Zed Series Release Notes¶
18.0.0.0b1-235¶
New Features¶
Implemented
openstack_hosts_package_manager_extra_conf
variable. It allows to add extra content into package manager’s configuration (works with apt,yum and dnf).
A new variable
centos_mirror_url
is introduced to the openstack_hosts role to allow a single deployment wide variable to control the location of the centos package mirror.
Added variable
openstack_host_custom_hosts_records
that allows deployer to add custom records to /etc/hosts file. It’s structure a simple list where each element is a string wich should be placed to /etc/hosts.
In deployments where a separate host is used to manage the OpenStack Ansible configuration, the ‘/etc/hosts’ file on that host will now include a section adding hostname to IP resolution for all hosts in the inventory. This can be enabled/disabled via ‘openstack_host_manage_deploy_hosts_file’.
A new variable openstack_hosts_apt_pinned_packages is added which allows deployment wide apt pins to be defined in user_variables. The variable defaults to pinning the UCA repository to a priority lower than the Ubuntu repositories for any binary packages generated from the ceph source package. The intention is to ensure that Ceph packages are always installed from the Ubuntu repositories, or alternatively the official ceph repositories if the ceph_client role is run later against a host. The ceph packages for a particular openstack release may not be the same version as those expected by the rest of openstack-ansible so this change ensures consistency in the deployed ceph version.
New variable
openstack_ca_bundle_path
has been added which defines the path to the ca-bundle certificate which contains all system-trusted CA and will be used by the Python Requests module.
Added variable
openstack_systemd_global_overrides
that defines some defaults for all systemd services. It will be deployed to all hosts and containers, but can be controlled with group_vars or host_vars as well if needed.
Added variable
keepalived_sysctl_tcp_retries
that allows to control number of retries kernel will make to give up on connection. It controls net.ipv4.tcp_retries2 sysctl setting which default value of which is 15. Default value ofkeepalived_sysctl_tcp_retries
is 8, so VIP failover time will be ~1min. Settingkeepalived_sysctl_tcp_retries
to 0 will remove mentioned sysctl setting.
Deployers may require custom CA certificates installing on their openstack hosts or service containers. A new variable openstack_host_ca_certificates is added which is a list of certificates that should be copied from the deploy host to the target hosts. Certificates may be selectively deployed by defining the variable either in user_variables.yml or via host/group vars.
Known Issues¶
Where a single OSA deploy host is used to manage multiple deployments, some delegated Ansible tasks are performed using hostnames rather than IP addresses due to Ansible issue 72776. Hostnames such as ‘infra1’ will be ambiguous, so use of separate hosts for each deployment is recommended.
Ubuntu Cloud Archive (UCA) does not contain Ubuntu Bionic distro packages for Victoria, so only source install/upgrade path (default) will work correctly for Ubuntu 18.04.
Upgrade Notes¶
Variable uca_repo has been removed. Deployers are appreciated to use user_external_repos_list instead if they want to define extra repository Variable uca_apt_repo_url was renamed to apt_repo_url in order to correspond it’s usage as it also affect Debian deployments now.
Generation of records for /etc/hosts is now made with blockinfile ansible module. During upgrade you will have records doubled in yours /etc/hosts as we don’t drop previously created records for safety reasons if openstack_host_manage_hosts_file is set to true.
In order to accomodate Centos-8 Stream support, it is necessary require the minimum version of Centos-8 Classic to be 8.3. There are breaking changes between Stream and Classic versions prior to 8.3 which break ansible code that detects major/minor versions of Centos. Before upgrading to Wallaby, deployers should ensure that their Centos hosts are updated to 8.3.
Existing use of the variable
openstack_hosts_centos_mirror_url
will continue to work as in previous releases, but the new variablecentos_mirror_url
can be used to define the mirror location for the whole deployment.
CentOS/Rocky linux deployments will get major update of OVS version from 2.17 to 3.1 and OVN from 22.12 to 23.03. RDO has stopped building packages for previous OVS/OVN versions which means they will not recieve any upstream bugfixes or security patches.
If you still want to preserve old versions of OVS/OVN, you can define a following variable:
openstack_hosts_package_repos: - name: rdo-deps file: rdo-deps description: rdo-deps baseurl: "{{ openstack_hosts_rdo_deps_url }}" gpgcheck: no module_hotfixes: yes exclude: - '*rdo-openvswitch*3.1*' - '*rdo-ovn*3.1*'
Deployments which follows distro path (services are installed from distro packages rather then in virtualenvs) should upgrade Ubuntu 18.04 -> 20.04 before performing OpenStack Ussuri -> Victoria upgrade, since Ubuntu Cloud Archive does not provide Victoria system packages for 18.04.
The new variable openstack_hosts_apt_pinned_packages is added to the openstack_hosts ansible role and sets the value of apt_pinned_packages for the apt_package_pinning role run as a dependancy of the openstack_hosts role. Existing use of the apt_pinned_packages variable by deployers in user_variables should be reviewed to ensure that those pins are applied by the intended ansible roles, and swapped to this new variable if necessary.
Deprecation Notes¶
Since certificates and CA distribution are now handled with PKI role, variable
openstack_host_ca_location
has been deprecated and removed.
Bug Fixes¶
After adding
localhost
to inventory explicitly this resulted in potential FQDN change due to adding a record for localhost into managed block inside/etc/hosts
file. This is now fixed and record for127.0.0.1
will be removed from managed by Ansible blocks inside /etc/hosts file.
Other Notes¶
Code which added ‘Acquire::http:No-Cache true’ to the host and container apt preferences when http proxy environment variables were set has been removed. This setting is only required when working around issues introduced by badly configured http proxies. In some cases proxies can improperly cache the apt Releases and Packages files leading to package installation errors. If a deployment is behind a badly configured proxy, the deployer can add the necessary apt config fragment as part of host provisioning. OSA will replicate that config into any containers that are created. This setting can be removed from existing deployments if required by manually deleting the file
/etc/apt/apt.conf.d/00apt-no-cache
from all host and containers.
18.0.0.0b1¶
New Features¶
Deployers of CentOS 7 environments can use the
openstack_hosts_enable_yum_fastestmirror
variable to enable or disable yum’s fastestmirror plugin. The default setting ofyes
ensures that fastestmirror is enabled.
Supported openSUSE and Ubuntu hosts ship with new enough pip, setuptools, virtualenv and wheel packages which are now being used in favor of the PIP ones.
17.0.0.0rc1¶
New Features¶
Persistent systemd journals are now enabled. This allows deployers to keep older systemd journals on disk for review. The disk space requirements are extremely low since the journals are stored in binary format. The default location for persistent journals is in
/var/log/journal
.Deployers can opt out of this change by setting
openstack_host_keep_journals
tono
.
17.0.0.0b2¶
Upgrade Notes¶
If you have overridden your
openstack_host_specific_kernel_modules
, please remove its group matching, and move that override directly to the appropriate group.Example, for an override like:
- name: "ebtables" pattern: "CONFIG_BRIDGE_NF_EBTABLES" group: "network_hosts"
You can create a file for the network_host group, inside its group vars folder
/etc/openstack_deploy/group_vars/network_hosts
, with the content:- name: "ebtables" pattern: "CONFIG_BRIDGE_NF_EBTABLES"
Any user that is coming from Pike or below on Ubuntu should modify its
user_external_repos_list
, switching its ubuntu cloud archive repository fromstate: present
tostate: absent
. From now on, UCA will be defined with the filenameuca
. If the deployer wants to use its mirror, he can still override the variableuca_repo
to point to its mirror. Alternatively, the deployer can completely define which repos to add and remove, ignoring our defaults, by overridingopenstack_hosts_package_repos
.
17.0.0.0b1¶
New Features¶
Deployers can set
openstack_hosts_centos_mirror_url
to use their preferred mirror for the RDO repositories.
Security Issues¶
The
net.bridge.bridge-nf-call-*
kernel parameters were set to0
in previous releases to improve performance and it was left up to neutron to adjust these parameters when security groups are applied. This could cause situations where bridge traffic was not sent through iptables and this rendered security groups ineffective. This could allow unexpected ingress and egress traffic within the cloud.These kernel parameters are now set to
1
on all hosts by theopenstack_hosts
role, which ensures that bridge traffic is always sent through iptables.
Bug Fixes¶
The
sysstat
package was installed on all distributions, but it was only configured to run on Ubuntu and OpenSUSE. It would not run on CentOS due to bad SELinux contexts and file permissions on/etc/cron.d/sysstat
. This has been fixed andsysstat
now runs properly on CentOS.
15.0.0.0rc1¶
New Features¶
Deployers can set
openstack_host_nf_conntrack_max
to control the maximum size of the netfilter connection tracking table. The default of262144
should be increased if virtual machines will be handling large amounts of concurrent connections.
15.0.0.0b2¶
New Features¶
The copy of the
/etc/openstack-release
file is now optional. To disable the copy of the file, setopenstack_distrib_file
tono
.
The location of the
/etc/openstack-release
file placement can now be changed. Set the variableopenstack_distrib_file_path
to place it in a different path.
Upgrade Notes¶
The variables used to produce the
/etc/openstack-release
file have been changed in order to improve consistency in the name spacing according to their purpose.openstack_code_name
–>openstack_distrib_code_name
openstack_release
–>openstack_distrib_release
Note that the value for
openstack_distrib_release
will be taken from the variableopenstack_release
if it is set.
15.0.0.0b1¶
New Features¶
The PATH environment variable that is configured on the remote system can now be set using the
openstack_host_environment_path
list variable.
14.0.0.0b3¶
New Features¶
The openstack_hosts role now supports the ability to configure whether apt/yum tasks install the latest available package, or just ensure that the package is present. The default action is to ensure that the latest package is present. The action taken may be changed to only ensure that the package is present by setting
openstack_hosts_package_state
topresent
.
Upgrade Notes¶
The variable
openstack_host_apt_packages
has been renamed toopenstack_host_distro_packages
.
The openstack_hosts role always checks whether the latest package is installed when executed. If a deployer wishes to change the check to only validate the presence of the package, the option
openstack_hosts_package_state
should be set topresent
.
The LVM configuration tasks and
lvm.conf
template have been removed from theopenstack_hosts
role since they are no longer needed. All of the LVM configuration is properly handled in theos_cinder
role.
14.0.0.0b2¶
New Features¶
The option
openstack_domain
has been added to the openstack_hosts role. This option is used to setup proper hostname entries for all hosts within a given OpenStack deployment.
The openstack_hosts role will setup an RFC1034/5 hostname and create an alias for all hosts in inventory.
Deprecation Notes¶
The
openstack_host_apt_packages
variable has been deprecated.openstack_host_packages
should be used instead to override packages required to install on all OpenStack hosts.