2024.1 Series Release Notes

16.8.0-3

Upgrade Notes

• The default bootstrap user has been changed to cloud-user if os_distribution is set to centos. Set *_bootstrap_user variables to centos to retain existing behaviour.

Bug Fixes

• The default bootstrap user has been changed to cloud-user if os_distribution is set to centos, to match official cloud images.

• Fixes issue when Bifrost hostvars file incorectly generated by Kayobe. LP#2045927

• Fixes a regression in network connectivity check when using the no_ip attribute. LP#2125560

16.8.0

New Features

• The neutron-bgp-dragent container will now be built by default when kolla_enable_neutron_bgp_dragent is true.

Upgrade Notes

• Deployments using Juniper Junos OS switches are required to update their configuration according to Juniper Junos OS documentation. This is due to the junos_config module dropping support for the provider parameter.

Bug Fixes

• Fixes physical network configuration for Juniper Junos OS switches. Note that users are required to update their configuration according to Juniper Junos OS documentation. LP#2111341

• Fixes duplicate OS_CACERT lines in public-openrc.sh when both admin and public cacert variables are set. LP#2116318

• Fixes configuration of backend TLS when network nodes are separate from controllers. LP#2117084

• Fixes wrong name of gpgkey used for EPEL repositories when dnf_use_local_mirror is enabled. LP#2119921

• Fixes an issue where incorrect network-data.json would be generated when interfaces without IP addresses are attached to infrastructure VMs. LP#2118403

• Fixes failure to activate SR-IOV on GPU devices by bumping the stackhpc.linux collection to v1.3.4.

• Fixes support for empty strings in the dev-tools package lists. This allows using expressions such as {{ 'foo' if os_distribution == 'rocky' else '' }}. LP#2115000

• Fixes network connectivity check when a subset of hosts have the no_ip property set via group or host variables. LP#2120918

16.7.0

New Features

• Adds a new dev script dev/rabbitmq-migrate-queues.sh that will enable quorum queues and migrate RabbitMQ to use these.

• Deploying and destroying infrastructure VMs is now significantly faster as only the required variables are passed to the relevant tasks as opposed to the entire collection of hostvars for each VM.

• Adds support for Ubuntu Noble Numbat (24.04) LTS as a host and container Operating System for seed, seed hypervisor and overcloud hosts.

Upgrade Notes

• The openstacksdk_upper_constraints_file variable now defaults to the value of pip_upper_constraints_file. Set openstacksdk_upper_constraints_file to "https://releases.openstack.org/constraints/upper/{{ openstack_release }}" if you want to retain existing behaviour.

• Updates the default cloud image for CentOS Stream 9 deployments to use CentOS-Stream-GenericCloud-9-latest.x86_64.qcow2.

Bug Fixes

• Ensure the OS_SYSTEM_SCOPE environment variable is present in openstack_auth to prevent authentication issues occurring in baremetal-compute playbooks. LP#2111103

• Fixes public-openrc.sh missing the OS_CACERT variable when absent from admin-openrc.sh. LP#2110549

• Bumps the MichaelRigart.interfaces role to v1.15.4 to fix compatibility with CentOS Stream 9 due to changes in the iproute package.

• Bumps the stackhpc.libvirt-vm role to v1.16.3 to fix seed and infra VM provisioning failures on Rocky Linux 9.6.

• Fixes an issue building images with a regex when no image registry is set LP#2112646

• Fixes ipa_kernel_options_default when ipa_collect_lldp is set to false. LP#2110505

• Fix a bug where netplan packages are not fully removed resulting generated network configurations are not getting applied with host configure commands. ‘LP#2103794 <https://bugs.launchpad.net/kayobe/+bug/2103794>’__

• Bumps MichaelRigart.interfaces to fix an issue where kayobe overcloud host configure would fail to template during the networking tasks on Rocky hosts, with the error Could not load "ipaddr". LP#2107335

• Fixes an issue on boot where vgpu devices would fail to start due to a race condition in the startup logic. See LP#2102153 for more details.

• Adds a name field to elements of apt_repositories, which specifies the name of the repository file (without the .sources suffix). The default value of this field is kayobe and it may be omitted. The user can override the default by providing a different name, such as ubuntu, and new repository data. This way, the default file, /etc/apt/source.list.d/ubuntu.sources, will be overwritten by the provided repository configuration. LP#2107280

16.6.0

New Features

• Supports forcing time synchronisation after configuring chrony if ntp_force_sync is changed to True.

Bug Fixes

• Bumps the MichaelRigart.interfaces role to v1.15.3 to fix an issue where NetworkManager was not restarted before bouncing network interfaces. LP#2100792

16.5.0

New Features

• Adds variables to configure authentication parameters in the image-download role, which is used to download IPA images. The new variables are image_download_url_username, image_download_url_password, image_download_force_basic_auth and image_download_unredirected_headers. See documentation of the get_url and uri Ansible modules for more details on how to use these variables.

Bug Fixes

• Fixes an issue where task ‘ensure ironic nodes use the new Ironic Python Agent (IPA) images` fails with ‘dict object’ has no attribute ‘deploy_kernel’. <https://bugs.launchpad.net/kayobe/+bug/2083014>`__.

• Fixes a bug where non-overcloud hosts would show up in the confirmation prompt for kayobe overcloud deprovision LP#2091703

• Fixes an issue where slave interfaces would not be brought back up when bouncing the master interface. LP#2072340.

16.3.0

New Features

• Adds the internal VIP to the NOPROXY/noproxy environment variables.

• Adds support for using Cumulus switches (NCLU and NVUE) with Networking Generic Switch.

Upgrade Notes

• Bumps the stackhpc.linux collection to 1.3.0. Note this version uses systemd to activate virtual functions. This change is restricted to the stackhpc.linux.sriov role, which is not used by Kayobe. If a custom playbook uses this role, you can retain existing behaviour by setting sriov_numvfs_driver to udev.

Security Issues

• When running API requests from a host configured with kayobe, traffic destined for the internal VIP is sent via the default proxy. This can be a security issue if not using TLS as the proxy will be able to intercept the traffic. If using an untrusted proxy, with TLS disabled on the internal VIP, it is recommended that you run kayobe overcloud host configure -t proxy, kayobe seed hypervisor host configure -t proxy, kayobe seed host configure -t proxy, and kayobe infra vm host configure -t proxy, to add the internal VIP to the no proxy configuration. This is considered a minor issue as traffic between containers will not use the proxy by default. LP#2087556

Bug Fixes

• Fixes IPA and host image build failures when Git was not installed on the build host. LP#2058922

• The proxysql image is now built when kolla_enable_proxysql is set to true.

• Updates the group and mode set on the /var/log/journal directory to match default ownership and permissions used by systemd-journald. LP#2083494

• Fixes generation of kernel parameters when the GRUB_CMDLINE_LINUX_DEFAULT variable is absent from /etc/default/grub. LP#2083874.

• Pin requirements for IPA image build to ensure that the ironic-lib version matches ironic-python-agent. LP#2089263

• Changes the default cloud image for seed and infra VMs to use Rocky Linux 9.3 when using bios boot mode, to fix boot failures with newer cloud images. When deploying new VMs, it is recommended to set infra_vm_boot_firmware and seed_vm_boot_firmware to efi.

• Fixes an issue when using overcloud Ironic with a shared Ansible control host. The use of a shared cache directory could lead to a failure to download Ironic Python Agent (IPA) images. LP#2069845

16.2.0

New Features

• Adds support for specifying boot_firmware and machine variables to seed and infra VMs. This can be used to launch VMs in UEFI boot mode with Q35 machine type.

• Bumps stackhpc.libvirt-vm Ansible role to v1.16.1.

Bug Fixes

• eos_config does not support the provider parameter since Ansible 7. Users are required to update their configuration according to Arista EOS documentation.

• Fixes a bug where systemd-networkd was not permanently enabled when the unit was already in state runtime-enabled. LP#2073100

16.0.0

New Features

• Adds the command kayobe baremetal introspection data save to save the hardware introspection data gathered by kayobe baremetal compute inspect.

• Adds a new variable kolla_build_neutron_ovs which gives users the option to build Neutron OVS container images while the system is using OVN. This is useful when users want to build all Neutron container images at the same time.

• Configures journald to use a persistent storage by default. This allows you to keep journald logs across reboots and is controlled by the journald_storage variable. See Kayobe documentation for more details.

• Adds the command kayobe seed service destroy. This can be used to clean up all services on the seed host. Caution is advised when using this command as it will delete all of the data on the seed.

• Adds support for auth configuration for Apt respositories and proxies using auth.conf files.

• This patch adds experimental functionality to enroll baremetal nodes into Ironic using Kayobe via a new playbook baremetal-compute-register.yml and adds kayobe baremetal compute register into the Kayobe CLI.

• kayobe overcloud deprovision now requires confirmation before any hosts are deprovisioned. Automatic confirmation can still be achieved by setting confirm_deprovision to yes.

• Adds support for specifying credentials (username and password) for custom DNF repositories.

• Adds support for defining custom playbook hooks in Kayobe environments.

• kayobe kolla ansible run will now generate Kolla-Ansible configuration before the command is run. You can use --skip-tags kolla-openstack to skip this for commands that do not require the kolla config.

• Adds support for setting the max fail percentage for Ansible plays via kayobe_max_fail_percentage. It can also be set on a per-playbook basis, e.g. time_max_fail_percentage.

• Adds support for specifying IP policy-based routing rules using the dict-based format on CentOS Stream and Rocky Linux systems. The string-based format is still supported on these systems.

• Adds new Redfish rules to Ironic and Bifrost introspection. The following variables are added:

  • inspector_rules_redfish_enabled

  • inspector_redfish_username

  • inspector_redfish_password

  • inspector_rule_var_redfish_verify_ca

  • inspector_rules_ipmi_enabled

  • kolla_bifrost_inspector_redfish_username

  • kolla_bifrost_inspector_redfish_password

• Custom telegraf configuration is now supported. See Kayobe documentation on configuring kolla-ansible services.

Upgrade Notes

• Updates the maximum supported version of Ansible from 8.x (ansible-core 2.15) to 9.x (ansible-core 2.16). The minimum supported version is updated from 7.x to 8.x. This is true for both Kayobe and Kolla Ansible.

• Bumps stackhpc.linux collection to 1.2.0 to include new roles. Adds stackhpc.network and stackhpc.openstack collections to requirements. Refactors invocation of the roles moved into collections mentioned above, and updates the documentation - role names and outdated Ansible Galaxy documentation links.

• kayobe overcloud deprovision now requires confirmation before any hosts are deprovisioned. Automatic confirmation can still be achieved by setting confirm_deprovision to yes.

• Support for deploying Murano has been dropped.

• Support for deploying Sahara has been dropped.

• Support for deploying Senlin has been dropped.

• Support for deploying Solum has been dropped.

• Support for deploying Vitrage has been dropped.

• kayobe kolla ansible run will now generate Kolla-Ansible configuration before the command is run. You can use --skip-tags kolla-openstack to skip this for commands that do not require the kolla config.

• Support for the devicemapper Docker storage driver is removed following its removal from Docker Engine 25.0. Operators using devicemapper should migrate to a supported storage driver before updating Docker to 25.0 or later.

• Support for deploying Freezer has been dropped.

Bug Fixes

• Added fix for the custom RabbitMQ configuration. Fixed incorrect path and glob, so now you can template also all other configuration files such as advanced.config, definitions.json, enabled_plugins, and erl_inetrc together with rabbitmq.conf and rabbitmq-env.conf.

• Fixes an issue where Dell OS6 and Dell OS9 switch configuration was not applied correctly. LP#2061102.

• letsencrypt and haproxy-ssh images are now built when kolla_enable_letsencrypt is set to true.

• Fixes issue of ironic files being left behind after node deprovision which prevents it from being enrolled and provisioned again.

• Fixes default Ubuntu Apt keyrings location to the recommended /etc/apt/keyrings.

• Fixes gateway assignment when seed SNAT is disabled. In this circumstance Bifrost was generating ConfigDrive data with the default gateway unset even when one is available on the admin network.

• Fixes the bug where /etc/hosts was not populated correctly when running Kayobe using a host limit. LP#2051714

• Fixes issue building container images when docker registry contained a port. See LP#2054715 for more details.

• Fixes an issue with overcloud service destroy where it failed to remove the inspection store docker volume. See LP#2050092.

• Fixes bugs with the kolla_enable_letsencrypt variable which were causing overcloud container image build to fail, or to include letsencrypt images when disabled.

• Fixes a bug where NetworkManager would overwrite resolv.conf when resolv_is_managed is set to True. LP#2044537

• Fixes the wipe-disks role which was failing on supported host operating systems due to a change in the output format of lsblk -J in util-linux version 2.37. LP#2051859

Other Notes

• Kayobe networking documentation for IP rules on CentOS Stream/Rocky Linux systems has been updated to reflect that routing tables must be specified by ID rather than by name.