2024.2 Series Release Notes¶
17.1.0¶
Bug Fixes¶
Pin requirements for IPA image build to ensure that the
ironic-lib
version matchesironic-python-agent
. LP#2089263 <https://bugs.launchpad.net/kayobe/+bug/2089263>`__
17.0.0¶
New Features¶
Added initial support for systemd-networkd link configuration, now you can configure and rename the name of a network interface if you know the MAC address of the interface.
Adds the internal VIP to the NOPROXY/noproxy environment variables.
Ironic Inspector configuration can now be customised by placing config overrides in the
$KAYOBE_CONFIG_PATH/kolla/config/ironic-inspector
or$KAYOBE_CONFIG_PATH/environments/<environment>/kolla/config/ironic-inspector
directories. This can be used to a define aknown_devices.yaml
file which is used to configure theaccelerators
plugin in Ironic Inspector.
Adds support for setting whether an Apt repo is trusted.
The
kolla_base_arch
variable has been introduced, allowing users to specify the architecture for base container images. This supports cross-architecture builds, enabling the building of images for architectures different from the host machine (e.g., buildingaarch64
images on anx86_64
machine).By default,
kolla_base_arch
is set to the detected architecture ({{ ansible_facts.architecture }}
). However, whenkolla_base_arch
differs from the host architecture, themultiarch/qemu-user-static
image is used to facilitate cross-arch builds.
Adds support for configuring Cumulus switches using the NVIDIA User Experience command line utility (NVUE). This is integrated with the
kayobe physical network configure
command.
Adds support for using Cumulus switches (NCLU and NVUE) with Networking Generic Switch.
Adds a new
redfish_address
variable and extends thekayobe overcloud inventory discover
command to discover the address from the Bifrost node inventory.
Enables ProxySQL by default. ProxySQL can be disabled by setting the
kolla_enable_proxysql
variable tofalse
.
Adds support for using different interface than Bifrost PXE one for admin interface during
overcloud provision
. This can be enabled by settingkolla_bifrost_use_introspection_mac
totrue
or settingkolla_bifrost_ipv4_interface_mac
in respective hosthost_vars
.
Adds support for customising Neutron physical network names using the
physical_network
network attribute.
Adds support for specifying
boot_firmware
andmachine
variables to seed and infra VMs. This can be used to launch VMs in UEFI boot mode with Q35 machine type.
Bumps stackhpc.libvirt-vm Ansible role to
v1.16.1
.
Adds support for configuring Apt preferences under
/etc/apt/preferences.d
.
Adds support for skipping SSH keyscan when configuring switches using
kayobe physical network configure
using aswitch_skip_keyscan
variable.
Adds support for Ubuntu Noble Numbat (24.04) LTS as a host and container Operating System for seed, seed hypervisor and overcloud hosts. Default Ubuntu version has been changed to Ubuntu Noble (24.04) LTS.
Adds validation to protect against executing Kayobe from within a different Kayobe configuration repository than the one referred to by environment variables (e.g.
KAYOBE_CONFIG_PATH
) or CLI arguments (e.g.--config-path
).
Upgrade Notes¶
Python 3.9.x is no longer supported on the control host. On Rocky Linux 9, please recreate your virtualenv with
python3.12
.
Updates the maximum supported version of Ansible from 9.x (ansible-core 2.16) to 10.x (ansible-core 2.17). The minimum supported version is updated from 8.x to 9.x. On Rocky Linux 9, you will need to recreate your Kayobe virtualenv using
python3.12
as support forpython3.9
has been dropped.
Bumps the
stackhpc.linux
collection to 1.3.0. Note this version uses systemd to activate virtual functions. This change is restricted to thestackhpc.linux.sriov
role, which is not used by Kayobe. If a custom playbook uses this role, you can retain existing behaviour by settingsriov_numvfs_driver
toudev
.
Ansible plugins, roles, and collections (collectively known as extensions) installed in Kayobe configuration no longer have precedence over internal Kayobe variants of the same extension. You can revert back to the previous behaviour by manually exporting the relevant Ansible variables, e.g
ANSIBLE_COLLECTIONS_PATH
. It is not anticipated that this will affect many users as it is still possible to supplement Kayobe with additional plugins.
System folders and home directories are no longer searched when looking for Ansible extensions. It is recommended to install your collections using
$KAYOBE_CONFIG_PATH/ansible/requirements.yml
.
Kayobe no longer overrides the enabled and default Ironic hardware types and interfaces. This ensures that changes to the default values in Ironic are automatically adopted. These may still be customised via the existing Kayobe variables in
${KAYOBE_CONFIG_PATH}/ironic.yml
, e.g.kolla_ironic_enabled_hardware_types
.The default configuration generated by Kayobe in Caracal was:
enabled_hardware_types = ipmi enabled_bios_interfaces = no-bios enabled_boot_interfaces = ipxe,pxe enabled_console_interfaces = ipmitool-socat,no-console enabled_inspect_interfaces = inspector,no-inspect enabled_management_interfaces = ipmitool enabled_network_interfaces = noop,flat,neutron enabled_power_interfaces = ipmitool enabled_raid_interfaces = agent,no-raid enabled_rescue_interfaces = agent,no-rescue enabled_vendor_interfaces = no-vendor
In Dalmatian, Ironic defaults are:
enabled_hardware_types = ipmi,redfish enabled_bios_interfaces = no-bios,redfish enabled_boot_interfaces = ipxe,pxe,redfish-virtual-media enabled_console_interfaces = no-console enabled_inspect_interfaces = no-inspect,redfish enabled_management_interfaces = <determined by enabled hardware types> enabled_network_interfaces = flat,noop enabled_power_interfaces = <determined by enabled hardware types> enabled_raid_interfaces = agent,no-raid,redfish enabled_rescue_interfaces = no-rescue enabled_vendor_interfaces = ipmitool,redfish,no-vendor
In particular, note that the
neutron
network interface is no longer enabled by default.
Updates the minimum supported version of Ansible from 2.15 to 2.16, and the maximum supported version from 2.17 to 2.18 in the Kolla Ansible virtualenv. The Python version used to install Kolla Ansible on Rocky 9 is bumped to 3.12.
The
physical_network
attribute must now be applied consistently to all external networks in Kayobe configuration. If any external network has the attribute, then all others must also.
Updates the default Neutron ML2 type drivers and tenant network types to use
geneve
instead ofvxlan
when OVN is enabled. This affects thekolla_neutron_ml2_type_drivers
andkolla_neutron_ml2_tenant_network_types
variables.
Bumps the
nvidia.nvue
collection to 1.2.6.
If you have customized
inspector_keep_ports
, ensure it is set to one of:all
,present
, oradded
. Prior to this release, settinginspector_keep_ports
to any truthy value would result in thekeep_ports
Ironic Inspector configuration option being set topresent
. As the default value ofinspector_keep_ports
isadded
, we are effectively changing the default value ofkeep_ports
frompresent
toadded
. If you are relying on the previous behaviour you should setironic_keep_ports
topresent
.
Changes the default boot firmware for seed and infra VMs to
efi
. Setinfra_vm_boot_firmware
andseed_vm_boot_firmware
tobios
to retain existing behaviour.
Security Issues¶
When running API requests from a host configured with kayobe, traffic destined for the internal VIP is sent via the default proxy. This can be a security issue if not using TLS as the proxy will be able to intercept the traffic. If using an untrusted proxy, with TLS disabled on the internal VIP, it is recommended that you run
kayobe overcloud host configure -t proxy
,kayobe seed hypervisor host configure -t proxy
,kayobe seed host configure -t proxy
, andkayobe infra vm host configure -t proxy
, to add the internal VIP to the no proxy configuration. This is considered a minor issue as traffic between containers will not use the proxy by default. LP#2087556
Avoid leaking DNF repository username/password credentials in the Kayobe output by adding loop control to print only the repository key. LP#2087938
Bug Fixes¶
eos_config
does not support theprovider
parameter since Ansible 7. Users are required to update their configuration according to Arista EOS documentation.
Fixes IPA and host image build failures when Git was not installed on the build host. LP#2058922
Fixes an issue where task ‘Ensure ironic nodes use the new Ironic Python Agent (IPA) images` fails with ‘dict object’ has no attribute ‘deploy_kernel’. LP#2083014
The
proxysql
image is now built whenkolla_enable_proxysql
is set totrue
.
Avoid leaking DNF repository username/password credentials in the Kayobe output by adding loop control to print only the repository key. LP#2087938
Fixes an issue where networking failed to come up after kayobe
overcloud host provision
as cloud-init wasn’t installed. Addcloud-init
element toovercloud_dib_elements_default
so it’s no longer missing. Expected behavior was thatcloud-init-datasource
had it as dependency.
Fixes a bug where systemd-networkd was not permanently enabled when the unit was already in state
runtime-enabled
. LP#2073100
Updates the group and mode set on the
/var/log/journal
directory to match default ownership and permissions used bysystemd-journald
. LP#2083494
Fixes generation of kernel parameters when the GRUB_CMDLINE_LINUX_DEFAULT variable is absent from
/etc/default/grub
. LP#2083874.
The Ansible search paths, when running Kayobe internal playbooks, have been modified so that collections, roles and plugins internal to the Kayobe installation have precedence over those installed in Kayobe configuration. This improves the usability as it is now possible to install a newer version of an extension without affecting internal Kayobe playbooks. LP#2056473
Fixes an issue when using overcloud Ironic with a shared Ansible control host. The use of a shared cache directory could lead to a failure to download Ironic Python Agent (IPA) images. LP#2069845
inspector_keep_ports
can be set to one of:all
,present
,added
. The previous behavior was to set this topresent
if the variable was changed to any truthy value. This respects the behavior indicated in the comments.
Fixes compatibility with Rocky Linux 9.4 GenericCloud images by switching to
efi
boot firmware.
Switches to using
ansible-core
based kolla-ansible install. This is a workaround for LP#2072979, but also results in a lighter weight install.
Switches to using a newer version of the docker community collection to workaround issues using the docker ansible modules with certain combinations of python libraries. See LP#2072979.