Rocky (5.x.y) Series Release Notes¶
5.1.0-17¶
New Features¶
Provides project and domain default variables for Monasca. Defaults can be overridden from the Monasca config file etc/kayobe/monasca.yml.
Known Issues¶
Fixes an issue where provisioning a seed VM would fail when the Ansible control host and the seed hypervisor are different hosts. See story 2007530 for more details.
Bug Fixes¶
Fixes the Monasca install type causing issues pulling container images. See story 2007597 for details.
Fixes an issue where chronyd would be enabled as a systemd service in addition to ntpd. This causes issues in deployments where the NTP servers have been customized, as chronyd would win the race on startup, but its configuration file would not have been configured by Kayobe. See story 2005272 for more details.
Fixes an issue where it was not possible to load dashboards into the Monasca Grafana fork when the default Monasca control plane OpenStack project name is used from Kolla Ansible.
Fixes concurrency issues while adding SSH keys to the known hosts file by performing the action serially. See story 2007628 for details.
Fixes an issue where the default value of
public_net_nameincluded a trailing newline. See story 2007654.
Fixes an issue where disabling SELinux would fail on systems without SELinux installed. See story 2007704.
Fixes an issue where host configuration would fail if
ntp_service_enabledis set tofalseorkolla_enable_chronyis set totrue. See story 2007384 for details.
5.1.0¶
New Features¶
Adds support for custom Elasticsearch configuration.
Adds a new configuration variable,
pip_upper_constraints_file, which is used to configure the file or URL containing the python upper version contraints. Its default value ishttps://releases.openstack.org/constraints/upper/{{ openstack_branch }}.
Upgrade Notes¶
The default value of
kolla_upper_constraints_filehas been changed to{{ pip_upper_constraints_file }}.
Bug Fixes¶
Fixes an issue with
kayobe overcloud post configurewhen Ironic is disabled, butironic_serial_console_autoenableis set totrue. See story 2006662 for details.
Fixes an issue when specifying multiple regular expressions to the
kayobe seed container image buildandkayobe overcloud container image buildcommands. See story 2006475 for details.
Fixes an issue where
kayobe overcloud post configurewould use the public OpenStack API interface, which might not be accessible from the control hosts. See story 2006814 for details.
Modifies provisioning and cleaning networks in multi-tenant ironic environments to be non-shared. Flat networks remain shared. To apply the change to an existing environment, run kayobe overcloud post configure. See story 2006409 for details.
Fixes an issue with virtual environments on remote hosts, which may over the course of time become stale and incompatible with Kayobe or other software. This was fixed by installing the latest version of packages allowed by OpenStack upper constraints. See story 2005923 for details.
5.0.3¶
New Features¶
Adds support for skipping configuration of a network, by setting its name to
None. This is done innetworks.ymlas follows:admin_oc_net_name:
Adds support for custom configuration of
keystone.conf.
Bug Fixes¶
Fixes an issue where the
admin-openrc.shandpublic-openrc.shfiles would not be generated when preparing a new control host environment for an existing cloud. These files are now generated duringkayobe control host bootstrapif the Kolla Ansiblepasswords.ymlfile exists in the Kayobe configuration. See story 2001667 for details.
Fixes an issue where multiple NTP daemons could be running on the overcloud hosts, due to Kolla Ansible deploying a chrony container by default starting with the Rocky release.
Kayobe now overrides this default, to ensure that chrony does not conflict with the NTP daemon deployed on the host. To use the containerised chrony daemon instead, set
kolla_enable_chronytotruein${KAYOBE_CONFIG_PATH}/kolla.yml. This will also disable the host NTP daemon.To ensure that chrony is not running, Kayobe removes the chrony container if
kolla_enable_chronyisfalsein the following commands:kayobe overcloud service deploykayobe overcloud service reconfigurekayobe overcloud service upgrade
The play in Kayobe is tagged with
stop-chrony.See story 2005272 for details.
Stops allocating network and broadcast addresses to hosts when an allocation pool is not defined.
Uses BatchMode to check whether a host is accessible via SSH. This prevents Kayobe from hanging on a password prompt when password authentication is enabled on the host and the Kayobe Ansible user is not yet configured.
5.0.1¶
Security Issues¶
Fixes an issue when generating the
passwords.ymlfile for Kolla Ansible where if the contents of the file have not changed, a plain text copy of the file would be left in /tmp on the Ansible control host.The temporary files are typically named /tmp/tmpXXXXXX, and are owned by the user that runs kayobe, with permissions 664 (rw-rw-r–).
It is recommended to check any systems on which Kayobe has been run for copies of the passwords file in /tmp. A simple check for this is grep -rn database_password /tmp.
Bug Fixes¶
Fixes an issue when generating the
passwords.ymlfile for Kolla Ansible where if the contents of the file have not changed, a plain text copy of the file would be left in /tmp on the Ansible control host.The temporary files are typically named /tmp/tmpXXXXXX, and are owned by the user that runs kayobe, with permissions 664 (rw-rw-r–).
It is recommended to check any systems on which Kayobe has been run for copies of the passwords file in /tmp. A simple check for this is grep -rn database_password /tmp.
5.0.0¶
New Features¶
Added commands to enable and disable the Ironic serial console. This allows you to use the serial console from within Horizon.
Added the ability to configure baremetal serial consoles during the post configure step. This is controlled via
ironic_serial_console_autoenableinetc/kayobe/ironic.yml.
Adds support for specifying a CA certificate when accessing APIs. The path to the CA certificate may be specified via
openstack_cacert, which takes its default value from theOS_CACERTenvironment variable. See story 2004911 for details.
Adds support for the
defroutenetwork attribute. This attribute can be used to disable configuration of the default gateway by a specific interface. This is particularly useful to ignore a gateway address provided via DHCP. Note that this attribute is only supported on distributions of the Red Hat family.
Adds support for configuring the Docker Registry by providing environment variables to its container via the
docker_registry_envAnsible variable. For example, the registry can be configured as a pull through cache to Docker Hub using:docker_registry_env: REGISTRY_PROXY_REMOTEURL: "https://registry-1.docker.io"
Note that it is not possible to push to a registry configured as a pull through cache. See story 2004817 for details and the Docker documentation for the full list of configuration options.
Supports fluentd custom input configuration
Add commands to run commands on seed hypervisor, seed and overcloud hosts:
kayobe seed hypervisor host command run --command <command>kayobe seed host command run --command <command>kayobe overcloud host command run --command <command>
Adds support for setting the kolla_external_fqdn_cacert variable which allows customizing the CA certificate file to be used as the OS_CACERT environment variable in openrc files when TLS is enabled.
Kayobe no longer requires a checkout of the source code repository to function. The files needed to run kayobe are now shipped as part of the python package. Please see: Story 2004252 for more details.
Adds support for a
--disable-discoveryargument to thekayobe physical network configurecommand. This can be used to configure the physical network after discovery of bare metal compute nodes is complete, to return the network to a normal state. The interface configuration to be applied is configured viaswitch_interface_config_disable_discovery.
Updates dependencies to use the OpenStack Rocky release.
Adds support for including or excluding files from the output of
kayobe overcloud service configuration save. This is particularly useful for large files such as the Ironic IPA images.
Adds support for configuring LVM volume groups on the seed hypervisor. Setting the
seed_hypervisor_lvm_groupsvariable in$KAYOBE_CONFIG_PATH/seed-hypervisor.ymlto"{{ seed_hypervisor_lvm_groups_with_data }}"and providing a list of storage devices via theseed_hypervisor_lvm_group_data_disksvariable will configure a logical volume mounted to/var/lib/libvirt/images. No LVM volume groups are configured by default.
Adds a new command to upgrade containerised seed services,
kayobe seed service upgrade.
Adds support for configuration of options in
/etc/yum.conf, via theyum_configvariable.
Upgrade Notes¶
When enabled, a Docker Registry is now deployed on hosts in the
docker-registrygroup, which defaults to include the seed. The existing behaviour of deploying on the first controller can be retained by removing the seed group from[docker-registry:children]in$KAYOBE_CONFIG_PATH/inventory/groups` and creating a ``[docker-registry]group including the name of the first controller.
Modifies the default value of
docker_registry_imagevariable to not use a private registry in the image name by default. This avoids a potential circular dependency during deployment of the registry container.
Modifies the default value of
kolla_docker_registryvariable to the value of thedocker_registryvariable. The default value ofdocker_registryis unset. This avoids needing to set the same value in two places when a private Docker registry is in use.
The manage-lvm Ansible role was upgraded to version v0.1.4. If you are overriding variables to customize definitions of volume groups, you need to change the value of the
disksparameter from a comma-separated string to a list. For example, changedisks: "/dev/sda,/dev/sdb"to:disks: - "/dev/sda" - "/dev/sdb"
Modifications to the kayobe source tree will no longer have an immediate effect. This is because the ansible playbooks are now shipped as part of the kayobe package. You must reinstall the package, or use an editable package install, see: pip editable-installs, to replicate the old behaviour.
Overcloud Ironic must now be configured with the variable
kolla_ironic_enabled_hardware_types;kolla_ironic_drivershas been removed.
Bifrost’s
kolla_bifrost_enable_ipmitool_driversandkolla_bifrost_enable_pxe_driversvariables have been removed. Bifrost must now be configured by setting the variablekolla_bifrost_enabled_hardware_typesto be a list of hardware types to enable.
Deprecation Notes¶
The switch configuration variable
switch_interface_config_discoveryhas been deprecated in favour ofswitch_interface_config_enable_discovery. Support forswitch_interface_config_discoverywill be removed in the T* release.
First class support in Kayobe for deploying cAdvisor has been removed since this is now supported via Kolla-Ansible.
First class support in Kayobe for deploying Prometheus Node exporter has been removed since this is now supported via Kolla-Ansible.
Bug Fixes¶
Fixes an issue with the
--ask-vault-passargument, where Kayobe would fail to generate the Kolla Ansiblepasswords.ymlfile. Also ensures that the user is only prompted for the password once per execution of kayobe.
Fixes a compatibility issue with Ansible modules for Dell switches which was preventing physical network configuration for this type of hardware. See Story 2004588 for details.
Fixes an issue where if a host has the same name as a group that it is in, configuration of kolla ansible inventory host variables could fail to override the defaults. See story 2004418 for details.
Fixes an issue where CLI arguments containing whitespace that are passed to Ansible needed to be quoted. See Story 2004379 for details.
Fixes an issue where the seed hypervisor user bootstrapping is not performed when executing
kayobe seed hypervisor host configure. See story 2004401 for details.
The
public-openrc.shfile generated by Kayobe now uses the public network FQDN for populating the OS_AUTH_URL variable instead of using the public virtual IP address. If the FQDN variable is not set, the virtual IP address remains used. This ensures better compatibility with TLS-enabled deployments where certificates are generally tied to a hostname.
