Queens Series Release Notes¶
Docker logs are no longer allowed to grow unbounded and have been limited to a fixed size per container. Two new variables have been added, docker_log_max_file and docker_log_max_size which default to 5 and 50MB respectively. This means that for each container, there should be no more than 250MB of Docker logs.
The Keystone fernet key rotation scheduling algorithm has been modified to avoid issues with over-rotation of keys.
fernet_key_rotation_intervalmay be set to configure the token expiry and key rotation schedule.
fernet_token_allow_expired_windowis 172800, and
fernet_key_rotation_intervalis the sum of these two variables. This allows for the minimum number of active keys - 3.
See bug 1809469 for details.
Adds system hostnames to
/etc/hosts, if different from short hostnames. This can fix live migration of Nova instances in some contexts. See bug 1830023 for details.
While Kolla Ansible now avoids duplicating Nova cells when messaging or database connection information are changed, operators of existing deployments should perform a manual cleanup of duplicate cells using the
nova-manage cell_v2command from a container running the
nova_apiimage, leaving only two cells, one named
cell0and another one with the right connection information.
Adds support for configuring a default gateway to be used in the Ironic Inspector inspection network. This is configured via the
ironic_dnsmasq_default_gatewayvariable, and is not set by default.
Set docker runtime directory by configure the docker daemon.An operator named “docker_runtime_directory” will be add.
Add support of custom configuration files for grafana.
Added new parameter in kolla_docker to support configuring TTY in containers, value is False by default
The neutron-vpnaas-agent has been loaded just inside of the existing l3 agent rather than requiring operators to run a completely different binary with a subclass of the existing L3 agent.
As neutron-vpnaas-agent can be loaded by the neutron l3 agent, neutron-vpnaas standalone mode is not supported. We have already removed the neutron-vpnaas-agent container, currently, there is no need to keep this role.
Adds support for installing python dependencies into a virtualenv on remote hosts.
Installing python packages directly to the system site-packages can cause various problems, in particular when pip overwrites a system package. Python virtualenvs are one solution to this issue, as they allow python packages to be installed in an isolated environment. Typically we will need to enable use of system site-packages from within this virtualenv, to support the use of modules such as yum, apt, and selinux, which are not available on PyPI.
The path to the virtualenv is configured via the
virtualenvvariable, and access to site-packages is controlled via
virtualenv_site_packages. The default value for
virtualenvis None, in which case the old behaviour of installing packages directly to the system site-packages is maintained.
When executing other kolla-ansible commands, the variable
ansible_python_interpretershould be set to the python interpreter installed in
virtualenv. Note that this variable cannot be templated.
Specify Ansible “become” for only necessary tasks.
Add designate-producer ansible role. Orchestrates periodic tasks that are run by designate.
Allow use of separate backends for oslo.messaging rpc and notification.
Add CephFS driver support to manila
Add dvr_no_external l3 dvr agent mode. Introduce inner-compute and external-compute nodes group in inventory file to distinguish compute nodes which do not have external reachability from compute nodes which can reach outside.
Add Neutron SRIOV agent container The Neutron SRIOV agent changed from optional to required in the Mitaka release. This container runs on compute nodes to enable the use of Neutron SRIOV.
Add a new parameter for changing selinux state. The default value is “permissive”. Update a parameter named “disable_selinux”, use “change_selinux” instead of it.
Add vitrage ansible role
Allow cinder-volume to use Oracle ZFS Storage Appliance iSCSI backend.
Implemented support for using ansible-vault passwords in kolla-ansible command to decrypt
Adds Docker volumes for storing persistent data in the
bifrost_deploycontainer on the deployment host.
kolla_logsDocker volume for storing logs generated by services running in the
bifrost_deploycontainer on the deployment host. These logs are not currently processed by fluentd.
Blazar services deployment method is implemented
Kolla-Ansible now supports creating a monitoring user for RabbitMQ. As an operator I want to be able to monitor the status of RabbitMQ by collecting metrics such as queue length, message rates (globally and per channel), and information about resource usage on the host, such as memory use, open file descriptors and the state of the cluster. Whilst it is possible to gather all of this information using the OpenStack RabbitMQ user configured by Kolla Ansible, this user has write access to the OpenStack vhost. This feature adds a monitoring user which has access to all of the information described above, but does not have write access. An example of a service which may use the monitoring user is the RabbitMQ plugin for the Monasca Agent. As not all users will configure monitoring, by default the monitoring user is disabled. To create it, the user should override the rabbitmq_monitoring_user variable.
Update container_proxy with configurable proxy settings Added three new properties:
This defaults to an empty string. To set a proxy adjust this property to something like “http://proxy-server.organization.com:port”
This defaults to an empty string. To set a proxy adjust this property to something like “https://proxy-server.organization.com:port”
This defaults to some preconfigured settings which should suit. If needed this can also be adjusted.
Update designate to allow use of external bind9 dns servers. Added two new properties:
This defaults to ‘no’, and can be enabled by setting it to ‘bind9’
This defaults to an empty string, and should be populated with a csv list of external bind9 dns server addresses.
Configuration override files to align with external bind9 dns servers must be supplied manually,
This feature enables volume snapshots for NFS Cinder driver. NFS volume snapshots appeared in Ocata release and require libvirt >= 1.2.7
[blueprint external-mariadb-support] Added External MariaDB server/cluster support
Added enable_external_mariadb_load_balancer flag
Added use_preconfigured_databases flag in order to add support for previously created databases / users
Added use_common_mariadb_user in order to allow the use of a common database user across all databases
Adds ability to configure custom fluentd filters.
In some scenarios it may be useful to apply custom filters to logs before forwarding them. This may be useful to add additional tags to the messages or to modify the tags to conform to a log format that differs from the one defined by kolla-ansible.
Configuration of custom fluentd filters is possible by placing filter configuration files in
/etc/kolla/config/fluentd/filter/*.confon the control host.
Adds ability to configure custom fluentd outputs.
In some scenarios it may be useful to configure custom fluentd outputs to forward logs to a logging service other than elasticsearch.
Configuration of custom fluentd outputs is possible by placing output configuration files in /etc/kolla/config/fluentd/output/*.conf.
Glance can now be developed on using Kolla ‘dev mode’.
horizon_keystone_domain_choiceshash. It can be used to set the available domains to choose from on the horizon login page. This feature was introduced in pike release. https://docs.openstack.org/horizon/latest/configuration/settings.html#openstack-keystone-domain-choices
Added horizon_keystone_multidomain flag for horizon multidomain support. This flag can be overriden in globals.yml. Default value: False
Implement ceph-mgr service
Implement ceph-nfs service, Nfs-ganesha can be used as a proxy when mounting ceph file shares.
Cephfs is implemented
Implement Cinder minimal downtime upgrade procedure.
Implement keystone zero-downtime upgrade procedure
Move storage backend passwords from main.yml to /etc/kolla/passwords.yml
Adds a new argument to the
--skip-tags TAGS. This argument is passed through directly to
Add “become” to necessary tasks of general roles.
Add “become” to necessary tasks of default roles.
On upgrade NFS Cinder snapshots will be activated. One can prohibit this by setting nfs_snapshot_support = False in /etc/kolla/config/cinder/cinder-volume.conf, section ‘[nfs-1]’.
Before upgrading one needs to set Hitachi NAS and Oracle ZFSSA passwors in /etc/kolla/passwords.yml file.
The vmware_dvs_host_password, vmware_nsxv_password, and vmware_vcenter_host_password parameters moved to the passwords.yml file.
The following files /etc/kolla/config/database.conf and /etc/kolla/config/messaging.conf used to generate Openstack services config files are redundant with /etc/kolla/config/global.conf. They have been removed in order to simplify codebase.
Change the service listening port of MDNS by dns_interface.
Fixes an issue where the Bare Metal Inspection service was configured to communicate with the Bare Metal service via the public API interface. Communication is now via the internal API interface.
Fixes a bug where the Baremetal Introspection service’s public endpoint registered in the Identity service referenced the internal API endpoint.