Queens Series Release Notes


New Features

  • Added parameters nova::ssl_only, nova::cert, nova::key to manage SSL options for VNC.

  • Add the ability to set reserved_huge_pages on nova-computes via a string or a list of strings.

  • The nova_aggregate resource type can now unset aggregate metadata. [Bug 1776772]

  • Adds nova::compute::libvirt_guests to manage /etc/sysconfig/libvirt-guests to configure libvirt-guests for compute reboot and handle running instance properly.

  • This allows for specifying granular CPU feature flags, when specifying CPU models. It should be set only if cpu_mode and cpu_model conf parameter are set and cpu_mode parameter value is set to “custom”. The recent “Meltdown” CVE fixes have resulted in critical performance penalty which impacts every Nova guest within certain CPU models.

    More info is available in nova release notes.

  • Adds log_filters parameter to nova::compute::libvirt. Defines a filter to select a different logging level for a given category log outputs, as specified in https://libvirt.org/logging.html . Default undef

  • Add tls_priority parameter to nova::compute::libvirt class to override the compile time default TLS priority string. The default is usually “NORMAL” unless overridden at build time. Only set this if it is desired for libvirt to deviate from the global default settings.

  • Add parameter mem_stats_period_seconds to specify number of seconds to memory usage statistics period, zero or negative value mean to disable memory usage statistics.

  • The libvirt driver allows passing different mount options to the nfs client. [libvirt]/nfs_mount_options, defaulting to <None>.

  • Add openstack-db tag to Exec that run db-sync.

  • Exposes the devices/enabled_vgpu_types config option for vgpu support. More information in the nova vgpu documentation.

  • Add support for libvirt volume_use_multipath the ability to use multipath connection of the iSCSI or FC volume. Volumes can be connected in the LibVirt as multipath devices. Adds new parameter “nova::compute::libvirt::volume_use_multipath”

Upgrade Notes

  • Add support to enable/disable live-migration for NUMA topology instances

    Add configuration parameter workarounds/enable_numa_live_migration (defaults to false) which allows to enable/disable live-migration for NUMA topology instances.

Deprecation Notes

  • The image_service parameter is deprecated, as we are already using python-glanceclient instead of old glance client.

  • nova::notify_api_faults is deprecated and will be removed in a future release. Please use nova::notify_on_api_faults instead.

  • The notify_on_api_faults parameter is deprecated as it is also removed from nova config options in change https://review.openstack.org/#/c/505164.

Bug Fixes

  • Add cinder credentials in cinder section of nova conf to fix issue when reclaim_instance_interval > 0 and delete instance which booted from volume ‘delete_on_termination’ set as true. The volume status showing attached and in-use, even after instance deletion, since the admin context didn’t have any token info hence call to cinder api failed. In case when context is is_admin and without token,added cinder creds used to do authentication with user/project info to call cinder api. [Bug 1734025]

  • Fix live_migration_inbound_addr when used with non-default port/user/extra_params

    live_migration_scheme was being used when live_migration_inbound_addr was set. This prohibits a non-default port/user/extra_params being used which is often required to fully describe the uri, particularly for the ssh transport (see https://bugs.launchpad.net/nova/+bug/1671288).

    However live_migration_inbound_addr also works with live_migration_uri, so for now revert back to using live_migration_uri in all cases.


New Features

  • Add CORS configuration support

  • Adds the kombu_failover_strategy option for configuring oslo.messaging.rabbit. This will determines how the next RabbitMQ node is chosen in case the one we are currently connected to becomes unavailable.

  • Add parameters to configure TLS for nova novncproxy to/from libvirt/qemu:

    • nova::vncproxy::allow_noauth

    • nova::vncproxy::allow_vencrypt

    • nova::vncproxy::vencrypt_key

    • nova::vncproxy::vencrypt_cert

    • nova::vncproxy::vencrypt_ca

    • nova::compute::libvirt::qemu::vnc_tls

    • nova::compute::libvirt::qemu::vnc_tls_verify

    More info is available in the nova vnc-proxy documentation.


New Features

  • Added parameter verify_glance_signatures to enable verification of signatures on glance images.

  • Adds the use_journal option for configuring oslo.log. This will enable passing the logs to journald.

Bug Fixes

  • Restore NoopQuotaDriver quota_driver in child cell with CellsV1 as it is still required to disable quota checking in child cells.

  • Correct permissions on the nova logfiles. If the nova-manage commands (such as dbsync) were initially run as root then subsequent runs as the nova user would fail as the logfile is owned by root (see bug 1671681). The ownership of all nova logfiles is now checked before configuring nova, as a similar issue could prevent a service starting, and the nova-manage command is now run as the correct user.

    Adds nova::params::nova_user and nova::params::nova_group. nova::cron::archive_deleted_rows::user now defaults to nova::params::nova_user instead of hardcoding ‘nova’


New Features

  • Add parameter to set notification format. Specifies which notification format shall be used by nova.

  • Added group parameter to configure qemu.conf

  • Expose use_json logging parameter, which enables JSON formatted logging.

Upgrade Notes

  • Remove use_local parameter use_local parameter is deprecated, has no effect and will be removed in the future.

Deprecation Notes

  • keymgr_api_class is now deprecated in favor of keymgr_backend, with full backward compatibility for users. keymgr_backend is set to nova.keymgr.conf_key_mgr.ConfKeyManager by default and configures key_manager/backend instead of key_manager/api_class.


New Features

  • Added nova patching configuration parameters. These parameters are available in nova.conf, but are not configurable using puppet-nova. The monkey patching parameters allow patching a decorator for all functions in specified modules. This change create patch/config.pp file to make these parameters configurable.

    • Add ability to configure compute/consecutive_build_service_disable_threshold on the compute notes.

  • The parameter log_outputs in the libvirt manifest has been expose in order to be able to configure where the libvirtd logs end up (which could be in multiple places depending on the value for that parameter). It configures the configuration value with the same name, as explained in the documentation - https://libvirt.org/logging.html

  • Add parameter to apacher_wsgi to allow overwrite and/or add additional wsgi process options.

Known Issues

  • Keystone v2.0 API was removed so we need to set a default value for user_domain_name and project_domain name, which will be Default as it is already in some other classes in modules.

Upgrade Notes

  • Remove Class nova::rabbitmq nova::rabbitmq class is deprecated and will be removed in next release. Make other plans to configure rabbitmq resources.

  • Remove Class nova::network nova-network is deprecated in Newton and will be removed in the future.

  • Remove Class nova::wsgi::apache nova::wsgi::apache is deprecated and will be removed in a future release, please use nova::wsgi::apache_api.

  • Remove extra_params parameter The nova::cell_v2::cell::extra_params parameter is deprecated and will be ignored.

  • Remove live_migration_progress_timeout parameter

  • Remove nova-start This is here for backwards compatibility for any external users of the nova-start anchor. This should be considered deprecated and removed in the future cycle.

  • Remove parameter nova::compute::pci_passthrough The pci_passthrough parameter is deprecated. Please use nova::compute::pci::passthrough instead.

  • remove revocation_cache_time parameter revocation_cache_time parameter is deprecated, has no effect and will be removed in the future.

  • remove revocation_cache_time parameter revocation_cache_time parameter is deprecated, has no effect and will be removed in the future.

  • Remove useless method file_path This needs to be removed. This has been replaced with the class method.

  • Remove some useless parameters [neutron_auth_strategy] (optional) DEPRECATED. [neutron_admin_password] DEPRECATED. Password for connecting to Neutron network services in admin context through the OpenStack Identity service. Use neutron_password instead. [neutron_admin_tenant_name] (optional) DEPRECATED. Tenant name for connecting to Neutron network services in admin context through the OpenStack Identity service. Use neutron_project_name instead. [neutron_admin_username] (optional) DEPRECATED. Username for connecting to Neutron network services in admin context through the OpenStack Identity service. Use neutron_username instead. [neutron_admin_auth_url] (optional) DEPRECATED. Points to the OpenStack Identity server IP and port. This is the Identity (keystone) admin API server IP and port value, and not the Identity service API IP and port. Use neutron_auth_url instead.

  • Remove some useless parameters Some parameters are useless in xenserver.pp, have no effect and will be removed in the future.

  • Remove wsdl_location parameter wsdl_location parameter is now deprecated and will be removed in the future release.

  • The default value for nova::cinder_catalog_info is changed to ::os_service_default(use default set by nova which is currently ‘volumev3:cinderv3:publicURL’) from ‘volumev2:cinderv2:publicURL’ because nova has removed the support of cinderv2 in https://review.openstack.org/#/c/501874/.

Deprecation Notes

  • nova::api::pci_alias is deprecated by nova::pci::aliases nova::compute::pci_passthrough is deprecated by nova::compute::pci::passthrough

  • revocation_cache_time option is now deprecated for removal, the parameter has no effect.

  • Nova-cert service configuration class has been removed.

Bug Fixes

  • [pci]/alias option is now required in the nova configuration file on compute nodes too. This requires refactoring of the manifests as the parameter is common to nova::compute and nova::api. Common pci configuration is now done by the nova::pci class while compute specific configuration is done now by the nova::compute::pci class.

Other Notes

  • Added Nova Conductor service to the list of services where the default number of spawned child processes for distributing processing have had their default value changed from ::processorcount to ::os_workers.

  • removed useless option nova::network::neutron::neutron_default_tenant_id

  • removed useless option nova::network::neutron::neutron_auth_plugin

  • removed useless option nova::network::neutron::neutron_ca_certificates_file