Current Series Release Notes

22.0.0.0rc1-46

New Features

  • Add support for VAST cinder driver.

  • Adds support for serving architecture-specific Ironic Python Agent images for mixed x86_64 and aarch64 iPXE deployments.

  • The nova_libvirt container now runs virtlogd as a sidecar alongside libvirtd, and qemu.conf is configured with stdio_handler = "logd" so that libvirt routes instance console chardevs through virtlogd. This allows guest console logs to be rotated according to /etc/libvirt/virtlogd.conf (by default 2MB per file with 3 backups), instead of growing without bound as they did when stdio_handler was set to "file".

    Note that existing instances must be hard rebooted to pick up the new console handler, as the chardev mode is fixed at qemu launch.

  • Add Alertmanager container healthcheck support.

  • Removed obsolete configuration options from the Horizon local_settings.py template:

    • TEMPLATE_DEBUG: No longer supported

    • enable_lb, enable_firewall, and enable_vpn: These keys inside OPENSTACK_NEUTRON_NETWORK are now invalid.

Upgrade Notes

  • Support for networking-infoblox, to use Infblox as neutron’s IPAM backend, has been removed. The networking-infoblox project is unmaintained.

  • The [redis:children] inventory group, redis_master_password password, and all Redis-to-Valkey migration code, which were kept for migration purposes since the Gazpacho (2026.1) release, have now been removed. Operators should remove redis_master_password from their passwords.yml file.

  • The default value of update_keystone_service_user_passwords has changed from true to false. Previously, service user passwords were updated on every reconfigure run, which invalidated existing Keystone tokens and could cause service disruptions. With the new default, passwords are only set at user creation time. Operators who wish to force password rotation on reconfigure must explicitly set update_keystone_service_user_passwords to true in globals.yml.

Bug Fixes

  • Fixes overly restrictive permissions on certificates in /var/lib/kolla/share/ca-certificates path in containers that require access to these certificates.

  • Fixed a stray trailing quote in the barbican_api healthcheck command that caused containers to be falsely reported as unhealthy. LP#2157639

  • Fixes the Ironic temp directory causing invalid cross device links when deploying baremetal images using the virtualmedia boot interface.

  • Fixes an issue in the Docker container worker where reconfiguring containers with cpuset_cpus or cpuset_mems dimensions could fail with an IndexError when the existing container had no explicit cpuset constraint configured.

Other Notes

  • This release exposes additional configuration options for OpenStack Compute consoles which utilize the SPICE protocol. You can now require that such consoles use channels secured by TLS using the nova_spice_require_secure configuration option. This option defaults to false as it implies that TLS certificates have been distributed to your nova-compute nodes.