2023 Series Release Notes

ks2023.2.1-3

New Features

  • Add support noVNC TLS. To enable, add an option to the region’s globals nova_qemu_vnc_tls: “yes”

  • Deploys and configures a prometheus-ovs-exporter image as part of the Prometheus monitoring stack.

  • Added the ability to use a configuration with 3 glance-api nodes when using cinder as a backend

ks2023.2.1

Prelude

Support for powerdns include new database with name powerdns in existing galera cluster

The name can be overridden by a variable designate_database_pdns_name.

New Features

  • Added support for powerdns backend Use option designate_backend: “pdns4” in globsls if you want powerdns as backend

  • Enables credentials auth for adminui. Now we can use logopass and token to authenticate adminui console.

ks2023.2.1-rc1

New Features

  • Redfish support added for VMHA fencing driver

Upgrade Notes

  • Next VMHA config options has changed: - ipmi_prefix -> bmc_suffix - ipmi_user -> bmc_user - ipmi_password -> bmc_password New VMHA config options: - bmc_verify_ssl: “False|True|<path to CA file>” defaults to openstack_cacert if defined or False

ks2023.2

New Features

  • Add Autoevacuate (consule role) feature

  • Add ansible role for DRS aka Openstack Load Leveller aka Dynamic Load Rebalancer.

  • Added capability to specify custom kernel modules for Neutron: neutron_modules_default: Lists default modules. neutron_modules_extra: For custom modules and parameters.

  • Add an external prometheus exporter for rabbitmq to complement the internal one, as they don’t fully overlap on the metrics that they collect.

  • Added a neutron check for ML2/OVS and ML2/OVN presence at the start of deploy phase. It will fail if neutron_plugin_agent is set to ovn and use of ML2/OVS container detected. In case where neutron_plugin_agent is set to openvswitch the check will fail when it detects ML2/OVN container or any of the OVN specific volumes.

Upgrade Notes

  • Now ironic_tftp service does not bind on 0.0.0.0, by default it uses ip address of the api_interface. To revert to the old behaviour, please set ironic_tftp_interface_address: 0.0.0.0 in globals.yml.

  • Before upgrading to the Zed release of Kolla-Ansible on Ubuntu, ensure that Elasticsearch indexes created in version 6 or earlier are reindexed. OpenSearch 2.x does not support these older indexes. A precheck for this scenario has now been introduced.

  • Configure Nova libvirt.num_pcie_ports to 16 by default. Nova currently sets ‘num_pcie_ports’ to “0” (defaults to libvirt’s “1”), which is not sufficient for hotplug use with ‘q35’ machine type.

  • Changes default value of nova libvirt driver setting skip_cpu_compare_on_dest to true. With the libvirt driver, during live migration, skip comparing guest CPU with the destination host. When using QEMU >= 2.9 and libvirt >= 4.4.0, libvirt will do the correct thing with respect to checking CPU compatibility on the destination host during live migration.

Security Issues

  • Restrict the access to the http Openstack services exposed /server-status by default through the HAProxy on the public endpoint. Fixes issue for Ubuntu/Debian installations. RockyLinux/CentOS not affected. LP#1996913

Bug Fixes

  • Fixes issues with OVN NB/SB DB deployment, where first node needs to be rebootstrapped. LP#1875223

  • enable_keystone_federation and keystone_enable_federation_openid have not been explicitly handled as bool in various templates in the keystone role so far. LP#2036390

  • Fixes an issue when Kolla is setting the producer tasks to None, and this disables all designate producer tasks. LP#1879557

  • Fixes ironic_tftp which binds to all ip addresses on the system. Added ironic_tftp_interface, ironic_tftp_address_family and ironic_tftp_interface_address parameters to set the address for the ironic_tftp service. LP#2024664

  • Fixes an OpenSearch migration process by adding precheck for Elasticsearch indexes in too low version for OpenSearch 2.x.

  • Fixes an issue where a Docker health check wasn’t configured for the OpenSearch Dashboards container. See bug 2028362.

  • Fixes an issue where ‘q35’ libvirt machine type VM could not hotplug more than one PCIe device at a time.

  • Fixes an issue where keepalived track script fails on single controller environment and keepalived VIP goes into BACKUP state. keepalived_track_script_enabled variable has been introduced (default: true), which can be used to disable track scripts in keepalived configuration. LP#2025219

  • Fixes an issue were an OVS-DPDK task had a different name to how it was being notified.

  • When upgrading Nova to a new release, we use the tool nova-status upgrade check to make sure that there are no nova-compute that are older than N-1 releases. This was performed using the current nova-api container, so computes which will be too old after the upgrade were not caught. Now the upgraded nova-api container image is used, so older computes are identified correctly. LP#1957080