2024.2 Series Release Notes

30.0.0

Prelude

All playbooks for OpenStack-Ansible were moved under openstack.osa collection, which is being installed as a part of bootstrap-ansible.sh process. We left playbooks under their original names and locations for backwards compatability, though they are just importing corresponsive playbooks from the collection.

Behavior of rabbitmq_upgrade variable has changed. It no longer can be used to reset the cluster state. It now acts solely as a flag to perform a rolling-upgrade of the existing cluster.

New Features

  • Added a new variable octavia_security_group_additional_rules that allows configuration of additional security group rules for Amphora.

  • Add support for ceilometer consumption of magnum notifications. Notifications will be consumed automatically when magnum_ceilometer_enabled is True.

  • Added variables octavia_gigabytes and octavia_num_volumes to control quota defenitions for the project where Octavia Amphorae is being spawned.

  • Added variable openstack_apache_mpm_backend which is used as a default value by service-specific variables to define used Apache MPM across the deployment. Defaults MPM event will be used if not overriden.

  • Added a bash auto-completion script which will assist with running openstack-ansible commands. It is placed as /etc/bash_completion.d/openstack-ansible, so please make sure your .bashrc is configured to load completion scripts from there. As of today it can help with completing playbook names, which are part of collections, Ansible native flags and hosts in case of --limit flag is used.

  • Added a variable cloudkitty_storage that allows to easily define storage configuration options for Cloudkitty.

  • Added variable nova_ssh_custom_config which allows to apply extra configuration for SSH connection established by Nova Compute while perfroming offline migrations or resizes. Can be leveraged to define a custom SSH port or ProxyJump.

  • Added a variable rabbitmq_erlang_package_version that can be used to define an erlang version being used when external_repo is used as package source.

  • The neutron firewall-as-a-servie dashboard will be automatically deployed if the FWaaS service is enabled. FWaaS is now an active deliverable again fron the Neutron project.

  • A mapping <service>_haproxy_services now can contain a key haproxy_limit_hosts, which can be used to filter out haproxy nodes to which this config should be applied. This behaviour might be useful in case you want to apply a different service configuration to haproxy hosts.

  • Implemented variable horizon_extra_local_settings that allows to insert arbitrary parameters defined as a regular mapping inside local_settings.py of Horizon. Parameters will be inserted at the end of the config file.

  • Implemented variable neutron_l3_agent_extensions to control list of enabled L3 agent extensions.

  • Added variables to better control SSH keypair generation for Octavia:

    • octavia_ssh_key_manage (True): Enables an Octavia role to generate and manage SSH keypair to be used for Amphoras.

    • octavia_resources_deploy_host (localhost): The host on which SSH key will be created.

    • octavia_ssh_key_dir (${HOME}/.ssh): Directory under which keypair will be created on the octavia_resources_deploy_host

    • octavia_ssh_key_comment (Generated-by-Nova): Comment for the keypair.

    • octavia_ssh_key_format (ssh): Format for the stored private key

    • octavia_ssh_key_type (rsa): Type of the SSH keypair generated

    • octavia_ssh_key_size (2048): Private key length.

  • Functional code for playbooks were moved from playbooks/ folder of the OpenStack-Ansible repository to a openstack.osa collection.

    This means, you can control versions of playbooks separately from the OpenStack-Ansible repository itself. This also enables to call playbooks without providing explicit path to them, but through FQCN, for example: openstack-ansible openstack.osa.setup_openstack

    We also have renamed some playbooks to better reflect their purpose. For instance playbooks/os-nova-install.yml become openstack.osa.nova

    For backwards compatability we left old playbooks names/paths, though they contain simple import of corresponsive playbook from the collection.

  • RabbitMQ version is upgraded to a new major version 4.0

  • The apt repository setup for the rabbitmq_server role is migrated to use the deb822_repository ansible module rather than the legacy apt_key and apt_repository modules. The format of the rabbitmq_repo and rabbitmq_erlang_repo ole default variables are changed to match the requirements of the new module, and are now lists allowing multiple repositories to be configured if required.

  • The previously used apt/yum package repositories for rabbitmq located at novemberain.com are have been replaced with those found at rabbitmq.com, in accordance with changes to the rabbitmq installation guide.

  • Added a support for deployment on Ubuntu 24.04 LTS (Noble Numbat).

Known Issues

  • Due to the underlying bug in Ansible collections for OpenStack, Default domain name can be renamed to default under certain conditions. One known example is having domain: default defenition under keystone_sp -> trusted_idp_list -> federated_identities structure.

Upgrade Notes

  • The configuration of repositories for the ceph_client role through the ceph_yum_repo_url and ceph_repo_url variable is changed. These variables were replaced by unified ceph_repo_url variable. With that ceph_apt_repos has bee replaced by ceph_repos variable which should follow deb822_repository format for Debian/Ubuntu and yum_repository for CentOS Stream/Rocky Linux.

  • Changed default for octavia_cinder_volume_size to 20gb in order to align with value of octavia_amp_disk

  • Amphorae flavor will have 0 disk set (through variable octavia_amp_disk), when octavia_cinder_enabled: True.

  • Default for Neutron API has been switched from using uWSGI to old eventlet due to found compatability issues for the current OpenStack release. You can find more infromation in Neutron bug report You can preserve current behaviour by setting neutron_use_uwsgi: True

  • Please, make sure that in case of federation usage you define domain name instead of it’s ID (ie. Default instead of default) under keystone_sp -> trusted_idp_list -> federated_identities

  • As RabbitMQ HA (mirrored) queues are no longer supported with current version of RabbitMQ, please make sure a migration to Quorum Queues was performed before proceeding with the upgrade. Please check the Migrate between HA and Quorum Queues documentation for more details on the migration path.

  • Group name for HAProxy destination hosts in openstack_user_config.yml` was renamed from haproxy_hosts to load_balancer_hosts. While backwards compatability is kept, it is recommended to replace defenition with the new group during the upgrade.

  • In order to align used Apache MPM across the board, Horizon default MPM is switched from worker to event. A variable horizon_apache_mpm_backend was introduced to define the MPM in use.

  • Service type in catalog has been changed from ha to instance-ha in order to align service types with service deployment guide

  • Changed a default value for a neutron_default_availability_zones variable. From now on role will gather defined neutron_availability_zone across all hosts (which defaults to nova) and attempt to schedule on all available Availability Zones by default. Change of the default should not alter behaviour for single-AZ setups.

  • uWSGI has been re-enabled by default for Neutron one more time. With that new services are introduced which should ensure adequate functionality of Neutron when uWSGI is being used.

    • neutron-periodic-workers service is enabled for all drivers when WSGI is being used. It runs along with previously existing neutron-rpc-server

    • neutron-ovn-maintenance-worker service is added only if ml2.ovn is being used as neutron_plugin_type. The service will be enabled and running only when WSGI is used for Neutron neutron_use_uwsgi is set to True

  • If you are using Ubuntu 22.04 Jammy Jellyfish and install_method: distro please make sure to disable neutron_use_uwsgi as required binaries for this mode to work are missing from packages for this distro.

  • Please, make sure you are running RabbitMQ version of 3.13 before proceeding with the upgrade. In case you RabbitMQ version is lower then 3.13 upgrade to 4.0 will fail. You can run upgrade to 3.13 with same version of role by supplying variable rabbitmq_package_version during runtime, for example: openstack-ansible openstack.osa.rabbitmq_server -e rabbitmq_upgrade=true -e rabbitmq_package_version=3.13.7-1 and then re-running upgrade normally to 4.0.

  • The configuration of apt repositories for the rabbitmq_server role through the rabbitmq_repo variable is changed to match the deb822_repository ansible module. Any deployments that customise the repository configuration should adjust their rabbitmq_repo and rabbitmq_erlang_repo overrides to suit.

  • A web server for repo containers/hosts has been changed from Nginx to Apache. This was made to reduce amount of services we manage with roles and to better align approaches and development vectors.

  • The previously used apt/yum package repositories for rabbitmq located at novemberain.com are have been replaced with those found at rabbitmq.com, in accordance with changes to the rabbitmq installation guide. Any local mirrors should be adjusted to use the recommended upstream sources.

  • Default value of gnocchi_policy_default_file_path has changed to search for policy.yaml file under /etc/openstack_deploy/gnocchi/ folder. Please ensure, that you use YAML format instead of JSON for the file.

Deprecation Notes

  • In order to unify Ceph client installation approaches for EL and Debian platforms following variables were deprecated and are silently ignored:

    • ceph_yum_repo_url

    • ceph_apt_repo_url

    • ceph_apt_repos

  • Following deprecated variables were removed and have no effect:

    • cinder_service_v2_name

    • cinder_service_v2_port

    • cinder_service_v2_proto

    • cinder_service_v2_type

    • cinder_service_v2_description

    • cinder_service_v2_publicuri

    • cinder_service_v2_publicurl

    • cinder_service_v2_adminuri

    • cinder_service_v2_adminurl

    • cinder_service_v2_internaluri

    • cinder_service_v2_internalurl

  • Following variables were deprecated and removed in favor of their analogues

    • cinder_service_description -> cinder_service_v3_description

    • cinder_service_publicuri_proto -> cinder_service_v3_publicuri_proto

    • cinder_service_adminuri_proto -> cinder_service_v3_adminuri_proto

    • cinder_service_internaluri_proto -> cinder_service_v3_internaluri_proto

    • cinder_service_type -> cinder_service_v3_type

    • cinder_service_publicuri -> cinder_service_v3_publicurl

    • cinder_service_adminuri -> cinder_service_v3_adminurl

    • cinder_service_internaluri -> cinder_service_v3_internalurl

    • cinder_service_v3_port -> cinder_service_port

    • cinder_service_v3_proto -> cinder_service_proto

  • Support of Debian 11 (Bullseye) has been removed.

  • Variable rabbitmq_erlang_version_spec has been deprecated and does not have any effect anymore. Please, use rabbitmq_erlang_package_version instead.

  • RabbitMQ HA (mirrored) queues are no longer supported by RabbitMQ, so respective policy was deprecated and removed in favor of quorum queues. Migration to Quorum Queues is expected to be performed on 2024.1 (Caracal) release. Please check the Migrate between HA and Quorum Queues documentation for more details on the migration path.

  • Usage of haproxy_hosts in openstack_user_config.yml` has been deprecated in favor of load_balancer_hosts.

  • The variable keystone_external_ssl was deprecated and is no longer used. You still can control if communication between HAProxy and Keystone should be covered with TLS through keystone_backend_ssl or haproxy_ssl/haproxy_ssl_all_vips for communication between clients and HAProxy on frontend.

  • Variable haproxy_tls_vip_binds has been renamed to haproxy_vip_binds to better reflect variable purpose. Old variable name is still respected but it’s usage is descouraged and old naming will be removed in the future.

Bug Fixes

  • Octavia role now handles quota defenition properly when BFV is set for Amphorae by defining octavia_cinder_enabled: True

  • Used Apache MPMs are aligned across services and will not conflict with each other on metal deployments. Apache MPM event is being used by default.

  • In case of switching Neutron from uWSGI to old eventlet, neutron-rpc-server service will be disabled and stopped by the role.

  • haproxy_all group is no longer populated with bare metal hosts in case of installing haproxy/keepalived inside LXC containers.

  • Functionality of providing different haproxy service settings per haproxy host has been restored through haproxy_limit_hosts key which provides filtering of target HAProxy hosts, to which this configuration should be applied. Before moving <service>_haproxy_services from haproxy_all group_vars it was possible to supply a completely independent set of backends that will be configured on the HAProxy server. With moving backend defenition to specific service group_vars, this ability was lost, as there was no way to tell what config to apply to which HAProxy server.

  • Issues with uWSGI mode for Neutron has been addressed and uWSGI be used for the service.

  • An Octavia amphora provider was returned back to the list of supported providers to satisfy Magnum octavia_provider default label.

  • Skyline is not getting installed anymore by default as part of os-infra_hosts, which might result in unwanted dashboard changes during OpenStack upgrade process.

  • Python wheels build no longer fails in case of issues with a repo host and should succeed as long as there at least one reachable repo host with matching Distro/Version/Architecture.

Other Notes

  • In order to align with oslo.messaging reverted default of heartbeat_in_pthread value we remove own logic of handling the value based on host groups. You still can use oslomsg_heartbeat_in_pthread or specific role variables to alter the behaviour.

  • Default value for octavia_management_net_dhcp was set to False. It means that Octavia management network will not have DHCP enabled by default if os_octavia role is responsible for managaing it.

  • Supplying rabbitmq_upgrade=true no longer re-initialize cluster and will perform regular rolling upgrade of the RabbitMQ cluster.

  • Skyline was removed from being assigned to os-infra_hosts. If you want to install Skyline as your dashboard, you need to define skyline_dashboard_hosts explicitly.