Victoria Series Release Notes

11.3.0-7

Upgrade Notes

  • The Debian and Ubuntu images use rabbitmq and erlang from cloudsmith now. Operators might want to mirror/proxy this new source as it provides the correct set of packages unlike the previous combination.

Bug Fixes

  • Fixes wrong update-alternatives usage on CentOS. LP#1936947

  • Fixes problems when running with docker-py >=6. LP#1988121

  • Fixes the Debian and Ubuntu images to use rabbitmq and erlang from cloudsmith so that the images are still buildable and use proper versions.

11.3.0

New Features

  • Adds Cyrus SASL packages necessary for the DIGEST-MD5 and SCRAM-SHA-256 mechanisms. These can be used for libvirt SASL authentication. LP#1964013

  • Quiet mode (enabled with --quiet argument) can be combined with --logs-dir option now. Console output will be quiet as expected while building output will be stored in separate log files.

Critical Issues

  • CentOS Linux 8 (non-Stream) support has been dropped, since repositories have been removed from CentOS mirrors - see announcement.

Security Issues

  • Adds mitigation for Apache Log4j 2 Remote Code Execution (RCE) vulnerabilities CVE-2021-44228 and CVE-2021-45046 to Apache Storm.

Bug Fixes

  • Fixes an issue with Ironic deployments using UEFI and iPXE, where the default UEFI iPXE bootloader in Ironic was not available in the TFTP server. This affects all Kolla releases on CentOS, and Xena on Debian/Ubuntu. LP#1959203

  • Installs glusterfs-client in Debian and Ubuntu manila-share images to support GlusterFS across supported distributions. LP#1964140

  • Fixes an issue when older version of Python OpenvSwitch bindings package was used, than the running OpenvSwitch code. LP#1961874

  • Fix AArch64 ubuntu ironic-python-agent images UEFI PXE booting failure. Also fix x86_64 lacking of GRUB efi files issue. LP#1879265

  • Fixes disabling the use of the curlrc configuration file in healthcheck_curl. LP#1967272

  • Fixes an issue seen when using Jinja2 3.1.0.

  • Fixes an issue with missing Magnum Keystone auth default policy. LP#1957159

  • Fixes set_configs.py configuring same permission for directories and files, causing directories lacking execute permission if not set for files.

11.2.0

New Features

  • Improve the way offline scenario are supported:

    • Switching dumb-init installation to distribution provided packages.

Upgrade Notes

  • Debian now uses upstream MariaDB repos (thus following Ubuntu images). This is done to avoid issues like the related one and have an easy workaround of pinning to chosen MariaDB version if need arises. Operators may want to reflect this in their repo mirrors and proxies. LP#1944410

Bug Fixes

  • Adds an option to the monasca-thresh container which checks if the topology is currently submitted (KOLLA_BOOTSTRAP), with an option to kill it (TOPOLOGY_REPLACE). Topology names and various timeouts may be customized. LP#1808805

  • Fixes missing boto3 library required by glance_store. LP#1884259

  • Fixes an issue with logs going missing in the Fluentd pipeline by pinning td-agent to 4.0.* also on Debian. LP#1930867 [Debian]

  • Fixes an issue with cinder-volume missing lsscsi and nvme commands on Debian and Ubuntu. LP#1942038

  • CentOS nova-compute image has linux-firmware package removed to save image size by ~500MB. LP#1926801

  • Fixes “Permission denied” issue for swift-recon tool that appears when swift-recon tool tries to access deafult recon_lock_path

  • Ensures the nvme-cli package is present in nova-compute images, as it expected by os-brick.

Other Notes

  • CentOS images are now buildable using CentOS 8 Stream as a base.

11.1.0

New Features

  • octavia-driver-agent image was added to support other Octavia providers than amphora.

Upgrade Notes

  • RabbitMQ and Erlang packages are now installed from packagecloud.io (and PPA for Debian/Ubuntu) since bintray.com is getting shut down May 1st, 2021.

Bug Fixes

  • Fixes an issue with Swift containers failing to start in Ubuntu binary images. LP#1905279

  • Fixes an issue with the kolla_set_configs --check command when the compared files are non-Unicode. LP#1913952

  • Fixes location of monitoring_policy in Horizon, so access policy is correctly enforced. Note that by current default, admin doesn’t not have Monitoring access. LP#1928408

  • Fix support for kolla install in ~/.local. LP#1930544

  • Fixes an issue with logs going missing in the Fluentd pipeline by pinning td-agent to 4.0.*. LP#1930867

  • Fixes issues arising from the lack of Debian updates repo being enabled. LP#1931544

  • Fixes an issue with the Fluentd Monasca output plugin related to a more recent openssl library. LP#1910382

  • Fixes Mistral source images to respect upper-constraints.

Other Notes

  • Debian images enable the Debian updates repo now. This is aligned with the base Debian image.

11.0.0

New Features

  • The Prometheus plugin is now installed into the Fluentd container by default.

  • Add a Monasca app plugin for the Monasca fork of Grafana. Plugin provides screens for viewing or configuring: Alarm Definitions, Alarms and Notifications

  • Added new option “–(no)summary” to allow to hide after build summary.

Upgrade Notes

  • The Logstash image has been upgraded from Logstash 2 to Logstash 6.

  • Cyborg Agent no longer includes OPAE SDK. The version was outdated and currently supported platforms do not have ready-to-use binaries. This change was required to make Cyborg buildable.

  • Kolla now no longer supports CentOS 8.2 and below. This is to support CentOS 8.3 without extra workarounds (please see the fixes section for more details). The promise is to support the latest CentOS 8 release which is 8.3 now.

  • Changes the default value of the [DEFAULT] tarballs_base configuration option from https://tarballs.openstack.org to https://tarballs.opendev.org. Since the OpenDev site is namespaced, the default source image tarball locations have been updated to include the /openstack (or in a few cases /x) URL path.

  • The congress project is no longer maintained. This has been retired since Victoria and has not been used by other OpenStack services since.

  • FWaaS project has been removed in Victoria cycle and it’s no longer included in Kolla container images and deployment.

  • Glance Registry service was deprecated in the Queens release and has been removed in Victoria. Accordingly, container image glance-registry has been removed from Kolla.

  • remove mongodb image from kolla, following deprecation process.

  • The neutron-server-opendaylight image has been removed.

  • neutron-server-ovn and neutron-metadata-agent-ovn images have been removed. OVN drivers have been moved into Neutron code base in Ussuri release and networking-ovn bits are no longer required to be installed.

  • The opendaylight image, which was deprecated in the Ussuri cycle, has been removed.

  • The sensu images which were deprecated in the Ussuri cycle has been removed.

  • td-agent has been upgraded to version 4. It will be now used for both x86-64 and aarch64 architectures on all distributions Kolla is supporting. Users before upgrade should analyse changed config file syntax for their custom fluentd configuration files.

  • Ubuntu images now use Focal 20.04 (ubuntu:20.04) as the default base image.

  • Source based builds will now install OpenStack projects code from stable tarballs, compared to versioned (released point versions) ones as before.

Deprecation Notes

  • Deprecates support for the certmonger, ec2-api, heat-all, novajoin, nova-mksproxy, ptp, radvd, rsyslog and zaqar images. In Wallaby support for these images will be removed from Kolla. No known downstream projects use these images.

  • Deprecates support for mariadb image. Please use mariadb-server image from now on - because the former will be removed in Wallaby cycle.

Bug Fixes

  • Makes Cyborg buildable for all platforms by removing dependency on OPAE SDK. LP#1873744

  • Fixes the FC Cinder backend usage in Nova. LP#1884484

  • Fixes Ceilometer deployment and upgrade failing due to wrong mode of argument passing applied to the ceilometer-upgrade command. LP#1884919

  • Fixes MariaDB incremental backup failure when full backup was not created the same day. LP#1897948

  • Fixes builds on CentOS 8.3 failing due to renamed repos. Notice Kolla now no longer supports CentOS 8.2 and below. LP#1907213

  • Drop systemd support from nsswitch.conf on RHEL-based distros. This avoids unneeded systemd nss lookups inside containers and it also avoids possible selinux denials when a container bind mounts /run and makes the dbus socket available inside the container only to be denied by selinux on the host.

  • Fixes an issue with the kolla_set_configs --check command when the source is a directory. LP#1890567

  • Fixes an issue with loading Storm and Monasca Thresh when using Centos8 containers.

  • Fixes an issue with the Masakari dashboard where policies were not loaded correctly.

  • nova-compute uses daxio to cleanup vpmem backend device on instance delete. If the daxio binary is missing in the nova-compute container instance delete fails. daxio is provided in centos via daxio, in ubuntu via the pmdk-tools package.

  • Added rally-openstack as plugin to rally source image

  • Fixes an issue which can block the Monasca Fluentd output plugin. LP#1889065

Other Notes

  • tripleoclient container image is removed. It is not needed nor useful.