Current Series Release Notes¶

21.0.0.0rc1-223¶

Ironic DHCP can now be configured to supply DNS servers via ironic_dnsmasq_dhcp_ranges. This enables the inspection ramdisk (IPA) to reach FQDN API endpoints.

Minimum supported Ansible version is now 12 (ansible-core 2.19) and maximum supported is 13 (ansible-core 2.20).

glance-api is now running under uWSGI and supports backend TLS without the additional haproxy container. The glance-tls-proxy container will be removed during the upgrade process.

Fixes an issue where OpenSearch log retention check would fail due to plugins not being fully loaded, resulting in a timeout error. This was caused by the task that checks for the existence of a log. Added a check before plugin tasks to ensure plugins are fully loaded.

Fixed an issue where neutron-server and other neutron agents would fail to start when kolla_copy_ca_into_containers was enabled but backend TLS was disabled. The configuration now correctly distinguishes between the requirement for backend certificates (neutron-cert.pem) and the optional copying of CA certificates. LP#2121694

Make generation of prometheus.yml consistent when using custom override files.

Previous behaviour would lead to changes in prometheus.yml on every run when custom override files were used, as the find result was not sorted. This could lead to unnecessary restarts and unreadable diffs of the prometheus service. LP#2126635

Fixed an issue where redundant HAProxy backend configuration was generated for the memcached service. The memcached backend entries are no longer created since no OpenStack service uses HAProxy to reach memcached. LP#2130641

Fixes issue where ProxySQL certificates were copied over even with kolla_externally_managed_cert set to True. LP#2073159

Adds logrotate configuration for OpenSearch Dashboards. Previously, logs located in /var/log/kolla/opensearch-dashboards/ were not included in the rotation schedule, which could lead to excessive disk space consumption. LP#2137716

Fixes a regression in the Valkey upgrade process where the valkey_master_host variable was not defined if the Redis migration block was skipped. This led to a fatal error during the “Wait for Valkey replication sync” task due to the interaction between run_once and delegate_to. The variable is now defined globally at the start of the upgrade tasks. LP#2138440

Fixed an issue where Valkey logs were not being correctly parsed by Fluentd. The timestamp format in the Fluentd configuration has been updated to match the format used by Valkey, ensuring logs are properly collected and indexed in the logging backend. LP#2138451

Fixed a critical issue in kolla-mergepwd where the migration from Redis to Valkey resulted in authentication failures. The tool now automatically inherits the existing redis_master_password into the new valkey_master_password field during upgrades. This prevents serious cluster damage in deployments using custom Keystone caching solutions and ensures Octavia remains stable throughout the upgrade process, avoiding global HTTP 401 Unauthorized errors caused by password mismatches. LP#2138461

Fixed an issue where Neutron sub-services (RPC server, maintenance and periodic workers) would crash when enable_neutron_vpnaas was set to yes due to missing neutron_vpnaas.conf file injection. neutron: inject neutron_vpnaas.conf into auxiliary services LP#2138498

Fixes Bifrost bootstrap by disabling the new Bifrost OCI artifact registry which is not compatible with running Bifrost inside a container. LP#2138705

Fixes a placement problem for cyborg api and conductor services, that would be also be scheduled on compute nodes, rather than being exclusively on control plane. LP#2087552

Fixed an issue in Glance where enabling kolla_copy_ca_into_containers forced a check for missing service certificates. The glance-api container now only requires glance-cert.pem if glance_enable_tls_backend is explicitly set to yes.

Fix generating passwords longer than 72 characters. This fixes prometheus configuration. LP#2126975