Ussuri Series Release Notes¶
Adds Cyrus SASL packages necessary for the DIGEST-MD5 and SCRAM-SHA-256 mechanisms. These can be used for libvirt SASL authentication. LP#1964013
Quiet mode (enabled with
--quietargument) can be combined with
--logs-diroption now. Console output will be quiet as expected while building output will be stored in separate log files.
The Debian and Ubuntu images use rabbitmq and erlang from cloudsmith now. Operators might want to mirror/proxy this new source as it provides the correct set of packages unlike the previous combination.
CentOS Linux 8 (non-Stream) support has been dropped, since repositories have been removed from CentOS mirrors - see announcement.
Adds mitigation for Apache Log4j 2 Remote Code Execution (RCE) vulnerabilities CVE-2021-44228 and CVE-2021-45046 to Apache Storm.
Fixes an issue when older version of Python OpenvSwitch bindings package was used, than the running OpenvSwitch code. LP#1961874
Fixes problems when running with docker-py >=6. LP#1988121
Fixes “Permission denied” issue for swift-recon tool that appears when swift-recon tool tries to access deafult recon_lock_path
Fixes disabling the use of the
curlrcconfiguration file in
Fixes an issue seen when using Jinja2 3.1.0.
nvme-clipackage is present in
nova-computeimages, as it expected by
Fixes the Debian and Ubuntu images to use rabbitmq and erlang from cloudsmith so that the images are still buildable and use proper versions.
CentOS images (only source, not binary) are now buildable using CentOS Stream 8 as base.
- Improve the way offline scenario are supported:
Switching dumb-init installation to distribution provided packages.
Debian now uses upstream MariaDB repos (thus following Ubuntu images). This is done to avoid issues like the related one and have an easy workaround of pinning to chosen MariaDB version if need arises. Operators may want to reflect this in their repo mirrors and proxies. LP#1944410
Adds an option to the monasca-thresh container which checks if the topology is currently submitted (KOLLA_BOOTSTRAP), with an option to kill it (TOPOLOGY_REPLACE). Topology names and various timeouts may be customized. LP#1808805
Fixes missing boto3 library required by glance_store. LP#1884259
Fixes an issue with cinder-volume missing
nvmecommands on Debian and Ubuntu. LP#1942038
RabbitMQ and Erlang packages are now installed from
packagecloud.io(and PPA for Debian/Ubuntu) since
bintray.comis getting shut down May 1st, 2021.
sensuimages which were deprecated in the Ussuri cycle has been removed.
Fixes an issue with Swift containers failing to start in Ubuntu binary images. LP#1905279
Fixes an issue with the
kolla_set_configs --checkcommand when the compared files are non-Unicode. LP#1913952
Fixes location of monitoring_policy in Horizon, so access policy is correctly enforced. Note that by current default, admin doesn’t not have Monitoring access. LP#1928408
Fix support for kolla install in
Fixes issues arising from the lack of Debian updates repo being enabled. LP#1931544
Fixes Mistral source images to respect upper-constraints.
Debian images enable the Debian updates repo now. This is aligned with the base Debian image.
Add a Monasca app plugin for the Monasca fork of Grafana. Plugin provides screens for viewing or configuring: Alarm Definitions, Alarms and Notifications
Kolla now no longer supports CentOS 8.2 and below. This is to support CentOS 8.3 without extra workarounds (please see the fixes section for more details). The promise is to support the latest CentOS 8 release which is 8.3 now.
Source based builds will now install OpenStack projects code from stable tarballs, compared to versioned (released point versions) ones as before.
Fixes the FC Cinder backend usage in Nova. LP#1884484
Logstash 6 introduced in Centos 8 in Train release comes with log4j2 configuration that does not remove old compressed logs after rotation https://github.com/elastic/logstash/issues/11883 Log rotation config backported from Logstash 7 - Combination of Size Based and Time Based policies. Deletion occurs after 30 days or 3000 MB log files size - whichever comes first.
Fixes MariaDB incremental backup failure when full backup was not created the same day. LP#1897948
Fixes builds on CentOS 8.3 failing due to renamed repos. Notice Kolla now no longer supports CentOS 8.2 and below. LP#1907213
Fixes an issue with the
kolla_set_configs --checkcommand when the source is a directory. LP#1890567
Fixes an issue with the Masakari dashboard where policies were not loaded correctly.
nova-compute uses daxio to cleanup vpmem backend device on instance delete. If the daxio binary is missing in the nova-compute container instance delete fails. daxio is provided in centos via daxio, in ubuntu via the pmdk-tools package.
Added rally-openstack as plugin to rally source image
Fixes an issue which can block the Monasca Fluentd output plugin. LP#1889065
The Prometheus plugin is now installed into the Fluentd container by default.
The Logstash image has been upgraded from Logstash 2 to Logstash 6.
Fixes Ceilometer deployment and upgrade failing due to wrong mode of argument passing applied to the
Drop systemd support from nsswitch.conf on RHEL-based distros. This avoids unneeded systemd nss lookups inside containers and it also avoids possible selinux denials when a container bind mounts /run and makes the dbus socket available inside the container only to be denied by selinux on the host.
Fixes an issue with loading Storm and Monasca Thresh when using Centos8 containers.
Fixes a bug in Monasca Agent Statsd which causes it to fail under Python 3.
10.0.0 release is the first release in the Ussuri cycle.
Notable changes include:
all images and scripts now use Python 3 and support for Python 2 has been dropped
CentOS 8 is now supported as a base container image, and support for CentOS 7 has been dropped
Ceph images have been dropped
With the block
labelsit is possible to adjust the used labels of the built images.
Adds Elasticsearch Curator for managing aggregated log data.
networking-mlnxpackage to the
neutron-baseimage. The package is required for InfiniBand deployment, and is used by the
neutron-mlnx-agentimage for the Neutron Mellanox agent.
--quietswitch to disable printing of image build logs.
Add support for building
zun-cni-daemon. This is a new daemon for implementing CNI plugin for Zun.
collectdRHEL-based image. The
dpdk_telemetryplugin collects DPDK Ethernet device metrics via the
logparseris a plugin for filtering and parsing log messages.
Allow operators to use custom parameters with the
ceilometer-upgradecommand. This is quite useful when using the dynamic pollster subsystem; that sub-system provides flexibility to create and edit pollsters configs, which affects Gnocchi resource-type configurations. However, Ceilometer uses default and hard-coded resource-type configurations; if one customizes some of its default resource-types, they can get into trouble during upgrades. Therefore, the only way to work around it is to use the
Adds support for CentOS 8 as a base container image. This is the only major version of CentOS supported from the Ussuri release. The Train release supports both CentOS 7 and 8 images, and provides a route for migration.
collectdRHEL-based image. This allows collectd to collect PCI Express errors data from Device Status in Capability structure and from Advanced Error Reporting Extended Capability where available.
collectdRHEL-based image. This allows to collect Intel PMU (performance counters) data via
netcontroldimage for Open vSwitch.
Adds an –enable-unbuildable option to ignore the internal list of unbuildable images. It is useful in two situations: building for a new distribution/architecture or generation of templates (with
--templates-onlyoption) when all templates are needed no matter being buildable or not.
ndctlpackage to the
nova-computeimage to expose NVDIMM namespaces to guests. The package is needed to manage PMEM namespaces.
AArch64 images using CentOS as base system are not supported in Ussuri. This may be fixed when CentOS 8.2 is released.
Cyborg Agent no longer includes OPAE SDK. The version was outdated and currently supported platforms do not have ready-to-use binaries. This change was required to make Cyborg buildable.
CentOS 7 is no longer supported as a base container image. CentOS users should migrate to CentOS 8. The Train release supports both CentOS 7 and 8 images, and provides a route for migration.
The following images were supported by CentOS 7 but lack suitable packages in CentOS 8, and are no longer supported for CentOS:
Debian images are using Ceph 14 ‘nautilus’ like other distributions.
Support for the SCSI target daemon (
tgtd) has been removed for CentOS/RHEL 8. In CentOS/RHEL 7 and beyond LIO kernel subsystem can be used instead of the
tgtdimage is no longer available for CentOS/RHEL 8.
Python 2.7 support has been dropped. The last release of Kolla to support Python 2.7 is OpenStack Train. The minimum version of Python now supported by Kolla is Python 3.6.
The way of handling external repositories has changed. All such repos are now disabled by default. The
enable_extra_reposmacro is used to enable them by name. Repositories names are defined in the
Changes the behaviour of the
--skip-parentsflags. Previously these were not applied if no regular expression or profile argument was provided to
kolla-build, but now they are.
tricklepackage is no longer available for CentOS 8, and has been removed from the CentOS 8 Freezer images.
The way of generating templates (with
--templates-onlyoption) is changed. By default only buildable ones are generated. If all templates are needed then
--enable-unbuildableoption must be used.
Changes the default value of the
[DEFAULT] tarballs_baseconfiguration option from
https://tarballs.opendev.org. Since the OpenDev site is namespaced, the default source image tarball locations have been updated to include the
/openstack(or in a few cases
/x) URL path.
Upgrades RabbitMQ to 3.8. See blueprint for details.
Kolla Ceph container images have been removed. Please use another source of Ceph container images, such as ceph-container
Images deprecated in the Train cycle have been removed. These include almanach, dind, dragonflow, helm and kubernetes images.
The Ansible modules
kolla_keystone_servicehave been removed from the
kolla-toolboximage. These were previously used by Kolla Ansible, which switched to the upstream Ansible modules in the Train release.
The Monasca Log API merged into the Monasca API codebase in the Train release and the
monasca-log-apiimage has therefore been removed.
As part of the support for using the unified Monasca API for logs, the Fluentd Monasca output plugin has been upgraded. Any custom Fluentd configuration which forwards logs to Monasca will need to be updated.
Support for Skydive images for aarch64 and ppc64le has been dropped. Upstream builds own images for a wide selection of architectures. Binaries are provided only for x86-64.
Ubuntu based images use APT mirrors now. This may affect builds behind HTTP proxies.
Upgrades Elasticsearch and Kibana to 6.x. See blueprint for details.
Upgrades Kafka from 1.0.2 to 2.0.1. Please see the upgrade notes for more details.
Switches to use upstream binaries of
dumb-initon all supported architectures. Drops support for the
base_compiler_packagesoverride list as it is no longer needed.
centos_source_packagesoverrides in favour of
congressproject is no longer maintained. It has been retired officially in Victoria.
Deprecates support for MongoDB image. In Victoria support for MongoDB image will be removed from Kolla. Note CentOS 8 already lost support for MongoDB due to decisions made upstream.
The only known downstream, Kolla Ansible, is deprecating and removing support for deploying MongoDB.
MongoDB lost its position in OpenStack environment after controversial relicensing under their custom SSPL (Server Side Public License) which did not pass OSI (Open Source Initiative) validation.
The neutron-fwaas project was deprecated in the Neutron stadium and will be removed from stadium in the Wallaby cycle. The neutron-fwaas extension in the Neutron containers is deprecated as of the Ussuri release and will be removed in the Wallaby cycle. The neutron-fwaas-dashboard extension in the Horizon container is deprecated as of the Ussuri release and will be removed in the Wallaby cycle.
neutron-metadata-agent-ovnimages are deprecated and will be removed in the Victoria release. OVN drivers and networking-ovn-metadata-agent have been moved to
neutron-baseimage and are available in
The OpenDaylight (
opendaylight) image is deprecated and will be removed. It is not used by any Kolla downstream projects.
Deprecates support for Sensu images. In Victoria support for Sensu images will be removed from Kolla. Note CentOS 8 already lost support for Sensu due to decisions made upstream.
Fixes unavailability of an etcd3-compatible tooz coordination driver in Ubuntu binary images by installing
python3-etcd3gw. See bug 1852086 for details.
Adds openssh-clients to ironic conductor container build to enable ansible deploy interface to function properly.
Adds python3-systemd package to ironic-conductor source based container to allow the Ansible deploy interface to function correctly. Fixes bug #1861427
Fix inability to run UEFI-based images/instances by installing UEFI packages also in nova-libvirt image which is not based on nova-base. LP#1814552
Fix bug which caused Keystone Fernet key distribution to fail on Python 3 systems, by adapting fetch-fernet-keys.py script to work on Python 3. LP#1859047
Keystone bootstrap could produce invalid json. LP#1866017
Fixes the MAX_NUMBER variable usage when running the database online migrations for cinder.
nova-libvirtnetworking failures on AArch64 (ARM64) servers running on ThunderX CPUs. LP#1867365
Fixes Glance inability to use Cinder NFS backend for images by including NFS client components in the Glance API image. LP#1868574
vitrage-persistorimage, required by Vitrage deployments for storing data. LP#1869319
Makes Cyborg buildable for all platforms by removing dependency on OPAE SDK. LP#1873744
Fixes an issue with keystone bootstrap where an error message emitted by the
keystone-manage bootstrapcommand is hidden. See bug 1855701 for details.
Fixes an issue with Cyborg and Monasca APIs in Debian and Ubuntu source type images. LP#1873421
Fixes an issue with the
--skip-parentsflags which could cause images to not build. LP#1867614.
Converts deprecated command
rally db. LP#1856693
Fixes swift-object-expirer for Debian and Ubuntu binary images. LP#1859607