Current Series Release Notes

19.0.0.0rc1-93

New Features

• Adds infra-vms to container-engine group to allow for Docker/Podman to be installed.

• Add support for easily viewing the content of kolla/passwords.yml with the new command kayobe overcloud service passwords view.

• Adds variable dnf_repo_state_overrides to enable repositories that are defined but not enabled by default. This only works on RHEL-based distributions that use dnf.

• Adds a new variable: kayobe_path, which is set to the path of the git repository where the Kayobe source code is located for editable installs, or the installation path in the virtualenv where the ansible folder is located, in the case of a regular install.

• The internal network is no longer required on hosts that are not mapped to the Kolla Ansible inventory. Hosts can be excluded from the Kolla Ansible inventory by not mapping their groups in kolla_overcloud_inventory_top_level_group_map. This allows provisioning of infrastructure hosts such as external storage nodes without requiring OpenStack-specific network configuration.

• Adds neutron_dns_servers network attribute to configure DNS on the networks registered in OpenStack. See Kayobe documentation on network configuration for more details.

• Allows configuring inspector_keep_ports for Bifrost via kolla_bifrost_inspector_keep_ports (defaults to present to match Bifrost).

• Adds support for bootstrapping Python on Ubuntu through a proxy.

• Bumps stackhpc.linux Ansible collection to v1.5.1. This adds support for configuring MIG devices without creating vGPUs.

• Adds support for managing the Ansible control host configuration. This is provided by the new kayobe control host configure command, and uses the existing host configuration features in Kayobe.

  Also provided is a kayobe control host command run command for running commands on the Ansible control host, and a kayobe control host package update command for updating its OS packages.

• Added a new variable, custom_etc_hosts_entries, for appending entries to /etc/hosts. This is a generic mechanism which, unlike etc_hosts_hosts, can be used to add hosts outside of the Kayobe inventory. custom_etc_hosts_entries is a dictionary, where each key is a hostname and each value is an IP.

• Added the tag bifrost to kolla-bifrost.yml so that we can easily limit to Bifrost in kayobe seed service deploy.

• Deprecated the options --kolla-tags and kolla-limit for all commands. Regular --tags and --limit will now be passed directly to the Kolla-Ansible invocations. Added the tag kayobe-generate-config to kolla-ansible.yml and kolla-openstack.yml. This tag is now always called, to allow for limiting to OpenStack services with just one tag, e.g. kayobe overcloud service deploy -t nova. You can still skip this with --skip-tags kayobe-generate-config.

• Configure inspection network DNS servers to enable Ironic inspection when kolla_internal_fqdn is set.

• Skip external connectivity check behind a proxy.

• Adds an opt-in nmstate network engine (network_engine: nmstate) for host network configuration via NetworkManager/libnmstate.

  Supports Ethernet, VLAN, bond, bridge, routes, and routing rules, and adds OVS patch-link veth generation for overcloud bridge-to-OVS connectivity.

  Adds structured ethtool configuration via <network>_ethtool_config for ring parameters and selected offload features.

  The nmstate network engine is only supported on Rocky Linux. Ubuntu Noble is not supported because the required system packages (nmstate, python3-libnmstate) are not available in Ubuntu repositories. Attempting to use nmstate on Ubuntu will fail with a clear error message directing users to use the default network engine.

• The OS distribution and release used to build IPA images can now be customised using the ipa_build_distro and ipa_build_release overrides.

• Adds support for installing and configuring fail2ban. See the docs http://docs.openstack.org/kayobe/latest/configuration/reference/hosts.html#fail2ban for more information.

• Added a feature that allows operators to install custom CA certificates into the system trust store. Operators can drop CA files into $KAYOBE_CONFIG_PATH/trust-store/ or into trust-store/ subdirectories of environment search paths. See Kayobe documentation on custom CA certificates for more details.

Known Issues

• NTP configuration was missing from infrastructure VMs because infra-vms was not present under the [ntp] group. Operators should ensure the most recent upstream kayobe-config is merged into their local configuration to resolve this issue.

Upgrade Notes

• Rocky Linux based Ironic Python Agent images are now built in Rocky Linux based deployments rather than CentOS Stream: ipa_build_dib_elements_default uses rocky-container element; ipa_build_dib_packages includes the python3-yaml package; ipa_build_dib_env_default uses specified os_release; and container runtime is set to container_engine.

• baremetal element now included in ipa_build_dib_elements_default

• Updates the maximum supported version of Ansible from 12 (ansible-core 2.19) to 13 (ansible-core 2.20). The minimum supported version is updated from 11.x to 12.x. This is true for both Kayobe and Kolla Ansible.

• Deprecated the options --kolla-tags and kolla-limit for all commands. Regular --tags and --limit will now be passed directly to the Kolla-Ansible invocations. Added the tag kayobe-generate-config to kolla-ansible.yml and kolla-openstack.yml. This tag is now always called, to allow for limiting to OpenStack services with just one tag, e.g. kayobe overcloud service deploy -t nova. You can still skip this with --skip-tags kayobe-generate-config.

• Python 3.10 and 3.11 are no longer supported on the control host. Use Python 3.12 as a minimum version for the Kayobe virtualenv.

• Introduces network_engine in globals.yml to control which engine is used to configure network interfaces. The options are default, which uses MichaelRigart.interfaces on Enterprise Linux and systemd-networkd on Ubuntu, and nmstate.

• With nmstate, ethtool settings use structured YAML in <network>_ethtool_config. default engine behavior is unchanged.

• With network_engine: nmstate, <network>_rules entries must use dict format (keys such as from, to, priority, table). String-format rules are rejected on the nmstate path. default engine behavior is unchanged.

• Switching to nmstate may reconfigure host networking and cause temporary connectivity disruption.

Security Issues

• Prevents sensitive inspector rules from appearing in ansible output.

Bug Fixes

• Reduces clock synchronisation race conditions before running Kolla by waiting for timedatectl to report NTPSynchronized=yes when ntp_force_sync is enabled.

  This improves reliability of deployments where services are sensitive to clock skew immediately after NTP configuration.

• Fixes generation of Bifrost host variable files when ipv4_gateway is undefined. LP#2133489

• valkey images are now built when kolla_enable_valkey is set to true.

• Bumps stackhpc.linux Ansible collection to v1.5.1. This fixes race conditions in setup of vGPU SR-IOV devices.

• Fixes swap configuration for the seed hypervisor, seed and infra VM hosts. LP#2138800

• Bumps version of nvidia.nvue Ansible collection from 1.2.6 to 1.2.9. This fixes an issue where switch configuration could not be applied to switches running Cumulus Linux 5.13. See LP#2131677 for more details.

• Fixes an issue building diskimage-builder images when EPEL is disabled. See LP#2141684 for more details.

• Fixes an issue building diskimage-builder images when using the podman container engine, See LP#2142501 for more details.

• Fixes an issue where internal kayobe lookup plugins could not be used in external playbooks. LP#2142876