2023.2 (Bobcat)¶

The 2023.2 (Bobcat) OpenStack Charms release includes updates for the charms described on the Supported charms page. As of this release, the project consists of 65 stable charms.

Note

This release corresponds to a non-SLURP (upstream OpenStack) release and will consequently only be supported until July 2024.

For scheduling information of past and future releases see the Release schedule.

Note

Release notes contents is superseded by updated information published in the Release notes (this guide) after the release of any given OpenStack Charms version.

Important

Always upgrade to the latest stable charms before making any major changes to your cloud and before filing bug reports. Note that charm upgrades and OpenStack upgrades are functionally different. For instructions on performing the different upgrade types see the Upgrades overview page.

New stable charms ¶

watcher ¶

The watcher charm enables the OpenStack Watcher service. The watcher charm provides a flexible and scalable resource optimization service for multi-tenant OpenStack-based clouds. A how-to is available at: Watcher.

watcher-dashboard ¶

The watcher-dashboard charm provides the Watcher Dashboard plugin for use with the openstack-dashboard charm.

Usage example:

juju deploy --channel 2023.2/stable openstack-dashboard
juju deploy --channel 2023.2/stable watcher-dashboard
juju integrate openstack-dashboard:dashboard-plugin watcher-dashboard:dashboard

New stable charm features ¶

With each new feature, there is a corresponding example bundle in the form of a test bundle, and/or a section in the current guide (Charm Guide) that details its usage. Test bundles are located in the src/tests/bundles directory of the relevant charm repository (see all charm repositories).

Keystone role cache config ¶

The keystone charm now supports configuring the Keystone [role] cache_time option using a new role-cache-expiration charm configuration option. If not set, this defaults to the global expiration_time (configurable by the dogpile-cache-expiration charm configuration option). Setting cache_time to around 10 (seconds) is recommended for clouds that receive frequent role assignment changes and that are therefore sensitive to the (default) 600s delay that assignments can take to propagate to all Keystone peer caches.

For example, to set the role cache expiration time to 10 seconds do:

juju config keystone role-cache-expiration=10

designate-bind charm: new option for `zone transfer` feature ¶

The designate-bind charm now supports configuring the BIND9 allow-transfer option. If not set, the corresponding feature is disabled.

For example, to set allow-transfer to 10.0.0.0/8 and 172.16.0.0/16:

juju config designate-bind allow_transfer_nets="10.0.0.0/8;172.16.0.0/12"

This will allow designate-bind to perform a zone transfer to 10.0.0.0/8 and 172.16.0.0/12.

This change modifies the default behaviour of the allow-transfer setting. To restore the default behaviour, set allow-transfer-nets to any:

juju config designate-bind allow_transfer_nets=any

Improve Vault snap channel refresh ¶

The refresh mechanism for the Vault snap managed within the vault charm has been improved. It now properly stops the service before performing a snap refresh. For more details see bug LP #2007587.

Glance custom image properties ¶

The glance charm now supports configuring automatic custom image properties for imported images.

To add custom properties, use a comma-delimited string of key:value pairs:

juju config glance custom-import-properties='property1:value1,property2:value2,property3:value3'

These properties will only be added to images that go through the Interoperable image import process such as openstack image create --import. They will not be applied to regular image uploads.

magnum charm: new option to expose cluster_user_trust ¶

The magnum charm has a new configuration option: cluster-user-trust.

This controls whether to assign a trust to the cluster user or not. This option needs to be set to True for clusters with volume_driver=cinder, cloud_provider_enabled=true or registry_enabled=true in the underlying cluster template to work. This is a potential security risk since the trust gives instances OpenStack API access to the cluster’s project.

For more details see bug LP #1996237.

nova-cloud-controller charm: new relation to openstack-dashboard ¶

The nova-cloud-controller charm has a new relation:

juju integrate nova-cloud-controller:dashboard openstack-dashboard:dashboard

This allows nova-cloud-controller to know what hosts and IP addresses cloud users may use to access the OpenStack Dashboard. The nova-cloud-controller units use this information to configure the nova-serialproxy daemon and allow requests coming from the web browsers visiting the dashboard.

This relation is mandatory when the nova-cloud-controller application is configured with enable-serial-console set to True.

For more details see bug LP #2030094.

Documentation updates ¶

OpenStack 2023.2 guide updates ¶

The Charm Guide and the Deploy Guide were updated for OpenStack 2023.2.

Juju 3.x guide updates ¶

The Charm Guide and the Deploy Guide were updated for Juju 3.x.

Charm Guide changes ¶

the project’s backport policy was refreshed
legacy charm revisions were published as reference material
policy overrides page refactored into how-to, conceptual, and tutorial material
ongoing improvements and corrections

Informational notices ¶

Ceph FileStore support removed ¶

OSD FileStore format has been deprecated in upstream Ceph starting with the Quincy release. With the Reef release, FileStore support has been removed, leaving support for only BlueStore format.

Warning

Data loss may occur if you attempt to upgrade to Ceph Reef when FileStore OSDs are present.

Before upgrading the payload (“OpenStack upgrade”) of any of the Ceph charms, migrate all FileStore OSDs to BlueStore. See upgrade path note BlueStore migration for guidance.

Nova `AvailabilityZoneFilter` removal in 2023.2 ¶

The AvailabilityZoneFilter option was removed from Nova in 2023.2 Bobcat (see the Nova 2023.2 upgrade notes).

In order for the scheduler to honour an availability zone request, there must now be a Placement aggregate that matches the Nova host aggregate that was assigned to an availability zone.

This should not technically affect users as the new configuration should have been automatically done. However, verification steps have been provided as an upgrade path note.

Enforce MTU size between Octavia networks ¶

The behaviour of the Octavia loadbalancer charm has been changed to ensure that the MTU size on the health manager port (typically called o-hm0) matches the MTU on the load balancer network (called lb-mgmt-net). Prior to this change, when the MTU sizes were not aligned and the o-hm0 MTU is less than the lb-mgmt-net MTU, then health check messages will be dropped causing the load balancer to fail-over.

The new behaviour is to always align the MTU of the health manager port (o-hm0) to that of the load balancer network (lb-mgmt-net).

For more details please see bug LP #2018998.

nova-compute charm: rbd instance folder cleanup after evacuations ¶

After evacuations and revert resizes when using rbd storage backend, the instance folder is usually left behind on the host and this can cause issues when migrating the instance back to the same host if it has previously been migrated away from the host. This may happen during maintenance when instances are migrated to allow a physical host to be shutdown.

The new behaviour, with the rbd storage backend, is for the nova-compute service to cleanup those folders as part of the periodic checks that run for instances that have been evacuated/migrated.

This is present in 2023.2, and has been backported to the ussuri release.

For more details see bug LP #2019141.

Removed features ¶

hyperv mechanism driver ¶

The hyperv mechanism driver has been removed from the neutron-api charm. The networking-hyperv (OpenStack Winstackers) project is now retired and the package was removed from Ubuntu 23.10 (Mantic).

For more details see bug LP #2036953.

Issues discovered during this release cycle ¶

Juju 3.x incompatibilities ¶

The keystone and glance-simplestreams-sync legacy charms (not using channels), and stable channels Xena and before, do not work with a Juju 3.x controller. The problems arising from upgrading these charms so that they (automatically) use Juju 3.x unit agents are related to:

Fernet key rotations (keystone)
status setting and endpoint updating (glance-simplestreams-sync)

LXD container upgrade to jammy ¶

While performing LXD container series upgrades from focal to jammy, these containers may lose their IP addresses and network connectivity on reboot.

For more details see Upgrade issues.

designate charm: some settings not honoured ¶

The following designate charm configuration options aren’t applied when creating zone records:

default-soa-expire
default-soa-minimum
default-soa-refresh-min
default-soa-retry
default-ttl

As a workaround, the openstack zone create command and the designate API for zone creation allow these parameters to be set directly.

For more details see bug LP #2042944.

Changes backported to this release ¶

manila charm: add support to configure scheduler default filters ¶

The manila charm has a new configuration option scheduler-default-filters. This configures the scheduler_default_filters parameter in manila configuration file.

This is unset by default, so manila retains the default value for scheduler_default_filters. Those might change based on OpenStack release.

For more details see bug LP #1998200.

2023.2 (Bobcat)