2024.2 Series Release Notes¶
30.0.0¶
Prelude¶
All playbooks for OpenStack-Ansible were moved under openstack.osa collection, which is being installed as a part of bootstrap-ansible.sh process. We left playbooks under their original names and locations for backwards compatability, though they are just importing corresponsive playbooks from the collection.
Behavior of rabbitmq_upgrade
variable has changed. It no longer can be used to reset the cluster state. It now acts solely as a flag to perform a rolling-upgrade of the existing cluster.
New Features¶
Added a new variable
octavia_security_group_additional_rules
that allows configuration of additional security group rules for Amphora.
Add support for ceilometer consumption of magnum notifications. Notifications will be consumed automatically when magnum_ceilometer_enabled is True.
Added variables
octavia_gigabytes
andoctavia_num_volumes
to control quota defenitions for the project where Octavia Amphorae is being spawned.
Added variable
openstack_apache_mpm_backend
which is used as a default value by service-specific variables to define used Apache MPM across the deployment. Defaults MPMevent
will be used if not overriden.
Added a bash auto-completion script which will assist with running openstack-ansible commands. It is placed as
/etc/bash_completion.d/openstack-ansible
, so please make sure your .bashrc is configured to load completion scripts from there. As of today it can help with completing playbook names, which are part of collections, Ansible native flags and hosts in case of--limit
flag is used.
Added a variable
cloudkitty_storage
that allows to easily define storage configuration options for Cloudkitty.
Added variable
nova_ssh_custom_config
which allows to apply extra configuration for SSH connection established by Nova Compute while perfroming offline migrations or resizes. Can be leveraged to define a custom SSH port or ProxyJump.
Added a variable
rabbitmq_erlang_package_version
that can be used to define an erlang version being used whenexternal_repo
is used as package source.
The neutron firewall-as-a-servie dashboard will be automatically deployed if the FWaaS service is enabled. FWaaS is now an active deliverable again fron the Neutron project.
A mapping
<service>_haproxy_services
now can contain a keyhaproxy_limit_hosts
, which can be used to filter out haproxy nodes to which this config should be applied. This behaviour might be useful in case you want to apply a different service configuration to haproxy hosts.
Implemented variable
horizon_extra_local_settings
that allows to insert arbitrary parameters defined as a regular mapping inside local_settings.py of Horizon. Parameters will be inserted at the end of the config file.
Implemented variable neutron_l3_agent_extensions to control list of enabled L3 agent extensions.
Added variables to better control SSH keypair generation for Octavia:
octavia_ssh_key_manage
(True): Enables an Octavia role to generate and manage SSH keypair to be used for Amphoras.octavia_resources_deploy_host
(localhost): The host on which SSH key will be created.octavia_ssh_key_dir
(${HOME}/.ssh): Directory under which keypair will be created on theoctavia_resources_deploy_host
octavia_ssh_key_comment
(Generated-by-Nova): Comment for the keypair.octavia_ssh_key_format
(ssh): Format for the stored private keyoctavia_ssh_key_type
(rsa): Type of the SSH keypair generatedoctavia_ssh_key_size
(2048): Private key length.
Functional code for playbooks were moved from playbooks/ folder of the OpenStack-Ansible repository to a openstack.osa collection.
This means, you can control versions of playbooks separately from the OpenStack-Ansible repository itself. This also enables to call playbooks without providing explicit path to them, but through FQCN, for example:
openstack-ansible openstack.osa.setup_openstack
We also have renamed some playbooks to better reflect their purpose. For instance
playbooks/os-nova-install.yml
becomeopenstack.osa.nova
For backwards compatability we left old playbooks names/paths, though they contain simple import of corresponsive playbook from the collection.
RabbitMQ version is upgraded to a new major version 4.0
The apt repository setup for the rabbitmq_server role is migrated to use the deb822_repository ansible module rather than the legacy apt_key and apt_repository modules. The format of the rabbitmq_repo and rabbitmq_erlang_repo ole default variables are changed to match the requirements of the new module, and are now lists allowing multiple repositories to be configured if required.
The previously used apt/yum package repositories for rabbitmq located at novemberain.com are have been replaced with those found at rabbitmq.com, in accordance with changes to the rabbitmq installation guide.
Added a support for deployment on Ubuntu 24.04 LTS (Noble Numbat).
Known Issues¶
Due to the underlying bug in Ansible collections for OpenStack,
Default
domain name can be renamed todefault
under certain conditions. One known example is havingdomain: default
defenition underkeystone_sp -> trusted_idp_list -> federated_identities
structure.
Upgrade Notes¶
The configuration of repositories for the ceph_client role through the ceph_yum_repo_url and ceph_repo_url variable is changed. These variables were replaced by unified ceph_repo_url variable. With that ceph_apt_repos has bee replaced by ceph_repos variable which should follow deb822_repository format for Debian/Ubuntu and yum_repository for CentOS Stream/Rocky Linux.
Changed default for
octavia_cinder_volume_size
to 20gb in order to align with value ofoctavia_amp_disk
Amphorae flavor will have 0 disk set (through variable
octavia_amp_disk
), whenoctavia_cinder_enabled: True
.
Default for Neutron API has been switched from using uWSGI to old eventlet due to found compatability issues for the current OpenStack release. You can find more infromation in Neutron bug report You can preserve current behaviour by setting
neutron_use_uwsgi: True
Please, make sure that in case of federation usage you define domain name instead of it’s ID (ie.
Default
instead ofdefault
) underkeystone_sp -> trusted_idp_list -> federated_identities
As RabbitMQ HA (mirrored) queues are no longer supported with current version of RabbitMQ, please make sure a migration to Quorum Queues was performed before proceeding with the upgrade. Please check the Migrate between HA and Quorum Queues documentation for more details on the migration path.
Group name for HAProxy destination hosts in openstack_user_config.yml` was renamed from
haproxy_hosts
toload_balancer_hosts
. While backwards compatability is kept, it is recommended to replace defenition with the new group during the upgrade.
In order to align used Apache MPM across the board, Horizon default MPM is switched from
worker
toevent
. A variablehorizon_apache_mpm_backend
was introduced to define the MPM in use.
Service type in catalog has been changed from
ha
toinstance-ha
in order to align service types with service deployment guide
Changed a default value for a
neutron_default_availability_zones
variable. From now on role will gather definedneutron_availability_zone
across all hosts (which defaults to nova) and attempt to schedule on all available Availability Zones by default. Change of the default should not alter behaviour for single-AZ setups.
uWSGI has been re-enabled by default for Neutron one more time. With that new services are introduced which should ensure adequate functionality of Neutron when uWSGI is being used.
neutron-periodic-workers
service is enabled for all drivers when WSGI is being used. It runs along with previously existingneutron-rpc-server
neutron-ovn-maintenance-worker
service is added only if ml2.ovn is being used asneutron_plugin_type
. The service will be enabled and running only when WSGI is used for Neutronneutron_use_uwsgi
is set to True
If you are using Ubuntu 22.04 Jammy Jellyfish and
install_method: distro
please make sure to disableneutron_use_uwsgi
as required binaries for this mode to work are missing from packages for this distro.
Please, make sure you are running RabbitMQ version of 3.13 before proceeding with the upgrade. In case you RabbitMQ version is lower then 3.13 upgrade to 4.0 will fail. You can run upgrade to 3.13 with same version of role by supplying variable
rabbitmq_package_version
during runtime, for example:openstack-ansible openstack.osa.rabbitmq_server -e rabbitmq_upgrade=true -e rabbitmq_package_version=3.13.7-1
and then re-running upgrade normally to 4.0.
The configuration of apt repositories for the rabbitmq_server role through the rabbitmq_repo variable is changed to match the deb822_repository ansible module. Any deployments that customise the repository configuration should adjust their rabbitmq_repo and rabbitmq_erlang_repo overrides to suit.
A web server for repo containers/hosts has been changed from Nginx to Apache. This was made to reduce amount of services we manage with roles and to better align approaches and development vectors.
The previously used apt/yum package repositories for rabbitmq located at novemberain.com are have been replaced with those found at rabbitmq.com, in accordance with changes to the rabbitmq installation guide. Any local mirrors should be adjusted to use the recommended upstream sources.
Default value of
gnocchi_policy_default_file_path
has changed to search forpolicy.yaml
file under/etc/openstack_deploy/gnocchi/
folder. Please ensure, that you use YAML format instead of JSON for the file.
Deprecation Notes¶
In order to unify Ceph client installation approaches for EL and Debian platforms following variables were deprecated and are silently ignored:
ceph_yum_repo_url
ceph_apt_repo_url
ceph_apt_repos
Following deprecated variables were removed and have no effect:
cinder_service_v2_name
cinder_service_v2_port
cinder_service_v2_proto
cinder_service_v2_type
cinder_service_v2_description
cinder_service_v2_publicuri
cinder_service_v2_publicurl
cinder_service_v2_adminuri
cinder_service_v2_adminurl
cinder_service_v2_internaluri
cinder_service_v2_internalurl
Following variables were deprecated and removed in favor of their analogues
cinder_service_description -> cinder_service_v3_description
cinder_service_publicuri_proto -> cinder_service_v3_publicuri_proto
cinder_service_adminuri_proto -> cinder_service_v3_adminuri_proto
cinder_service_internaluri_proto -> cinder_service_v3_internaluri_proto
cinder_service_type -> cinder_service_v3_type
cinder_service_publicuri -> cinder_service_v3_publicurl
cinder_service_adminuri -> cinder_service_v3_adminurl
cinder_service_internaluri -> cinder_service_v3_internalurl
cinder_service_v3_port -> cinder_service_port
cinder_service_v3_proto -> cinder_service_proto
Support of Debian 11 (Bullseye) has been removed.
Variable
rabbitmq_erlang_version_spec
has been deprecated and does not have any effect anymore. Please, userabbitmq_erlang_package_version
instead.
RabbitMQ HA (mirrored) queues are no longer supported by RabbitMQ, so respective policy was deprecated and removed in favor of quorum queues. Migration to Quorum Queues is expected to be performed on 2024.1 (Caracal) release. Please check the Migrate between HA and Quorum Queues documentation for more details on the migration path.
Usage of
haproxy_hosts
in openstack_user_config.yml` has been deprecated in favor ofload_balancer_hosts
.
The variable
keystone_external_ssl
was deprecated and is no longer used. You still can control if communication between HAProxy and Keystone should be covered with TLS throughkeystone_backend_ssl
orhaproxy_ssl
/haproxy_ssl_all_vips
for communication between clients and HAProxy on frontend.
Variable
haproxy_tls_vip_binds
has been renamed tohaproxy_vip_binds
to better reflect variable purpose. Old variable name is still respected but it’s usage is descouraged and old naming will be removed in the future.
Bug Fixes¶
Octavia role now handles quota defenition properly when BFV is set for Amphorae by defining
octavia_cinder_enabled: True
Used Apache MPMs are aligned across services and will not conflict with each other on metal deployments. Apache MPM event is being used by default.
In case of switching Neutron from uWSGI to old eventlet, neutron-rpc-server service will be disabled and stopped by the role.
haproxy_all
group is no longer populated with bare metal hosts in case of installing haproxy/keepalived inside LXC containers.
Functionality of providing different haproxy service settings per haproxy host has been restored through
haproxy_limit_hosts
key which provides filtering of target HAProxy hosts, to which this configuration should be applied. Before moving<service>_haproxy_services
from haproxy_all group_vars it was possible to supply a completely independent set of backends that will be configured on the HAProxy server. With moving backend defenition to specific service group_vars, this ability was lost, as there was no way to tell what config to apply to which HAProxy server.
The format of kernel and ramdisk images for Ironic is now raw in order to conform to upstream expectations.
Issues with uWSGI mode for Neutron has been addressed and uWSGI be used for the service.
An Octavia
amphora
provider was returned back to the list of supported providers to satisfy Magnumoctavia_provider
default label.
Skyline is not getting installed anymore by default as part of
os-infra_hosts
, which might result in unwanted dashboard changes during OpenStack upgrade process.
Python wheels build no longer fails in case of issues with a repo host and should succeed as long as there at least one reachable repo host with matching Distro/Version/Architecture.
Other Notes¶
In order to align with oslo.messaging reverted default of
heartbeat_in_pthread
value we remove own logic of handling the value based on host groups. You still can useoslomsg_heartbeat_in_pthread
or specific role variables to alter the behaviour.
Default value for
octavia_management_net_dhcp
was set to False. It means that Octavia management network will not have DHCP enabled by default if os_octavia role is responsible for managaing it.
Supplying
rabbitmq_upgrade=true
no longer re-initialize cluster and will perform regular rolling upgrade of the RabbitMQ cluster.
Skyline was removed from being assigned to
os-infra_hosts
. If you want to install Skyline as your dashboard, you need to defineskyline_dashboard_hosts
explicitly.