSCSI backend.

  • Implemented support for using ansible-vault passwords in kolla-ansible command to decrypt /etc/kolla/passwords.yml.

  • Adds Docker volumes for storing persistent data in the bifrost_deploy container on the deployment host.

  • Adds a kolla_logs Docker volume for storing logs generated by services running in the bifrost_deploy container on the deployment host. These logs are not currently processed by fluentd.

  • Blazar services deployment method is implemented

  • Kolla-Ansible now supports creating a monitoring user for RabbitMQ. As an operator I want to be able to monitor the status of RabbitMQ by collecting metrics such as queue length, message rates (globally and per channel), and information about resource usage on the host, such as memory use, open file descriptors and the state of the cluster. Whilst it is possible to gather all of this information using the OpenStack RabbitMQ user configured by Kolla Ansible, this user has write access to the OpenStack vhost. This feature adds a monitoring user which has access to all of the information described above, but does not have write access. An example of a service which may use the monitoring user is the RabbitMQ plugin for the Monasca Agent. As not all users will configure monitoring, by default the monitoring user is disabled. To create it, the user should override the rabbitmq_monitoring_user variable.

  • Update container_proxy with configurable proxy settings Added three new properties:

    • container_http_proxy

      This defaults to an empty string. To set a proxy adjust this property to something like “http://proxy-server.organization.com:port

    • container_https_proxy

      This defaults to an empty string. To set a proxy adjust this property to something like “https://proxy-server.organization.com:port

    • container_no_proxy

      This defaults to some preconfigured settings which should suit. If needed this can also be adjusted.

  • Update designate to allow use of external bind9 dns servers. Added two new properties:

    • designate_backend_external

      This defaults to ‘no’, and can be enabled by setting it to ‘bind9’

    • designate_backend_external_bind9_nameservers

      This defaults to an empty string, and should be populated with a csv list of external bind9 dns server addresses.

    • Configuration override files to align with external bind9 dns servers must be supplied manually,

      • /etc/kolla/config/designate/rndc.key

      • /etc/kolla/config/designate/rndc.conf

  • This feature enables volume snapshots for NFS Cinder driver. NFS volume snapshots appeared in Ocata release and require libvirt >= 1.2.7

  • Added enable_external_mariadb_load_balancer flag

  • Added use_preconfigured_databases flag in order to add support for previously created databases / users

  • Added use_common_mariadb_user in order to allow the use of a common database user across all databases

  • Adds ability to configure custom fluentd filters.

    In some scenarios it may be useful to apply custom filters to logs before forwarding them. This may be useful to add additional tags to the messages or to modify the tags to conform to a log format that differs from the one defined by kolla-ansible.

    Configuration of custom fluentd filters is possible by placing filter configuration files in /etc/kolla/config/fluentd/filter/*.conf on the control host.

  • Adds ability to configure custom fluentd outputs.

    In some scenarios it may be useful to configure custom fluentd outputs to forward logs to a logging service other than elasticsearch.

    Configuration of custom fluentd outputs is possible by placing output configuration files in /etc/kolla/config/fluentd/output/*.conf.

  • Glance can now be developed on using Kolla ‘dev mode’.

  • Added horizon_keystone_multidomain flag for horizon multidomain support. This flag can be overriden in globals.yml. Default value: False

  • Implement ceph-mgr service

  • Implement ceph-nfs service, Nfs-ganesha can be used as a proxy when mounting ceph file shares.

  • Cephfs is implemented

  • Implement Cinder minimal downtime upgrade procedure.

  • Implement keystone zero-downtime upgrade procedure

  • Move storage backend passwords from main.yml to /etc/kolla/passwords.yml

  • Adds a new argument to the kolla-ansible command, --skip-tags TAGS. This argument is passed through directly to ansible-playbook.

  • Add “become” to necessary tasks of general roles.

  • Add “become” to necessary tasks of default roles.

Upgrade Notes

  • On upgrade NFS Cinder snapshots will be activated. One can prohibit this by setting nfs_snapshot_support = False in /etc/kolla/config/cinder/cinder-volume.conf, section ‘[nfs-1]’.

  • Before upgrading one needs to set Hitachi NAS and Oracle ZFSSA passwors in /etc/kolla/passwords.yml file.

  • The vmware_dvs_host_password, vmware_nsxv_password, and vmware_vcenter_host_password parameters moved to the passwords.yml file.

  • The following files /etc/kolla/config/database.conf and /etc/kolla/config/messaging.conf used to generate Openstack services config files are redundant with /etc/kolla/config/global.conf. They have been removed in order to simplify codebase.

Bug Fixes

  • Change the service listening port of MDNS by dns_interface.

  • Fixes an issue where the Bare Metal Inspection service was configured to communicate with the Bare Metal service via the public API interface. Communication is now via the internal API interface.

  • Fixes a bug where the Baremetal Introspection service’s public endpoint registered in the Identity service referenced the internal API endpoint.