2024.2 Series Release Notes

17.0.0

New Features

• Added initial support for systemd-networkd link configuration, now you can configure and rename the name of a network interface if you know the MAC address of the interface.

• Adds the internal VIP to the NOPROXY/noproxy environment variables.

• Ironic Inspector configuration can now be customised by placing config overrides in the $KAYOBE_CONFIG_PATH/kolla/config/ironic-inspector or $KAYOBE_CONFIG_PATH/environments/<environment>/kolla/config/ironic-inspector directories. This can be used to a define a known_devices.yaml file which is used to configure the accelerators plugin in Ironic Inspector.

• Adds support for setting whether an Apt repo is trusted.

• The kolla_base_arch variable has been introduced, allowing users to specify the architecture for base container images. This supports cross-architecture builds, enabling the building of images for architectures different from the host machine (e.g., building aarch64 images on an x86_64 machine).

  By default, kolla_base_arch is set to the detected architecture ({{ ansible_facts.architecture }}). However, when kolla_base_arch differs from the host architecture, the multiarch/qemu-user-static image is used to facilitate cross-arch builds.

• Adds support for configuring Cumulus switches using the NVIDIA User Experience command line utility (NVUE). This is integrated with the kayobe physical network configure command.

• Adds support for using Cumulus switches (NCLU and NVUE) with Networking Generic Switch.

• Adds a new redfish_address variable and extends the kayobe overcloud inventory discover command to discover the address from the Bifrost node inventory.

• Enables ProxySQL by default. ProxySQL can be disabled by setting the kolla_enable_proxysql variable to false.

• Adds support for using different interface than Bifrost PXE one for admin interface during overcloud provision. This can be enabled by setting kolla_bifrost_use_introspection_mac to true or setting kolla_bifrost_ipv4_interface_mac in respective host host_vars.

• Adds support for customising Neutron physical network names using the physical_network network attribute.

• Adds support for specifying boot_firmware and machine variables to seed and infra VMs. This can be used to launch VMs in UEFI boot mode with Q35 machine type.

• Bumps stackhpc.libvirt-vm Ansible role to v1.16.1.

• Adds support for configuring Apt preferences under /etc/apt/preferences.d.

• Adds support for skipping SSH keyscan when configuring switches using kayobe physical network configure using a switch_skip_keyscan variable.

• Adds support for Ubuntu Noble Numbat (24.04) LTS as a host and container Operating System for seed, seed hypervisor and overcloud hosts. Default Ubuntu version has been changed to Ubuntu Noble (24.04) LTS.

• Adds validation to protect against executing Kayobe from within a different Kayobe configuration repository than the one referred to by environment variables (e.g. KAYOBE_CONFIG_PATH) or CLI arguments (e.g. --config-path).

Upgrade Notes

• Python 3.9.x is no longer supported on the control host. On Rocky Linux 9, please recreate your virtualenv with python3.12.

• Updates the maximum supported version of Ansible from 9.x (ansible-core 2.16) to 10.x (ansible-core 2.17). The minimum supported version is updated from 8.x to 9.x. On Rocky Linux 9, you will need to recreate your Kayobe virtualenv using python3.12 as support for python3.9 has been dropped.

• Bumps the stackhpc.linux collection to 1.3.0. Note this version uses systemd to activate virtual functions. This change is restricted to the stackhpc.linux.sriov role, which is not used by Kayobe. If a custom playbook uses this role, you can retain existing behaviour by setting sriov_numvfs_driver to udev.

• Ansible plugins, roles, and collections (collectively known as extensions) installed in Kayobe configuration no longer have precedence over internal Kayobe variants of the same extension. You can revert back to the previous behaviour by manually exporting the relevant Ansible variables, e.g ANSIBLE_COLLECTIONS_PATH. It is not anticipated that this will affect many users as it is still possible to supplement Kayobe with additional plugins.

• System folders and home directories are no longer searched when looking for Ansible extensions. It is recommended to install your collections using $KAYOBE_CONFIG_PATH/ansible/requirements.yml.

• Kayobe no longer overrides the enabled and default Ironic hardware types and interfaces. This ensures that changes to the default values in Ironic are automatically adopted. These may still be customised via the existing Kayobe variables in ${KAYOBE_CONFIG_PATH}/ironic.yml, e.g. kolla_ironic_enabled_hardware_types.

  The default configuration generated by Kayobe in Caracal was:

  enabled_hardware_types = ipmi
  enabled_bios_interfaces = no-bios
  enabled_boot_interfaces = ipxe,pxe
  enabled_console_interfaces = ipmitool-socat,no-console
  enabled_inspect_interfaces = inspector,no-inspect
  enabled_management_interfaces = ipmitool
  enabled_network_interfaces = noop,flat,neutron
  enabled_power_interfaces = ipmitool
  enabled_raid_interfaces = agent,no-raid
  enabled_rescue_interfaces = agent,no-rescue
  enabled_vendor_interfaces = no-vendor
  

  In Dalmatian, Ironic defaults are:

  enabled_hardware_types = ipmi,redfish
  enabled_bios_interfaces = no-bios,redfish
  enabled_boot_interfaces = ipxe,pxe,redfish-virtual-media
  enabled_console_interfaces = no-console
  enabled_inspect_interfaces = no-inspect,redfish
  enabled_management_interfaces = <determined by enabled hardware types>
  enabled_network_interfaces = flat,noop
  enabled_power_interfaces = <determined by enabled hardware types>
  enabled_raid_interfaces = agent,no-raid,redfish
  enabled_rescue_interfaces = no-rescue
  enabled_vendor_interfaces = ipmitool,redfish,no-vendor
  

  In particular, note that the neutron network interface is no longer enabled by default.

• Updates the minimum supported version of Ansible from 2.15 to 2.16, and the maximum supported version from 2.17 to 2.18 in the Kolla Ansible virtualenv. The Python version used to install Kolla Ansible on Rocky 9 is bumped to 3.12.

• The physical_network attribute must now be applied consistently to all external networks in Kayobe configuration. If any external network has the attribute, then all others must also.

• Updates the default Neutron ML2 type drivers and tenant network types to use geneve instead of vxlan when OVN is enabled. This affects the kolla_neutron_ml2_type_drivers and kolla_neutron_ml2_tenant_network_types variables.

• Bumps the nvidia.nvue collection to 1.2.6.

• If you have customized inspector_keep_ports, ensure it is set to one of: all, present, or added. Prior to this release, setting inspector_keep_ports to any truthy value would result in the keep_ports Ironic Inspector configuration option being set to present. As the default value of inspector_keep_ports is added, we are effectively changing the default value of keep_ports from present to added. If you are relying on the previous behaviour you should set ironic_keep_ports to present.

• Changes the default boot firmware for seed and infra VMs to efi. Set infra_vm_boot_firmware and seed_vm_boot_firmware to bios to retain existing behaviour.

Security Issues

• When running API requests from a host configured with kayobe, traffic destined for the internal VIP is sent via the default proxy. This can be a security issue if not using TLS as the proxy will be able to intercept the traffic. If using an untrusted proxy, with TLS disabled on the internal VIP, it is recommended that you run kayobe overcloud host configure -t proxy, kayobe seed hypervisor host configure -t proxy, kayobe seed host configure -t proxy, and kayobe infra vm host configure -t proxy, to add the internal VIP to the no proxy configuration. This is considered a minor issue as traffic between containers will not use the proxy by default. LP#2087556

• Avoid leaking DNF repository username/password credentials in the Kayobe output by adding loop control to print only the repository key. LP#2087938

Bug Fixes

• eos_config does not support the provider parameter since Ansible 7. Users are required to update their configuration according to Arista EOS documentation.

• Fixes IPA and host image build failures when Git was not installed on the build host. LP#2058922

• Fixes an issue where task ‘Ensure ironic nodes use the new Ironic Python Agent (IPA) images` fails with ‘dict object’ has no attribute ‘deploy_kernel’. LP#2083014

• The proxysql image is now built when kolla_enable_proxysql is set to true.

• Avoid leaking DNF repository username/password credentials in the Kayobe output by adding loop control to print only the repository key. LP#2087938

• Fixes an issue where networking failed to come up after kayobe overcloud host provision as cloud-init wasn’t installed. Add cloud-init element to overcloud_dib_elements_default so it’s no longer missing. Expected behavior was that cloud-init-datasource had it as dependency.

• Fixes a bug where systemd-networkd was not permanently enabled when the unit was already in state runtime-enabled. LP#2073100

• Updates the group and mode set on the /var/log/journal directory to match default ownership and permissions used by systemd-journald. LP#2083494

• Fixes generation of kernel parameters when the GRUB_CMDLINE_LINUX_DEFAULT variable is absent from /etc/default/grub. LP#2083874.

• The Ansible search paths, when running Kayobe internal playbooks, have been modified so that collections, roles and plugins internal to the Kayobe installation have precedence over those installed in Kayobe configuration. This improves the usability as it is now possible to install a newer version of an extension without affecting internal Kayobe playbooks. LP#2056473

• Fixes an issue when using overcloud Ironic with a shared Ansible control host. The use of a shared cache directory could lead to a failure to download Ironic Python Agent (IPA) images. LP#2069845

• inspector_keep_ports can be set to one of: all, present, added. The previous behavior was to set this to present if the variable was changed to any truthy value. This respects the behavior indicated in the comments.

• Fixes compatibility with Rocky Linux 9.4 GenericCloud images by switching to efi boot firmware.

• Switches to using ansible-core based kolla-ansible install. This is a workaround for LP#2072979, but also results in a lighter weight install.

• Switches to using a newer version of the docker community collection to workaround issues using the docker ansible modules with certain combinations of python libraries. See LP#2072979.