Stein (6.x.y) Series Release Notes

6.1.0-35

New Features

  • Provides project and domain default variables for Monasca. Defaults can be overridden from the Monasca config file etc/kayobe/monasca.yml.

  • Adds a seed_vm_interfaces variable which defines the network interfaces to which the seed VM is attached.

Known Issues

  • Fixes an issue where provisioning a seed VM would fail when the Ansible control host and the seed hypervisor are different hosts. See story 2007530 for more details.

Upgrade Notes

  • The default order of network interfaces in the seed VM is now sorted alphabetically based on their Kayobe network name. This may require the seed’s network interface names to be changed in configuration if the seed VM is recreated. See story 2007259 for details.

Bug Fixes

  • Fixes the Monasca install type causing issues pulling container images. See story 2007597 for details.

  • Fixes an issue where chronyd would be enabled as a systemd service in addition to ntpd. This causes issues in deployments where the NTP servers have been customized, as chronyd would win the race on startup, but its configuration file would not have been configured by Kayobe. See story 2005272 for more details.

  • Fixes an issue where it was not possible to load dashboards into the Monasca Grafana fork when the default Monasca control plane OpenStack project name is used from Kolla Ansible.

  • Fix an issue where the StackHPC iDRAC role would break when configuring RAID when used with a recent release of the python-dracclient module.

  • Fixes concurrency issues while adding SSH keys to the known hosts file by performing the action serially. See story 2007628 for details.

  • Fixes an issue where the default value of public_net_name included a trailing newline. See story 2007654.

  • Fixes an issue where disabling SELinux would fail on systems without SELinux installed. See story 2007704.

  • Fixes an issue with idempotency of Ironic Inspector rule creation. See story 2007399 for details.

  • Fixes a bug where introspection data save would fail. See Story 2007326 for more details.

  • Fixes an issue with seed VMs with multiple network interfaces where interfaces could come up in a different order if the VM is recreated. The interfaces are now created in alphabetical order of their Kayobe network name by default. See story 2007259 for details.

  • Fixes an issue seen when libselinux-python is not installed on the Ansible control host. See story 2007703 for details.

  • Improves error message seen when discovering SSH known hosts for a host without an IP address defined in ${KAYOBE_CONFIG_PATH}/network-allocation.yml.

  • Fixes generation of pip configuration when using a pip proxy without a local mirror.

  • Fixes an issue where host configuration would fail if ntp_service_enabled is set to false or kolla_enable_chrony is set to true. See story 2007384 for details.

6.1.0

New Features

  • Adds support for custom Elasticsearch configuration.

Upgrade Notes

  • The database backup support in Kolla Ansible has been modified to use Mariabackup rather than Xtrabackup.

Deprecation Notes

  • The kolla_enable_xtrabackup variable is deprecated in favour of kolla_enable_mariabackup.

Bug Fixes

  • Fixes an issue with kayobe overcloud post configure when Ironic is disabled, but ironic_serial_console_autoenable is set to true. See story 2006662 for details.

  • Fixes an issue when specifying multiple regular expressions to the kayobe seed container image build and kayobe overcloud container image build commands. See story 2006475 for details.

  • Fixes an issue where kayobe overcloud post configure would use the public OpenStack API interface, which might not be accessible from the control hosts. See story 2006814 for details.

6.0.0

New Features

  • Adds support for custom Blazar configuration.

  • Adds support for custom Ceilometer configuration.

  • Adds support for custom CloudKitty configuration.

  • Adds support for custom Gnocchi configuration.

  • Adds support for overriding configuration globally for all OpenStack services by generating a global.conf file for use by Kolla Ansible. See story 2005904 for details.

  • Adds support for customising the refactored HAProxy configuration introduced in Kolla Ansible in the Stein release, using $KAYOBE_CONFIG_PATH/kolla/config/haproxy-config/.

  • Adds support for custom Keepalived configuration.

  • Adds support for configuration of Arista switches running EOS 4.15 or later. This is integrated with the kayobe physical network configure command.

  • Adds commands to make use of the database backup and recovery features in Kolla Ansible.

    kayobe overcloud database backup [--incremental] can be used to take a full or incremental backup of the database using Xtrabackup.

    kayobe overcloud database recover [--force-recovery-host <host>] can be used to recover a database cluster that has lost Quorum.

  • Adds support for arbitrary Docker storage drivers, configured via docker_storage_driver. Previously only devicemapper and overlay were supported.

  • Adds support for skipping configuration of a network, by setting its name to None. This is done in networks.yml as follows:

    admin_oc_net_name:

  • Adds support for custom configuration of keystone.conf.

  • Adds support for configuring software RAID arrays using mdadm. Software RAID configuration is applied before LVM configuration, which allows creating LVM volumes on top of software RAID arrays. See story 2005017 for details.

  • Adds two new variables, openstack_release and openstack_branch, in ${KAYOBE_CONFIG_PATH}/openstack.yml for setting the current OpenStack release and branch in a single place.

  • Add command to update packages on the seed hypervisor host, as already available for seed and overcloud hosts:

    kayobe seed hypervisor host package update --packages <packages>

  • Add support for separate storage networks for both Ceph and Swift. This adds four additional networks, which can be used to separate the storage network traffic as follows:

    • Ceph storage network (ceph_storage_net_name) is used to carry Ceph storage data traffic. Defaults to the storage network (storage_net_name).

    • Ceph storage management network (ceph_storage_mgmt_net_name) is used to carry storage management traffic. Defaults to the storage management network (storage_mgmt_net_name).

    • Swift storage network (swift_storage_net_name) is used to carry Swift storage data traffic. Defaults to the storage network (storage_net_name).

    • Swift storage replication network (swift_storage_replication_net_name) is used to carry storage management traffic. Defaults to the storage management network (storage_mgmt_net_name).

  • Adds a new configuration variable, pip_upper_constraints_file, which is used to configure the file or URL containing the python upper version contraints. Its default value is https://releases.openstack.org/constraints/upper/{{ openstack_branch }}.

  • Improvements to Swift device management and ring generation.

    The device management and ring generation are now separate, with device management occurring during ‘kayobe overcloud host configure’, and ring generation during a new command, ‘kayobe overcloud swift rings generate’.

    For the device management, we now use standard Ansible modules rather than commands for device preparation. File system labels can be configured for each device individually.

    For ring generation, all commands are run on a single host, by default a host in the Swift storage group. A python script runs in one of the kolla Swift containers, which consumes an autogenerated YAML config file that defines the layout of the rings.

Upgrade Notes

  • Updates the minimum supported version of Ansible from 2.4 to 2.5, and the maximum supported version from 2.6 to 2.7. This is true for both Kayobe and Kolla Ansible.

  • Removes the inspector_manage_firewall variable. This is supported in Kolla Ansible via the ironic_inspector_pxe_filter variable, which can be added to ${KAYOBE_CONFIG_PATH}/kolla/globals.yml. The default value for that variable changed in the Stein release from ‘iptables’ to ‘dnsmasq’, since the iptables filter does not work with Docker CE.

  • Controllers are no longer connected to the storage management network by default, since generally only storage nodes need access to this network. If needed, the existing configuration can be retained by adding the storage management network to the controller_extra_network_interfaces list.

  • The default value of kolla_upper_constraints_file has been changed to {{ pip_upper_constraints_file }}.

Security Issues

  • Fixes an issue when generating the passwords.yml file for Kolla Ansible where if the contents of the file have not changed, a plain text copy of the file would be left in /tmp on the Ansible control host.

    The temporary files are typically named /tmp/tmpXXXXXX, and are owned by the user that runs kayobe, with permissions 664 (rw-rw-r–).

    It is recommended to check any systems on which Kayobe has been run for copies of the passwords file in /tmp. A simple check for this is grep -rn database_password /tmp.

Bug Fixes

  • Fixes an issue where the admin-openrc.sh and public-openrc.sh files would not be generated when preparing a new control host environment for an existing cloud. These files are now generated during kayobe control host bootstrap if the Kolla Ansible passwords.yml file exists in the Kayobe configuration. See story 2001667 for details.

  • Fixes an issue where multiple NTP daemons could be running on the overcloud hosts, due to Kolla Ansible deploying a chrony container by default starting with the Rocky release.

    Kayobe now overrides this default, to ensure that chrony does not conflict with the NTP daemon deployed on the host. To use the containerised chrony daemon instead, set kolla_enable_chrony to true in ${KAYOBE_CONFIG_PATH}/kolla.yml. This will also disable the host NTP daemon.

    To ensure that chrony is not running, Kayobe removes the chrony container if kolla_enable_chrony is false in the following commands:

    • kayobe overcloud service deploy

    • kayobe overcloud service reconfigure

    • kayobe overcloud service upgrade

    The play in Kayobe is tagged with stop-chrony.

    See story 2005272 for details.

  • Fixes an issue with hardware inspection of bare metal compute nodes configured to use UEFI. See story 2006214 for details.

  • Modifies provisioning and cleaning networks in multi-tenant ironic environments to be non-shared. Flat networks remain shared. To apply the change to an existing environment, run kayobe overcloud post configure. See story 2006409 for details.

  • Fixes an issue when generating the passwords.yml file for Kolla Ansible where if the contents of the file have not changed, a plain text copy of the file would be left in /tmp on the Ansible control host.

    The temporary files are typically named /tmp/tmpXXXXXX, and are owned by the user that runs kayobe, with permissions 664 (rw-rw-r–).

    It is recommended to check any systems on which Kayobe has been run for copies of the passwords file in /tmp. A simple check for this is grep -rn database_password /tmp.

  • Stops allocating network and broadcast addresses to hosts when an allocation pool is not defined.

  • Uses BatchMode to check whether a host is accessible via SSH. This prevents Kayobe from hanging on a password prompt when password authentication is enabled on the host and the Kayobe Ansible user is not yet configured.

  • Fixes an issue with virtual environments on remote hosts, which may over the course of time become stale and incompatible with Kayobe or other software. This was fixed by installing the latest version of packages allowed by OpenStack upper constraints. See story 2005923 for details.