Current Series Release Notes

22.0.0.0b1-10

Other Notes

  • pw-token-gen.py script will generate always 32 char string instead of random choice between 24 or 32 length.

22.0.0.0b1

New Features

  • Support is added for deploying OpenStack on CentOS 8 with source and distro based installs. However, nspawn support can’t be offered, as machinectl relies on btrfs which has been dropped by CentOS.

  • Support is added for deploying OpenStack on Ubuntu Focal (20.04) with source based installs. Ubuntu Cloud Archive is not available for Focal at this point so it is not possible to offer distro package based installs for Focal.

  • New variables have been added to allow a deployer to enable iPXE support for Ironic Conductor, which uses HTTP rather than TFTP, and can speed up baremetal provisioning considerably. To enable, simply set the ironic_ipxe_enabled override to True.

  • Openstack services and infrastructure such as galera, rabbitmq and memcached already have defaults in their ansible roles to control the IP address which those services bind to. Prior to this release the default of 0.0.0.0 was used. A global setting in the openstack-ansible group variables now overrides those default bind address to be the local address on the openstack management network (typically br-mgmt) for the relevant host or container.

  • Added variables cinder_active_active_cluster and cinder_active_active_cluster_name that allow to explicitly enable or disable active/active feature, and set cluster name.

  • Added variable haproxy_ssl_letsencrypt_certbot_challenge which is default to http-01. As for now really tested in only http-01 but we keep door open for adding support for more challanges, like dns-01. For http-01 all required arguments are passed, but oth other challanges you might want to use haproxy_ssl_letsencrypt_setup_extra_params to pass missing arguments.

  • OpenStack-Ansible now provided corosync and pacemaker cluster setup as part of the os-masakari-install playbook. Corosync/pacemaker cluster is required for the proper work of masakari hostmonitors, as they identify hosts state with help of corosync.

  • Added variable nova_scheduler_extra_filters which allows to extend list of defaulted nova_scheduler_default_filters

  • Experimental support has been added to allow the deployment of the OpenStack Senlin service when hosts are present in the host group senlin-infra_hosts.

  • Added variable uwsgi_ini_overrides and uwsgi_init_config_overrides which might be useful if deployer wants to adjust some uwsgi parameter for all services, so that there was no necessity to use bunch of the overrides for each service.

Known Issues

  • Ubuntu Cloud Archive (UCA) does not contain Ubuntu Bionic distro packages for Victoria, so only source install/upgrade path (default) will work correctly for Ubuntu 18.04.

Upgrade Notes

  • Remove CONF.scenario.img_dir option as it is being removed from Tempest after ~4 year deprecation period. CONF.scenario.img_file option needs to contain the full path to an image to upload to glance.

  • The default bind address for all openstack services and infrastructure services such as galera, rabbitmq and memcached has changed from 0.0.0.0 to the IP address of the openstack mangement network on the relevent host or container. Deployers should ensure that any additional systems that expect to communicate with internal components of their openstack-ansible deployment do so over the managment network. Services which are bound to the management network IP will not be accessible via other interfaces.

  • Deployments which follows distro path (services are installed from distro packages rather then in virtualenvs) should upgrade Ubuntu 18.04 -> 20.04 before performing OpenStack Ussuri -> Victoria upgrade, since Ubuntu Cloud Archive does not provide Victoria system packages for 18.04.

  • There’s no need in providing neither http-01-address nor http-01-port options with haproxy_ssl_letsencrypt_setup_extra_params, as they are now configured with corresponding variables haproxy_ssl_letsencrypt_certbot_bind_address and haproxy_ssl_letsencrypt_certbot_backend_port

  • There’s no need in keeping letsencrypt service in haproxy_extra_services as well as copying and maintaining whole haproxy_default_services in order to get overrides for horizon. From now on required adjustments are provided by defualt and letsecrypt installation path has been simplified.

  • String value of nova_scheduler_default_filters is converted to the list At the moment there is compatability for overriden values, that are string, but this support will be removed in the future releases. So deployers are recommended to replace their string overrides with list ones.

  • As support for Centos-7 is removed from openstack-ansible in the Victoria release it is no longer necessary to support LXC2 configuration syntax in the lxc_container_create ansible role. The version of LXC is now assumed to be 3 or greater, and any LXC configuration keys that are being overriden by the deployer in the variable lxc_container_config_list should be updated to be LXC3 syntax as these will no longer be be converted by ansible code..

Deprecation Notes

  • To provide compatibility with Centos-8 the LXC cache preparation has been greatly simplified to remove the requirement for machinectl and btrfs, which is a combination not available on Centos-8. This has the side effect of machinectl no longer being a supported backing store for LXC.

  • Glance registry service has been finally removed

Bug Fixes

  • Since Ubuntu has dropped older base images, which resulted in all previous tags being broken, we’ve switched to downloading always latest base image available. This should guarantee that we retrieve relevant images only.

Other Notes

  • HAProxy now verifies if repo server is healthy by repo_sync_complete file that is created with repo_server role. This should prevent non-synced repo containers from participating in load balancing.

21.0.0.0rc1

New Features

  • Multiple HAProxy nodes can now be deployed in an HA configuration with keepalived and LetsEncrypt certificates. Certbot can be treated as a backend service for haproxy and acme-challenge requests from LetsEncrypt can be directed to whichever HAProxy server is running a certificate renewal. New variables are defined for frontend ACLs and options to be passed to Certbot which enable this new feature, but the majority of the required configuration is done via the existing HAProxy service setup. An example is provided in the documentation.

  • The galera_server role now includes the functionality from the galera_client role, and can optionally install the client and server components. This is controlled using two booleans, galera_install_server and galera_install_client, both of which default to false.

Upgrade Notes

  • The galera_server role now includes the functionality from the galera_client role, and as a result a number of the variables from the galera_client defaults are now available to override in the galera_server role defaults. In addition, a number of default variables have been generalised, removing the specific _client_ or _server_ parts of the names. Users of this role should check that any overrides they are using have the correct variables names for the new combined role.

Deprecation Notes

  • Fedora is no longer tested in CI for each commit.

  • rabbitmq_install_method: file is deprecated now and will be removed in the Wallaby release. As for now supported options are only external_repo and distro. Among with that the following variables are deprecated and prepared for the removal:

    • rabbitmq_package_url

    • rabbitmq_package_sha256

    • rabbitmq_package_path

    Variable rabbitmq_release_version has been removed as not used anymore.