Ussuri Series Release Notes


New Features

  • Adds Cyrus SASL packages necessary for the DIGEST-MD5 and SCRAM-SHA-256 mechanisms. These can be used for libvirt SASL authentication. LP#1964013

  • Quiet mode (enabled with --quiet argument) can be combined with --logs-dir option now. Console output will be quiet as expected while building output will be stored in separate log files.

Upgrade Notes

  • The Debian and Ubuntu images use rabbitmq and erlang from cloudsmith now. Operators might want to mirror/proxy this new source as it provides the correct set of packages unlike the previous combination.

Critical Issues

  • CentOS Linux 8 (non-Stream) support has been dropped, since repositories have been removed from CentOS mirrors - see announcement.

Security Issues

  • Adds mitigation for Apache Log4j 2 Remote Code Execution (RCE) vulnerabilities CVE-2021-44228 and CVE-2021-45046 to Apache Storm.

Bug Fixes

  • Fixes an issue when older version of Python OpenvSwitch bindings package was used, than the running OpenvSwitch code. LP#1961874

  • Fixes problems when running with docker-py >=6. LP#1988121

  • Fixes “Permission denied” issue for swift-recon tool that appears when swift-recon tool tries to access deafult recon_lock_path

  • Fixes disabling the use of the curlrc configuration file in healthcheck_curl. LP#1967272

  • Fixes an issue seen when using Jinja2 3.1.0.

  • Ensures the nvme-cli package is present in nova-compute images, as it expected by os-brick.

  • Fixes the Debian and Ubuntu images to use rabbitmq and erlang from cloudsmith so that the images are still buildable and use proper versions.

Other Notes

  • CentOS images (only source, not binary) are now buildable using CentOS Stream 8 as base.


New Features

  • Improve the way offline scenario are supported:
    • Switching dumb-init installation to distribution provided packages.

Upgrade Notes

  • Debian now uses upstream MariaDB repos (thus following Ubuntu images). This is done to avoid issues like the related one and have an easy workaround of pinning to chosen MariaDB version if need arises. Operators may want to reflect this in their repo mirrors and proxies. LP#1944410

Bug Fixes

  • Adds an option to the monasca-thresh container which checks if the topology is currently submitted (KOLLA_BOOTSTRAP), with an option to kill it (TOPOLOGY_REPLACE). Topology names and various timeouts may be customized. LP#1808805

  • Fixes missing boto3 library required by glance_store. LP#1884259

  • Fixes an issue with cinder-volume missing lsscsi and nvme commands on Debian and Ubuntu. LP#1942038


Upgrade Notes

  • RabbitMQ and Erlang packages are now installed from (and PPA for Debian/Ubuntu) since is getting shut down May 1st, 2021.

  • The sensu images which were deprecated in the Ussuri cycle has been removed.

Bug Fixes

  • Fixes an issue with Swift containers failing to start in Ubuntu binary images. LP#1905279

  • Fixes an issue with the kolla_set_configs --check command when the compared files are non-Unicode. LP#1913952

  • Fixes location of monitoring_policy in Horizon, so access policy is correctly enforced. Note that by current default, admin doesn’t not have Monitoring access. LP#1928408

  • Fix support for kolla install in ~/.local. LP#1930544

  • Fixes issues arising from the lack of Debian updates repo being enabled. LP#1931544

  • Fixes Mistral source images to respect upper-constraints.

Other Notes

  • Debian images enable the Debian updates repo now. This is aligned with the base Debian image.


New Features

  • Add a Monasca app plugin for the Monasca fork of Grafana. Plugin provides screens for viewing or configuring: Alarm Definitions, Alarms and Notifications

Upgrade Notes

  • Kolla now no longer supports CentOS 8.2 and below. This is to support CentOS 8.3 without extra workarounds (please see the fixes section for more details). The promise is to support the latest CentOS 8 release which is 8.3 now.

  • Source based builds will now install OpenStack projects code from stable tarballs, compared to versioned (released point versions) ones as before.

Bug Fixes

  • Fixes the FC Cinder backend usage in Nova. LP#1884484

  • Logstash 6 introduced in Centos 8 in Train release comes with log4j2 configuration that does not remove old compressed logs after rotation Log rotation config backported from Logstash 7 - Combination of Size Based and Time Based policies. Deletion occurs after 30 days or 3000 MB log files size - whichever comes first.

  • Fixes MariaDB incremental backup failure when full backup was not created the same day. LP#1897948

  • Fixes builds on CentOS 8.3 failing due to renamed repos. Notice Kolla now no longer supports CentOS 8.2 and below. LP#1907213

  • Fixes an issue with the kolla_set_configs --check command when the source is a directory. LP#1890567

  • Fixes an issue with the Masakari dashboard where policies were not loaded correctly.

  • nova-compute uses daxio to cleanup vpmem backend device on instance delete. If the daxio binary is missing in the nova-compute container instance delete fails. daxio is provided in centos via daxio, in ubuntu via the pmdk-tools package.

  • Added rally-openstack as plugin to rally source image

  • Fixes an issue which can block the Monasca Fluentd output plugin. LP#1889065


New Features

  • The Prometheus plugin is now installed into the Fluentd container by default.

Upgrade Notes

  • The Logstash image has been upgraded from Logstash 2 to Logstash 6.

Bug Fixes

  • Fixes Ceilometer deployment and upgrade failing due to wrong mode of argument passing applied to the ceilometer-upgrade command. LP#1884919

  • Drop systemd support from nsswitch.conf on RHEL-based distros. This avoids unneeded systemd nss lookups inside containers and it also avoids possible selinux denials when a container bind mounts /run and makes the dbus socket available inside the container only to be denied by selinux on the host.

  • Fixes an issue with loading Storm and Monasca Thresh when using Centos8 containers.

  • Fixes a bug in Monasca Agent Statsd which causes it to fail under Python 3.



The Kolla 10.0.0 release is the first release in the Ussuri cycle. Notable changes include:

  • all images and scripts now use Python 3 and support for Python 2 has been dropped

  • CentOS 8 is now supported as a base container image, and support for CentOS 7 has been dropped

  • Ceph images have been dropped

New Features

  • With the block labels it is possible to adjust the used labels of the built images.

  • Adds Elasticsearch Curator for managing aggregated log data.

  • Adds the networking-mlnx package to the neutron-base image. The package is required for InfiniBand deployment, and is used by the neutron-server, neutron-dhcp-agent and neutron-l3-agent containers.

  • Adds a neutron-mlnx-agent image for the Neutron Mellanox agent.

  • Adds --quiet switch to disable printing of image build logs.

  • Add support for building zun-cni-daemon. This is a new daemon for implementing CNI plugin for Zun.

  • Adds collectd-dpdk_telemetry and collectd-logparser packages to collectd RHEL-based image. The dpdk_telemetry plugin collects DPDK Ethernet device metrics via the dpdk_telemetry library. logparser is a plugin for filtering and parsing log messages.

  • Allow operators to use custom parameters with the ceilometer-upgrade command. This is quite useful when using the dynamic pollster subsystem; that sub-system provides flexibility to create and edit pollsters configs, which affects Gnocchi resource-type configurations. However, Ceilometer uses default and hard-coded resource-type configurations; if one customizes some of its default resource-types, they can get into trouble during upgrades. Therefore, the only way to work around it is to use the --skip-gnocchi-resource-types flag.

  • Adds support for CentOS 8 as a base container image. This is the only major version of CentOS supported from the Ussuri release. The Train release supports both CentOS 7 and 8 images, and provides a route for migration.

  • Adds collectd-pcie-errors package to collectd RHEL-based image. This allows collectd to collect PCI Express errors data from Device Status in Capability structure and from Advanced Error Reporting Extended Capability where available.

  • Adds collectd-pmu package to collectd RHEL-based image. This allows to collect Intel PMU (performance counters) data via collectd.

  • Adds a netcontrold image for Open vSwitch.

  • Adds an –enable-unbuildable option to ignore the internal list of unbuildable images. It is useful in two situations: building for a new distribution/architecture or generation of templates (with --templates-only option) when all templates are needed no matter being buildable or not.

  • Adding ndctl package to the nova-compute image to expose NVDIMM namespaces to guests. The package is needed to manage PMEM namespaces.

Known Issues

  • AArch64 images using CentOS as base system are not supported in Ussuri. This may be fixed when CentOS 8.2 is released.

Upgrade Notes

  • Cyborg Agent no longer includes OPAE SDK. The version was outdated and currently supported platforms do not have ready-to-use binaries. This change was required to make Cyborg buildable.

  • CentOS 7 is no longer supported as a base container image. CentOS users should migrate to CentOS 8. The Train release supports both CentOS 7 and 8 images, and provides a route for migration.

  • The following images were supported by CentOS 7 but lack suitable packages in CentOS 8, and are no longer supported for CentOS: hacluster-pcs and nova-spicehtml5proxy.

  • Debian images are using Ceph 14 ‘nautilus’ like other distributions.

  • Support for the SCSI target daemon (tgtd) has been removed for CentOS/RHEL 8. In CentOS/RHEL 7 and beyond LIO kernel subsystem can be used instead of the tgtd daemon. The tgtd image is no longer available for CentOS/RHEL 8.

  • Python 2.7 support has been dropped. The last release of Kolla to support Python 2.7 is OpenStack Train. The minimum version of Python now supported by Kolla is Python 3.6.

  • The way of handling external repositories has changed. All such repos are now disabled by default. The enable_extra_repos macro is used to enable them by name. Repositories names are defined in the kolla/templates/repos.yaml file.

  • Changes the behaviour of the --skip-existing and --skip-parents flags. Previously these were not applied if no regular expression or profile argument was provided to kolla-build, but now they are.

  • The trickle package is no longer available for CentOS 8, and has been removed from the CentOS 8 Freezer images.

  • The way of generating templates (with --templates-only option) is changed. By default only buildable ones are generated. If all templates are needed then --enable-unbuildable option must be used.

  • Changes the default value of the [DEFAULT] tarballs_base configuration option from to Since the OpenDev site is namespaced, the default source image tarball locations have been updated to include the /openstack (or in a few cases /x) URL path.

  • Upgrades RabbitMQ to 3.8. See blueprint for details.

  • Kolla Ceph container images have been removed. Please use another source of Ceph container images, such as ceph-container

  • Images deprecated in the Train cycle have been removed. These include almanach, dind, dragonflow, helm and kubernetes images.

  • The Ansible modules kolla_keystone_user and kolla_keystone_service have been removed from the kolla-toolbox image. These were previously used by Kolla Ansible, which switched to the upstream Ansible modules in the Train release.

  • The Monasca Log API merged into the Monasca API codebase in the Train release and the monasca-log-api image has therefore been removed.

  • As part of the support for using the unified Monasca API for logs, the Fluentd Monasca output plugin has been upgraded. Any custom Fluentd configuration which forwards logs to Monasca will need to be updated.

  • Support for Skydive images for aarch64 and ppc64le has been dropped. Upstream builds own images for a wide selection of architectures. Binaries are provided only for x86-64.

  • Ubuntu based images use APT mirrors now. This may affect builds behind HTTP proxies.

  • Upgrades Elasticsearch and Kibana to 6.x. See blueprint for details.

  • Upgrades Kafka from 1.0.2 to 2.0.1. Please see the upgrade notes for more details.

  • Switches to use upstream binaries of dumb-init on all supported architectures. Drops support for the base_compiler_packages override list as it is no longer needed.

Deprecation Notes

  • Deprecates the centos_binary_packages and centos_source_packages overrides in favour of centos_packages.

  • Deprecates support for MongoDB image. In Victoria support for MongoDB image will be removed from Kolla. Note CentOS 8 already lost support for MongoDB due to decisions made upstream.

    The only known downstream, Kolla Ansible, is deprecating and removing support for deploying MongoDB.

    MongoDB lost its position in OpenStack environment after controversial relicensing under their custom SSPL (Server Side Public License) which did not pass OSI (Open Source Initiative) validation.

  • The neutron-fwaas project was deprecated in the Neutron stadium and will be removed from stadium in the Wallaby cycle. The neutron-fwaas extension in the Neutron containers is deprecated as of the Ussuri release and will be removed in the Wallaby cycle. The neutron-fwaas-dashboard extension in the Horizon container is deprecated as of the Ussuri release and will be removed in the Wallaby cycle.

  • The neutron-server-ovn and neutron-metadata-agent-ovn images are deprecated and will be removed in the Victoria release. OVN drivers and networking-ovn-metadata-agent have been moved to neutron-base image and are available in neutron-server and neutron-metadata-agent.

  • The OpenDaylight (opendaylight) image is deprecated and will be removed. It is not used by any Kolla downstream projects.

  • Deprecates support for Sensu images. In Victoria support for Sensu images will be removed from Kolla. Note CentOS 8 already lost support for Sensu due to decisions made upstream.

Bug Fixes

  • Fixes unavailability of an etcd3-compatible tooz coordination driver in Ubuntu binary images by installing python3-etcd3gw. See bug 1852086 for details.

  • Adds openssh-clients to ironic conductor container build to enable ansible deploy interface to function properly.

  • Adds python3-systemd package to ironic-conductor source based container to allow the Ansible deploy interface to function correctly. Fixes bug #1861427

  • Fix inability to run UEFI-based images/instances by installing UEFI packages also in nova-libvirt image which is not based on nova-base. LP#1814552

  • Fix bug which caused Keystone Fernet key distribution to fail on Python 3 systems, by adapting script to work on Python 3. LP#1859047

  • Keystone bootstrap could produce invalid json. LP#1866017

  • Fixes the MAX_NUMBER variable usage when running the database online migrations for cinder.

  • Fixes nova-libvirt networking failures on AArch64 (ARM64) servers running on ThunderX CPUs. LP#1867365

  • Fixes Glance inability to use Cinder NFS backend for images by including NFS client components in the Glance API image. LP#1868574

  • Adds missing vitrage-persistor image, required by Vitrage deployments for storing data. LP#1869319

  • Makes Cyborg buildable for all platforms by removing dependency on OPAE SDK. LP#1873744

  • Fixes an issue with keystone bootstrap where an error message emitted by the keystone-manage bootstrap command is hidden. See bug 1855701 for details.

  • Fix kolla_toolbox_pip_virtualenv_packages customisation. LP#1865119

  • Fixes an issue with Cyborg and Monasca APIs in Debian and Ubuntu source type images. LP#1873421

  • Fixes an issue with the --skip-existing and --skip-parents flags which could cause images to not build. LP#1867614.

  • Converts deprecated command rally-manage db to rally db. LP#1856693

  • Fixes swift-object-expirer for Debian and Ubuntu binary images. LP#1859607