2024.2 Series Release Notes

17.6.0-7

Upgrade Notes

  • The default bootstrap user has been changed to cloud-user if os_distribution is set to centos. Set *_bootstrap_user variables to centos to retain existing behaviour.

Bug Fixes

  • The default bootstrap user has been changed to cloud-user if os_distribution is set to centos, to match official cloud images.

  • Fixes issue when Bifrost hostvars file incorectly generated by Kayobe. LP#2045927

  • Fixes a regression in network connectivity check when using the no_ip attribute. LP#2125560

  • Fixes --check and --diff CLI arguments not being passed into Kolla Ansible commands. LP#2123834

17.6.0

New Features

  • The neutron-bgp-dragent container will now be built by default when kolla_enable_neutron_bgp_dragent is true.

Upgrade Notes

  • Deployments using Juniper Junos OS switches are required to update their configuration according to Juniper Junos OS documentation. This is due to the junos_config module dropping support for the provider parameter.

Bug Fixes

  • Fixes duplicate OS_CACERT lines in public-openrc.sh when both admin and public cacert variables are set. LP#2116318

  • Fixes configuration of backend TLS when network nodes are separate from controllers. LP#2117084

  • Fixes wrong name of gpgkey used for EPEL repositories when dnf_use_local_mirror is enabled. LP#2119921

  • Fixes CentOS Stream 9 seed and infra VMs not booting by switching to an EFI-compatible image. LP#2121588

  • Fixes an issue where incorrect network-data.json would be generated when interfaces without IP addresses are attached to infrastructure VMs. LP#2118403

  • Fixes failure to activate SR-IOV on GPU devices by bumping the stackhpc.linux collection to v1.3.4.

  • Fixes support for empty strings in the dev-tools package lists. This allows using expressions such as {{ 'foo' if os_distribution == 'rocky' else '' }}. LP#2115000

  • Fixes network connectivity check when a subset of hosts have the no_ip property set via group or host variables. LP#2120918

17.5.0

New Features

  • Adds a new dev script dev/rabbitmq-migrate-queues.sh that will enable quorum queues and migrate RabbitMQ to use these.

  • Deploying and destroying infrastructure VMs is now significantly faster as only the required variables are passed to the relevant tasks as opposed to the entire collection of hostvars for each VM.

Upgrade Notes

  • The openstacksdk_upper_constraints_file variable now defaults to the value of pip_upper_constraints_file. Set openstacksdk_upper_constraints_file to "https://releases.openstack.org/constraints/upper/{{ openstack_release }}" if you want to retain existing behaviour.

  • Updates the default cloud image for CentOS Stream 9 deployments to use CentOS-Stream-GenericCloud-9-latest.x86_64.qcow2.

Bug Fixes

  • Ensure the OS_SYSTEM_SCOPE environment variable is present in openstack_auth to prevent authentication issues occurring in baremetal-compute playbooks. LP#2111103

  • Fixes public-openrc.sh missing the OS_CACERT variable when absent from admin-openrc.sh. LP#2110549

  • Bumps the MichaelRigart.interfaces role to v1.15.4 to fix compatibility with CentOS Stream 9 due to changes in the iproute package.

  • Bumps the stackhpc.libvirt-vm role to v1.16.3 to fix seed and infra VM provisioning failures on Rocky Linux 9.6.

  • Fixes an issue building images with a regex when no image registry is set LP#2112646

  • Fixes ipa_kernel_options_default when ipa_collect_lldp is set to false. LP#2110505

  • Bumps MichaelRigart.interfaces to fix an issue where kayobe overcloud host configure would fail to template during the networking tasks on Rocky hosts, with the error Could not load "ipaddr". LP#2107335

  • Fixes an issue on boot where vgpu devices would fail to start due to a race condition in the startup logic. See LP#2102153 for more details.

  • Adds a name field to elements of apt_repositories, which specifies the name of the repository file (without the .sources suffix). The default value of this field is kayobe and it may be omitted. The user can override the default by providing a different name, such as ubuntu, and new repository data. This way, the default file, /etc/apt/source.list.d/ubuntu.sources, will be overwritten by the provided repository configuration. LP#2107280

17.4.0

New Features

  • Supports forcing time synchronisation after configuring chrony if ntp_force_sync is changed to True.

Bug Fixes

  • Bumps the MichaelRigart.interfaces role to v1.15.3 to fix an issue where NetworkManager was not restarted before bouncing network interfaces. LP#2100792

17.3.0

New Features

  • Adds variables to configure authentication parameters in the image-download role, which is used to download IPA images. The new variables are image_download_url_username, image_download_url_password, image_download_force_basic_auth and image_download_unredirected_headers. See documentation of the get_url and uri Ansible modules for more details on how to use these variables.

Bug Fixes

  • Fixes an issue where slave interfaces would not be brought back up when bouncing the master interface. LP#2072340.

17.2.0

Bug Fixes

  • Fixes a bug where non-overcloud hosts would show up in the confirmation prompt for kayobe overcloud deprovision LP#2091703

17.1.0

Bug Fixes

  • Pin requirements for IPA image build to ensure that the ironic-lib version matches ironic-python-agent. LP#2089263

17.0.0

New Features

  • Added initial support for systemd-networkd link configuration, now you can configure and rename the name of a network interface if you know the MAC address of the interface.

  • Adds the internal VIP to the NOPROXY/noproxy environment variables.

  • Ironic Inspector configuration can now be customised by placing config overrides in the $KAYOBE_CONFIG_PATH/kolla/config/ironic-inspector or $KAYOBE_CONFIG_PATH/environments/<environment>/kolla/config/ironic-inspector directories. This can be used to a define a known_devices.yaml file which is used to configure the accelerators plugin in Ironic Inspector.

  • Adds support for setting whether an Apt repo is trusted.

  • The kolla_base_arch variable has been introduced, allowing users to specify the architecture for base container images. This supports cross-architecture builds, enabling the building of images for architectures different from the host machine (e.g., building aarch64 images on an x86_64 machine).

    By default, kolla_base_arch is set to the detected architecture ({{ ansible_facts.architecture }}). However, when kolla_base_arch differs from the host architecture, the multiarch/qemu-user-static image is used to facilitate cross-arch builds.

  • Adds support for using Cumulus switches (NCLU and NVUE) with Networking Generic Switch.

  • Adds a new redfish_address variable and extends the kayobe overcloud inventory discover command to discover the address from the Bifrost node inventory.

  • Enables ProxySQL by default. ProxySQL can be disabled by setting the kolla_enable_proxysql variable to false.

  • Adds support for using different interface than Bifrost PXE one for admin interface during overcloud provision. This can be enabled by setting kolla_bifrost_use_introspection_mac to true or setting kolla_bifrost_ipv4_interface_mac in respective host host_vars.

  • Adds support for customising Neutron physical network names using the physical_network network attribute.

  • Adds support for specifying boot_firmware and machine variables to seed and infra VMs. This can be used to launch VMs in UEFI boot mode with Q35 machine type.

  • Bumps stackhpc.libvirt-vm Ansible role to v1.16.1.

  • Adds support for configuring Apt preferences under /etc/apt/preferences.d.

  • Adds support for skipping SSH keyscan when configuring switches using kayobe physical network configure using a switch_skip_keyscan variable.

  • Adds support for Ubuntu Noble Numbat (24.04) LTS as a host and container Operating System for seed, seed hypervisor and overcloud hosts. Default Ubuntu version has been changed to Ubuntu Noble (24.04) LTS.

  • Adds validation to protect against executing Kayobe from within a different Kayobe configuration repository than the one referred to by environment variables (e.g. KAYOBE_CONFIG_PATH) or CLI arguments (e.g. --config-path).

Upgrade Notes

  • Python 3.9.x is no longer supported on the control host. On Rocky Linux 9, please recreate your virtualenv with python3.12.

  • Updates the maximum supported version of Ansible from 9.x (ansible-core 2.16) to 10.x (ansible-core 2.17). The minimum supported version is updated from 8.x to 9.x. On Rocky Linux 9, you will need to recreate your Kayobe virtualenv using python3.12 as support for python3.9 has been dropped.

  • Bumps the stackhpc.linux collection to 1.3.0. Note this version uses systemd to activate virtual functions. This change is restricted to the stackhpc.linux.sriov role, which is not used by Kayobe. If a custom playbook uses this role, you can retain existing behaviour by setting sriov_numvfs_driver to udev.

  • Ansible plugins, roles, and collections (collectively known as extensions) installed in Kayobe configuration no longer have precedence over internal Kayobe variants of the same extension. You can revert back to the previous behaviour by manually exporting the relevant Ansible variables, e.g ANSIBLE_COLLECTIONS_PATH. It is not anticipated that this will affect many users as it is still possible to supplement Kayobe with additional plugins.

  • System folders and home directories are no longer searched when looking for Ansible extensions. It is recommended to install your collections using $KAYOBE_CONFIG_PATH/ansible/requirements.yml.

  • Kayobe no longer overrides the enabled and default Ironic hardware types and interfaces. This ensures that changes to the default values in Ironic are automatically adopted. These may still be customised via the existing Kayobe variables in ${KAYOBE_CONFIG_PATH}/ironic.yml, e.g. kolla_ironic_enabled_hardware_types.

    The default configuration generated by Kayobe in Caracal was:

    enabled_hardware_types = ipmi
enabled_bios_interfaces = no-bios
enabled_boot_interfaces = ipxe,pxe
enabled_console_interfaces = ipmitool-socat,no-console
enabled_inspect_interfaces = inspector,no-inspect
enabled_management_interfaces = ipmitool
enabled_network_interfaces = noop,flat,neutron
enabled_power_interfaces = ipmitool
enabled_raid_interfaces = agent,no-raid
enabled_rescue_interfaces = agent,no-rescue
enabled_vendor_interfaces = no-vendor

    In Dalmatian, Ironic defaults are:

    enabled_hardware_types = ipmi,redfish
enabled_bios_interfaces = no-bios,redfish
enabled_boot_interfaces = ipxe,pxe,redfish-virtual-media
enabled_console_interfaces = no-console
enabled_inspect_interfaces = no-inspect,redfish
enabled_management_interfaces = <determined by enabled hardware types>
enabled_network_interfaces = flat,noop
enabled_power_interfaces = <determined by enabled hardware types>
enabled_raid_interfaces = agent,no-raid,redfish
enabled_rescue_interfaces = no-rescue
enabled_vendor_interfaces = ipmitool,redfish,no-vendor

    In particular, note that the neutron network interface is no longer enabled by default.

  • Updates the minimum supported version of Ansible from 2.15 to 2.16, and the maximum supported version from 2.17 to 2.18 in the Kolla Ansible virtualenv. The Python version used to install Kolla Ansible on Rocky 9 is bumped to 3.12.

  • The physical_network attribute must now be applied consistently to all external networks in Kayobe configuration. If any external network has the attribute, then all others must also.

  • Updates the default Neutron ML2 type drivers and tenant network types to use geneve instead of vxlan when OVN is enabled. This affects the kolla_neutron_ml2_type_drivers and kolla_neutron_ml2_tenant_network_types variables.

  • Bumps the nvidia.nvue collection to 1.2.6.

  • If you have customized inspector_keep_ports, ensure it is set to one of: all, present, or added. Prior to this release, setting inspector_keep_ports to any truthy value would result in the keep_ports Ironic Inspector configuration option being set to present. As the default value of inspector_keep_ports is added, we are effectively changing the default value of keep_ports from present to added. If you are relying on the previous behaviour you should set ironic_keep_ports to present.

  • Changes the default boot firmware for seed and infra VMs to efi. Set infra_vm_boot_firmware and seed_vm_boot_firmware to bios to retain existing behaviour.

Security Issues

  • When running API requests from a host configured with kayobe, traffic destined for the internal VIP is sent via the default proxy. This can be a security issue if not using TLS as the proxy will be able to intercept the traffic. If using an untrusted proxy, with TLS disabled on the internal VIP, it is recommended that you run kayobe overcloud host configure -t proxy, kayobe seed hypervisor host configure -t proxy, kayobe seed host configure -t proxy, and kayobe infra vm host configure -t proxy, to add the internal VIP to the no proxy configuration. This is considered a minor issue as traffic between containers will not use the proxy by default. LP#2087556

  • Avoid leaking DNF repository username/password credentials in the Kayobe output by adding loop control to print only the repository key. LP#2087938

Bug Fixes

  • eos_config does not support the provider parameter since Ansible 7. Users are required to update their configuration according to Arista EOS documentation.

  • Fixes IPA and host image build failures when Git was not installed on the build host. LP#2058922

  • Fixes an issue where task ‘Ensure ironic nodes use the new Ironic Python Agent (IPA) images` fails with ‘dict object’ has no attribute ‘deploy_kernel’. LP#2083014

  • The proxysql image is now built when kolla_enable_proxysql is set to true.

  • Avoid leaking DNF repository username/password credentials in the Kayobe output by adding loop control to print only the repository key. LP#2087938

  • Fixes an issue where networking failed to come up after kayobe overcloud host provision as cloud-init wasn’t installed. Add cloud-init element to overcloud_dib_elements_default so it’s no longer missing. Expected behavior was that cloud-init-datasource had it as dependency.

  • Fixes a bug where systemd-networkd was not permanently enabled when the unit was already in state runtime-enabled. LP#2073100

  • Updates the group and mode set on the /var/log/journal directory to match default ownership and permissions used by systemd-journald. LP#2083494

  • Fixes generation of kernel parameters when the GRUB_CMDLINE_LINUX_DEFAULT variable is absent from /etc/default/grub. LP#2083874.

  • The Ansible search paths, when running Kayobe internal playbooks, have been modified so that collections, roles and plugins internal to the Kayobe installation have precedence over those installed in Kayobe configuration. This improves the usability as it is now possible to install a newer version of an extension without affecting internal Kayobe playbooks. LP#2056473

  • Fixes an issue when using overcloud Ironic with a shared Ansible control host. The use of a shared cache directory could lead to a failure to download Ironic Python Agent (IPA) images. LP#2069845

  • inspector_keep_ports can be set to one of: all, present, added. The previous behavior was to set this to present if the variable was changed to any truthy value. This respects the behavior indicated in the comments.

  • Fixes compatibility with Rocky Linux 9.4 GenericCloud images by switching to efi boot firmware.

  • Switches to using ansible-core based kolla-ansible install. This is a workaround for LP#2072979, but also results in a lighter weight install.

  • Switches to using a newer version of the docker community collection to workaround issues using the docker ansible modules with certain combinations of python libraries. See LP#2072979.