Current Series Release Notes

14.0.0.0rc1-104

Prelude

Support for binary images got removed in Zed. Users are requested to migrate to source based images.

New Features

  • Updates Alertmanager version to 0.24.0.

  • CentOS Stream 9 is now used instead of CentOS Stream 8.

  • Nova instances can use TPM emulation (via “swtpm”).

  • Updates the OpenStack exporter for Prometheus to version 1.6.0.

  • prometheus-ovn-exporter image has been added.

  • Quiet mode (enabled with --quiet argument) can be combined with --logs-dir option now. Console output will be quiet as expected while building output will be stored in separate log files.

  • Adds Rocky Linux 9 support.

  • Added an –repos-yaml argument to allow user to provide own file with definitions of external package repositories. Useful for those building in offline environments with set of internal mirrors.

Upgrade Notes

  • Change kolla_version label to git sha-1 if images are built with kolla from git.

  • To fix CVE-2022-38060, support for KOLLA_CONFIG and KOLLA_CONFIG_FILE environment variables in kolla-built containers has been dropped. Now, only the single trusted path of /var/lib/kolla/config_files/config.json will be utilised for loading container config. We believe this is a reasonable tradeoff as these environment variables were not used by any known downstream and potential users in the wild can easily adapt as this does not limit the functionality per se, only making it stricter as to where the config can come from.

  • Bump prometheus services to latest version. blackbox_exporter -> 0.22.0 prometheus_cadvisor -> 0.45.0 elasticsearch_exporter -> 1.5.0 haproxy_exporter -> 0.13.0 prometheus_libvirt_exporter -> 2.3.2 memcached_exporter_version -> 0.10.0 prometheus_msteams -> 1.5.1 prometheus_mtail -> v3.0.0-rc50 mysqld_exporter -> 0.14.0 node_exporter -> 1.3.1 prometheus -> 2.38.0

  • Python 3.6 & 3.7 support has been dropped. The minimum version of Python now supported is Python 3.8.

  • The qdrouterd image has been dropped.

  • etcd is now installed from the upstream binaries published to github rather than via the OS package manager. This aligns the etcd version across all distributions for compatibility.

  • Kolla Build no longer prepends the base (distro) name to image names. Instead, the user is able to choose any prefix they wish via the image_name_prefix setting.

  • The updated OpenStack exporter for Prometheus uses the latest Nova API microversion by default, resulting in changes to existing metrics. To keep existing behaviour, set prometheus_openstack_exporter_compute_api_version to 2.1.

  • RabbitMQ version has been updated to 3.10 (together with Erlang to 25).

  • The Debian and Ubuntu images use rabbitmq and erlang from cloudsmith now. Operators might want to mirror/proxy this new source as it provides the correct set of packages unlike the previous combination.

Deprecation Notes

  • The hacluster-pcs image has been deprecated for removal in the A release.

  • Use of install_type argument is now deprecated. We no longer support other values than source therefore handling of argument was dropped. Please update your scripts as it will be removed in A-cycle.

Security Issues

  • Fixes CVE-2022-38060, a sudo privilege escalation vulnerability. LP#1985784

Bug Fixes

  • The apt-get update command by default didn’t fail on erroneous source repositories, it show the warning ‘W: Some index files failed to download. They have been ignored, or old ones used instead.’ and continue to work. This causes some containers (eg. rabbitmq, kolla-toolbox) successfully built, but makes them inconsistent because the official Ubuntu repository contains packages with the same names. Now we use apt-get -eany update command to stop building with an error in such cases.

  • Fixes CentOS builds of Skydive SEGV on startup. Skydive versions prior to 0.28.0 panic on newer versions of libc. This especially affects Centos 8. LP#1940862

  • Fixes an issue building images that use a source with a type of git, when using a git that includes the fix for CVE-2022-24765 (2.35.2 or later). By default, this includes the gnocchi-base image, but may include other images with a non-default configuration. LP#837710

  • Fixes the Debian and Ubuntu images to use rabbitmq and erlang from cloudsmith so that the images are still buildable and use proper versions.

Other Notes

  • Added ‘–retry 5’ to curlrc to improve curl downloads during image builds.