Current Series Release Notes

New Features

  • Adds a new variable prometheus_ceph_exporter_interval for controlling Ceph’s metrics scrape interval.

  • Exposes a flag, bifrost_enable_ironic_inspector, to enable ironic-inspector in Bifrost. This option defaults to True as it can be useful for backwards compatability. It is still possible to use native in-band inspection when Ironic Inspector is enabled by setting inspect_interface to agent. Please see the Ironic documentation for more details.

  • Implements [Configure tap-as-a-service plugin on neutron containers]. Adds the needed changes and configurations in order to use the neutron plugin, tap-as-a-service, to create por mirrors using openstack tap commands. Blueprint configure-taas-plugin

  • Implements [Enable Fluentd Plugin Systemd]. Adds the needed changes and configurations in order to use the fluentd plugin, systemd, to read logs from /var/log/journal by default. This allows us to read and manipulate this logs for monitoring purposes.

    These logs will be sent to OpenSearch by default, to disable this behavior, set the value of the variable enable_fluentd_systemd to false in the configuration file /etc/kolla/globals.yml.

    By default, when enabling central logging, we also enable the systemd plugin. To disable this behavior when central logging is enabled, set the value of the variable enable_fluentd_systemd to false in the configuration file /etc/kolla/globals.yml.

    fluent-plugin-systemd source:

    Blueprint enable-fluent-plugin-systemd

  • Adds new variables to be used by the neutron role, neutron_dns_integration and neutron_dns_domain. They allow to enable/disable internal/external DNS integrations, or their combinations.

  • Removed configuration and deployment of prometheus-haproxy-exporter as its repository is now archived. We now use the native support for Prometheus which is now built into HAProxy. For consistency this is exposed on the prometheus_haproxy_exporter_port port. prometheus-haproxy-exporter containers and config are automatically removed.

  • Enable elevated access for project scoped service role in Ironic. Ironic recently started to enforce new policies and scope. And Ironic is one of the sole openstack project which need system scope for some admin related api calls. However Ironic also started to allow project-scope behaviour for service role with setting rbac_service_role_elevated_access. This change enables this setting to get similar behaviour of service role as other openstack projects.

  • Add the service role to ironic service users. Ironic recently enforced new policy validation and added service role support.

  • Adds support for setting the max fail percentage for Ansible plays via kolla_max_fail_percentage. It can also be set on a per-service basis, e.g. nova_max_fail_percentage.

  • Set a log retention policy for OpenSearch via Index State Management (ISM). Documentation.

Upgrade Notes

  • Changes configuration variable designate_enable_notifications_sink to no which configures notifications for designate in neutron, nova and control deployment of designate-sink which is now optional.

    Operators that want to keep the previous behavior should set this to true.

  • The grafana volume is no longer used. If you wish to automatically remove the old volume, set grafana_remove_old_volume to true. Note that doing this will lose any plugins installed via the cli directly and not through kolla. If you have previously installed Grafana plugins via the Grafana UI, or CLI, you must change to installing them at image build time. The grafana volume, which will contain existing custom plugins, will be automatically removed in the D release.

  • Due to the change from using the prometheus-haproxy-exporter to using the native support for Prometheus which is now built into HAProxy, metric names may have been replaced and/or removed, and in some cases the metric names may have remained the same but the labels may have changed. Alerts and dashboards may also need to be updated to use the new metrics. Please review any configuration that references the old metrics as this is not a backwards compatible change.

  • Horizon role was reworked to preffered local_settings.d configuration model. Files local_settings and custom_local_settings were renamed to and Users who use horizon’s custom configuration have to change the names of those files in /etc/kolla/config/horizon also.

  • Added log retention in OpenSearch, previously handled by Elasticsearch Curator. By default the soft and hard retention periods are 30 and 60 days respectively. If you are upgrading from Elasticsearch, and have previously configured elasticsearch_curator_soft_retention_period_days or elasticsearch_curator_hard_retention_period_days, those variables will be used instead of the defaults. You should migrate your configuration to use the new variable names before the Caracal release.

  • If credentials are updated in passwords.yml kolla-ansible is now able to update these credentials in the keystone database and in the on disk config files.

    The changes to passwords.yml are applied once kolla-ansible -i INVENTORY reconfigure has been run.

    If you want to revert to the old behavior - credentials not automatically updating during reconfigure if they changed in passwords.yml - you can specify this by setting update_keystone_service_user_passwords: false in your globals.yml.

    Notice that passwords are only changed if you change them in passwords.yml. This mechanism is not a complete solution for automatic credential rollover. No passwords are changed if you do not change them inside passwords.yml.

Bug Fixes

  • Fixes non-persistent Neutron agent state data. LP2009884

  • Starting with ansible-core 2.13, list concatenation format is changed which resulted in inability to override horizon policy files. See LP#2045660 for more details.

  • Fixes long service restarts while using systemd LP#2048130.

  • Fixes an issue with high CPU usage of the cAdvisor container by setting the per-container housekeeping interval to the same value as the Prometheus scrape interval. LP#2048223

  • Fixes Nova operations using the scp command, such as cold migration or resize, on Debian Bookworm. LP#2048700

  • Fixes configuration of nova-compute and nova-compute-ironic, that will enable exposing vendordata over configdrive. LP#2049607

  • Fixes mariadb role deployment when using Ansible check mode. LP#2052501

  • Updated configuration of service user tokens for all Nova and Cinder services to stop using admin role for service_token and use service role.

    See LP#[2004555] and LP#[2049762] for more details.

  • Fixes enabled usage audit notifications when they are not needed. See LP##2049503.

  • Fixes an idempotency issue in the OpenSearch upgrade tasks where subsequent runs of kolla-ansible upgrade would leave shard allocation disabled. LP#2049512

  • Fixes Docker health check for the sahara_engine container. LP#2046268

  • Fix a trove deployment bug where trove guest-agent failed to connect to RabbitMQ due to the missing of the oslo_messaging_rabbit config in guest-agent.conf. see bug 2048822

  • Fix trove failed to discover swift endpoint due to the missing of service_credentials in guest-agent.conf. see bug 2048829

  • Fixes bug #2039498 where the grafana docker volume was bind mounted over Grafana plugins installed at image build time. This is fixed by copying the dashboards into the container from an existing bind mount instead of using the grafana volume. This however leaves behind the volume which can be removed by setting grafana_remove_old_volume to true. Please note that any plugins installed via the cli directly and not through kolla will be lost when doing this. In a future release grafana_remove_old_volume will default to true.

  • Added log retention in OpenSearch, previously handled by Elasticsearch Curator, now using Index State Management (ISM) OpenSearch bundled plugin. LP#2047037.

  • Changes to service user passwords in passwords.yml will now be applied when reconfiguring services.

    This behaviour can reverted by setting update_keystone_service_user_passwords: false.

    Fixes LP#2045990

New Features

  • Adds support for copying in {{ node_custom_config }}/magnum/kubeconfig to Magnum containers for magnum-cluster-api driver.