Queens (4.x.y) Series Release Notes¶
4.1.3-13¶
New Features¶
Adds a new configuration variable,
pip_upper_constraints_file, which is used to configure the file or URL containing the python upper version contraints. Its default value ishttps://releases.openstack.org/constraints/upper/queens.
Upgrade Notes¶
The default value of
kolla_upper_constraints_filehas been changed to{{ pip_upper_constraints_file }}.
Bug Fixes¶
Fixes an issue where chronyd would be enabled as a systemd service in addition to ntpd. This causes issues in deployments where the NTP servers have been customized, as chronyd would win the race on startup, but its configuration file would not have been configured by Kayobe. See story 2005272 for more details.
Fixes an issue with virtual environments on remote hosts, which may over the course of time become stale and incompatible with Kayobe or other software. This was fixed by installing the latest version of packages allowed by OpenStack upper constraints. See story 2005923 for details.
4.1.3¶
Bug Fixes¶
Fixes an issue where the
admin-openrc.shandpublic-openrc.shfiles would not be generated when preparing a new control host environment for an existing cloud. These files are now generated duringkayobe control host bootstrapif the Kolla Ansiblepasswords.ymlfile exists in the Kayobe configuration. See story 2001667 for details.
Stops allocating network and broadcast addresses to hosts when an allocation pool is not defined.
Uses BatchMode to check whether a host is accessible via SSH. This prevents Kayobe from hanging on a password prompt when password authentication is enabled on the host and the Kayobe Ansible user is not yet configured.
4.1.1¶
Security Issues¶
Fixes an issue when generating the
passwords.ymlfile for Kolla Ansible where if the contents of the file have not changed, a plain text copy of the file would be left in /tmp on the Ansible control host.The temporary files are typically named /tmp/tmpXXXXXX, and are owned by the user that runs kayobe, with permissions 664 (rw-rw-r–).
It is recommended to check any systems on which Kayobe has been run for copies of the passwords file in /tmp. A simple check for this is grep -rn database_password /tmp.
Bug Fixes¶
Fixes an issue when generating the
passwords.ymlfile for Kolla Ansible where if the contents of the file have not changed, a plain text copy of the file would be left in /tmp on the Ansible control host.The temporary files are typically named /tmp/tmpXXXXXX, and are owned by the user that runs kayobe, with permissions 664 (rw-rw-r–).
It is recommended to check any systems on which Kayobe has been run for copies of the passwords file in /tmp. A simple check for this is grep -rn database_password /tmp.
4.1.0¶
New Features¶
Adds a new command to upgrade containerised seed services,
kayobe seed service upgrade.
Bug Fixes¶
Fixes an issue with the
--ask-vault-passargument, where Kayobe would fail to generate the Kolla Ansiblepasswords.ymlfile. Also ensures that the user is only prompted for the password once per execution of kayobe.
Fixes a compatibility issue with Ansible modules for Dell switches which was preventing physical network configuration for this type of hardware. See Story 2004588 for details.
Fixes an issue where the seed hypervisor user bootstrapping is not performed when executing
kayobe seed hypervisor host configure. See story 2004401 for details.
The
public-openrc.shfile generated by Kayobe now uses the public network FQDN for populating the OS_AUTH_URL variable instead of using the public virtual IP address. If the FQDN variable is not set, the virtual IP address remains used. This ensures better compatibility with TLS-enabled deployments where certificates are generally tied to a hostname.
4.0.0¶
New Features¶
Adds a new overcloud admin network to improve network separation. The network is intended to be used for remote admin access e.g SSH. If
admin_oc_net_nameis not set, Kayobe will use the previous behaviour of using the overcloud provisioning network for this purpose. See Story 2002096
Adds support for installing extra Python packages inside the kolla-ansible virtualenv, such as when required by Ansible plugins. A list of extra requirements can be configured via the
kolla_ansible_venv_extra_requirementsvariable in$KAYOBE_CONFIG_PATH/kolla.yml. No extra packages are installed by default.
Add support for OpenStack Monasca which provides monitoring-as-a-service for OpenStack at scale.
Add support for deploying Apache Storm which is used by Monasca for alerting.
Add support for configuring MariaDB to support customising the Kolla deployment, or using an external DB.
Adds support for custom Barbican configuration.
Adds support for the Ansible 2.5 release. The version requirement has been increased for both kayobe and kolla ansible.
Adds support for setting the boot protocol of a network interface. Valid values are
staticanddhcp. The default isstatic. When set to an external DHCP server must be provided.
Adds support for installing custom Ansible Galaxy roles during
kayobe control host bootstrapandkayobe control host upgrade. Custom roles are defined in a requirements file at$KAYOBE_CONFIG_PATH/ansible/requirements.yml. The roles will be installed to$KAYOBE_CONFIG_PATH/ansible/roles/.
Adds support for configuration of Dell PowerConnect switches. This is integrated with the kayobe physical network configure command.
Adds a command to rename baremetal compute nodes to match their inventory host name -
kayobe baremetal compute rename
Adds a new command,
kayobe baremetal compute update deployment image, which will update the deploy_kernel and deploy_ramdisk ironic node properties.
Add commands to update packages on seed and overcloud hosts:
kayobe seed host package update --packages <packages>kayobe overcloud host package update --packages <packages>
Adds support for configuration of custom repositories.
yum_custom_reposshould be a dict of repositories.
Adds support for configuration of
live-restoreoption in docker. This is enabled by setting the variabledocker_daemon_live_restore. The option is set tofalseby default.
Facilitates deployment of TLS certificate bundles in environments where SSL is required. To use this feature, populate the contents of the variable
kolla_tls_cert- this will then be copied in to place for use by HAProxy.
Adds support for configuration of the user used by Kolla Ansible for remote execution. The user is configured via
kolla_ansible_user, its primary group viakolla_ansible_group, andkolla_ansible_becomedetermines whether privilege escalation is used by Kolla Ansible for all tasks or only required tasks.
Adds support for configuration of Mellanox switches running MLNX-OS. This is integrated with the kayobe physical network configure command.
Adds support for skipping installation of the
epel-releasepackage, by settingyum_install_epeltofalse. In some cases this is desirable, such as when a local EPEL mirror is available, or access to the public repositories is not possible.
Adds support for configuration of per-host network interfaces in Kolla Ansible. Previously, all interfaces were configured in
globals.yml, meaning that all hosts used the same interface names. Now, interfaces are configured for each host via inventory files.
Introduces a new option -
pip_local_mirror- to configure Pip package installation via a user-defined (often local) PyPi mirror. This is set on a per-user basis, and by default this is for the Kayobe Ansible user, the Kolla Ansible user, and root. See Story 2003315
Adds the ability to prevent configuration of the DNS resolver. This can be done by setting
resolv_is_managedtofalse.
Support configuring tunnel network and interface for VM to VM communication.
Support configuration of the Ironic Neutron Agent and Neutron ML2 baremetal plugin.
Adds an option to upgrade cloud-init in the overcloud host images,
overcloud_host_image_workaround_cloud_init_enabled. Please see: Story 2002610 for full details.
Upgrade Notes¶
Modifies the default
kayobe-configconfiguration to use a remote Python virtual environment for executing Kayobe Ansible tasks. This affects hosts in theseed,seed-hypervisor, andovercloudgroups. See Story 2002010 for details.
It is now possible to specify a URL of a file containing a checksum of the Ironic Python Agent (IPA) images for the seed and overcloud Ironic and Ironic Inspector services. This allows Kayobe to detect changes in the image content and download as necessary. If specifying IPA images via URL, the checksums should be configured accordingly.
The checksum URLs and algorithms are configured via these variables:
{{ ipa_kernel_checksum_url }}{{ ipa_kernel_checksum_algorithm }}{{ ipa_ramdisk_checksum_url }}{{ ipa_ramdisk_checksum_algorithm }}
For the seed this may be customised via these variables:
{{ kolla_bifrost_ipa_kernel_checksum_url }}{{ kolla_bifrost_ipa_kernel_checksum_algorithm }}{{ kolla_bifrost_ipa_ramdisk_checksum_url }}{{ kolla_bifrost_ipa_ramdisk_checksum_algorithm }}
For the overcloud Ironic Inspector service this may be customised via these variables:
{{ inspector_ipa_kernel_checksum_url }}{{ inspector_ipa_kernel_checksum_algorithm }}{{ inspector_ipa_ramdisk_checksum_url }}{{ inspector_ipa_ramdisk_checksum_algorithm }}
The reference to
kolla_external_fqdn_certhas been removed in favour of thekolla_tls_certoption, which handles setting this on the user’s behalf.
Ironic is now configured to use the internal network to reach the TFTP server (by default).
Bug Fixes¶
Fixes an issue introduced by the release of
pipversion 10, whereby the Pythondockerpackage would fail to install. This is resolved by using a remote Python virtual environment for executing Kayobe Ansible tasks by default. See Story 2002010 for details.
Fixes an issue with introspection data not being collected when iPXE was enabled. This meant that certain introspection rules were not being applied. Notably, the local_link_connection field would not be updated on the ironic ports.
Fixes an issue with downloading Ironic Python Agent (IPA) images where new images would not be downloaded if the image had been downloaded previously. See Story 2001660 for details.
Fixes an issue where persistent sysctls were not being applied after a reboot. See story 2002972 for details.
