Current Series Release Notes

Deprecation Notes

  • OVN-related HAProxy configuration is deprecated and has been replaced with built-in clustering functionality. OVN-related endpoints will be completely removed in the Z release.

  • With the retirement of upstram Panko project, os_panko role has been deprecated. Panko service API endpoint will be removed during upgrade. If you want to preserve Panko API working, you should override haproxy_panko_api_service.

New Features

  • Added variable galera_init_overrides that can be leveraged to override default set of systemd unit file for mariadb. This also brings requirement of systemd_service role.

  • New variable openstack_ca_bundle_path has been added which defines the path to the ca-bundle certificate which contains all system-trusted CA and will be used by the Python Requests module.

  • Added variable openstack_systemd_global_overrides that defines some defaults for all systemd services. It will be deployed to all hosts and containers, but can be controlled with group_vars or host_vars as well if needed.

  • Added new variable haproxy_stick_table_enabled to haproxy_service_configs, that allows you to conditionally enable or disable the default stick-table.

Upgrade Notes

  • HAProxy haproxy_whitelist_networks key inside haproxy_service_configs dictionary has been replaced with haproxy_allowlist_networks.

Deprecation Notes

  • The following variables have been deprecated and will have no effect:

    • haproxy_ssl_cert_path

    • haproxy_ssl_key

    • haproxy_ssl_pem

    • haproxy_ssl_ca_cert

    These variables were responsible for the path haproxy looked for certificates on the destination hosts.

    Variables were replaced in favor of haproxy_ssl_cert_path since the exact path to certificates will be dynamically set based on the VIP that is used for the frontend

  • Renamed tempest_test_whitelist to tempest_test_includelist and tempest_test_blacklist to tempest_test_excludelist Dependant projects should update to use the new variables

  • Since certificates and CA distribution are now handled with PKI role, variable openstack_host_ca_location has been deprecated and removed.