Ocata Series Release Notes

4.0.5

Upgrade Notes

• Fixes an issue with the barbican service when using the simple_crypto plugin whereby an invalid value is generated and used as the plugin’s encryption key.

  The encryption key is configured via the [simple_crypto_plugin]: kek configuration option in barbican.conf. This option was previously configured using the kolla-ansible variable barbican_crypto_password, but is now configured using barbican_crypto_key which uses the correct format.

  Operators that have set barbican_crypto_password to a valid value to work around this issue should ensure that barbican_crypto_key is configured in passwords.yml with the same value that was used for barbican_crypto_password. This will ensure that existing barbican secrets can be decrypted.

  The variable barbican_crypto_password may safely be removed from passwords.yml.

4.0.4

Upgrade Notes

• ceph_rgw_keystone_password is required in passwords.yml file. And ceph-rgw depends on a separate user rather than keystone admin user now.

4.0.0

Prelude

There any multiple options available to an operator with regards to how they wish to provision devices for use with Ceph OSDs. One of those is to co-locate the data and journal on a disk, which is done by marking a partition on that disk with KOLLA_CEPH_OSD[_CACHE]_BOOTSTRAP. If an unwitting user happened to confuse this with the partition based approach, they could wipe out their entire disk, resulting in data loss.

Infra team will start running python35 jobs target to replace current python34 jobs This is due to the change from Ubuntu Trusty to Xenial, where python3.5 will be available.

Designate is an OpenStack project, providing DNSaaS.

During the Newton cycle support for baremetal provisioning with bifrost was added to kolla. Bifrost is a collection of ansible roles and playbooks to deploy a standalone instance of ironic.

In Newton cycle we included means to change various things in Kolla images using override file. Full customization guide can be found here http://docs.openstack.org/developer/kolla/image-building.html#dockerfile-customisation

• In the Newton cycle a new kolla-host playbook was introduced. The kolla-host playbook is intended to prepare servers for use as kolla deployment hosts. The kolla-host playbook requires the nodes to have an os installed and be reachable via ssh. Currently the kolla-host playbook supports ubuntu 14.04, ubuntu 16.04 and centos 7.2 as target servers. See features section for more details.

Added performance monitoring stack based on InfluxDB, Telegraf and Grafana.

• Move manila-share service to network node.

• Kolla now deploys Nova in cells v2 mode.

In most of case, the disks used by ceph have different size. Use the default value 1 may block the ceph when one disk is full. Use the disk size as osd weight will more reasonally.

New Features

• Implement Aodh ansible role

• To produce a secret storage and generation system capable of providing key management for services wishing to enable encryption features.

• Add ceilometer ansible role

• The Ceph bootstrap will now pause requesting confirmation from the operator if it detects a bootstrap label on a disk with more than one partition. An operator may override this behaviour by setting the Ansible variable ‘ceph_osd_wipe_disk’ to ‘yes-i-really-really-mean-it’.

• When Cinder, iSCSI and the LVM driver are enabled, check that the appropriate volume group exists on the target nodes.

• Add cloudkitty, the Rating as a Service component.

• Add collectd ansible role

• Add ansible role for openstack congress project which provide policy as a service across any collection of cloud services in order to offer governance and compliance for dynamic infrastructures.

• use dumb-init to manage the pid 1 process

• Add full support for fernet with distributed token node syncing

• Add Fluentd role, Fluentd is an open source data collector for unified logging layer

• Freezer is a distributed backup restore and disaster recovery as a service platform Add freezer ansible role

• Implement Gnocchi ansible role

• add grafana log in heka

• Add jinja2 header blocks to each Dockerfile.

• Allow cinder-volume to be configured to use HNAS nfs.

• Add Karbor ansible role, Karbor is an OpenStack project that provides a pluggable framework for protecting and restoring Data and Metadata.

• Add multipathing support to docker container.

• Allow mysql to be used as a database for Ceilometer.

• Add some extra prechecks to ensure a sane NIC config.

• Add neutron Service Function Chaining (sfc) support. Service Function Chaining is a mechanism for overriding the basic destination based forwarding that is typical of IP networks

• Introduce a new property “enable_neutron_dvr”. Set to “yes” to deploy Neutron with DVR.

• Add support for LBaaSv2 with HAproxy container.

• Add neutron-vpnaas role

• Add Panko role, Panko is a component of the Telemetry project

• Add Python 3.5 classifier and venv

• Implement rally ansible role

• Start using reno.

• Implement Sahara ansible role

• Add solum ansible role

• Implement Trove ansible role

• Add vmtp support to docker container.

• Introduce OpenStack Infrastructure Optimization service, also known as Watcher. This project makes use of Ceilometer data to rebalance the cloud to meet declared goals and strategies.

• Add a new variable for the Ceph role, ‘kolla_ceph_use_udev’, which when set to ‘False’ relies on system tools such as sgdisk/blkid to read the necessary disk info required to bootstrap Ceph disks on older systems. Most operators should not need to change this.

• Designate deployment through Ansible with Bind9 as backend for DNS.

• Implement Ansible Tempest role

• A new deploy-bifrost command was added to kolla-ansible. The deploy-bifrost command will deploy and bootstrap a standalone instance of ironic in a single container.

• A new deploy-server command was added to kolla-ansible. The deploy-server command uses a locally deployed instance of bifrost to enrole servers with ironic and provision their os.

• New option enable_neutron_agent_ha added to enable/disable dhcp/l3 agent high availability, dhcp_agents_per_network is default to 2 and it’s configurable for user.

• Add support for CADF event notifications. This standard provides auditing capabilities for compliance with security, operational, and business processes and supports normalized and categorized event data for federation and aggregation.

• Change Ceph version to Jewel

• Docker image for CloudKitty, the rating as a service component of OpenStack.

• Allow the use of a database backend for Horizon sessions.

• Allow customisation of policy.json files per service.

• Allow operators to customise the installation of pip within kolla-toolbox.

• deprecated –include-header and –include-footer parameter

• Run ansible playbooks in serial is disabled by default now. Serial is not recommended. But you can enable it by configuring ANSIBLE_SERIAL environment variable.

• Customization mechanism for dockerfile

• Customization implemented in most of OpenStack services

• Ability to modify repositories, packages installed and keys installed

• Ability to inject or override code in certain placess across dockerfiles

• Enable the nova microversion api

• Add etcd ansible role

• Add etcd docker container

• Implement MongoDB replicate set cluster

• Implement Octavia Ansible role

• Import Murano core libary during install required for Murano operation.

• support use gnocchi collector in cloudkitty

• The kolla-host playbook supports bootrapping clean os installations to enable them to be used as kolla hosts. When the playbook completes the bootstraped systems should pass the kolla prechecks.

• The kolla-host playbook will install docker 1.11 and docker-py on all baremetal nodes.

• The kolla-host playbook will configure /etc/host with the hostname and ip address of all nodes in the kolla inventroy if customize_etc_host set to its default value of True.

• Add support for neutron-fwaas. Set ‘enable_neutron_fwaas: yes’ to enable.

• Add kuryr ansible role

• Support for Influxdb v1.0.0

• Support for Telegraf v0.10.1

• Support for Grafana v3.1.1

• Fix the implementation of Neutron physical network provisioning, operators can now configure multiple physical networks using augmentation files.

• Pin the base distro release version.

• Kolla-ansible reconfigure rework to increase reconfigure performance

• Implement Senlin Container

• Use [oslo_messaging_notifications]/driver option in cinder.conf to enable block storage meters.

• support using the disk size as the osd weight when osd_initial_weight is auto

• LDAP & AD support has been added to the base images, and support for Keystone multidomains config files.

• OpenStack Tacker NFV service Ansible support is included in Kolla.

• Upgrade Ubuntu base image to Xenial

Known Issues

• The performance monitoring stack currently in use in Kolla is experimental. The components used to compose the performance monitoring stack may change in Ocata, and the implementation will certainly be far improved in Ocata.

• Ubuntu 14.04 is eol. We should move to Ubuntu 16.04 in Newton cycle.

Upgrade Notes

• Heka is deprecated and is replaced with Fluentd

• Version of Ceph has been changed from Hammer to Jewel

• Nova cells are required as of Ocata release, before upgrade database should be created. Due a bug in Nova, only latest code can be used to create default cells. Ensure nova is fully updated and have this patch applied before start upgrade to Ocata https://review.openstack.org/#/c/420051/ or upgrade to Kolla 3.0.3 first.

• should move use header and footer block in template overrides file

• Kibana version changed from 4.4 to 4.6.

• The wrong service type of the Mistral keystone endpoint was fixed. Prior to a upgrade manually change the service type of an existing Mistral keystone endpoint from ‘application_catalog’ to ‘workflowv2’.

• Is required that for the generic driver the manila-share service should be run on the network node. The generic driver is our default driver, so this change is needed.

• There is new required option in passwords.yaml - placement_keystone_password. To populate this variable with random password, simply add it to passwords.yaml and re-run kolla-genpwd

• There is new required group in inventory. Please add these lines to your inventory:

  [placement:children] control

  [placement-api:children] placement

• RabbitMQ version was increased to 3.6.2

• Fedora based Docker images were removed. Fedora based Docker images were deprecated as of the Newton release cycle.

• cinder_rbd_secret_uuid variable is requirement in passwords.yml file

• the os_initial_weight still has the default value 1, it will not break cluster when upgrading.

Deprecation Notes

• Fedora based Docker images are deprecated as of the Newton release and will be removed during the Ocata cycle. Further details below the following URL http://lists.openstack.org/pipermail/openstack-dev/2016-September/104011.html

• Nova network was deprecated in the Nova project in April 2016. The nova-network container is deprecated as of the Newton release and will be removed in the future.

• Heka is deprecated and will be replaced in Ocata cycle

• The nova-network was deprecated, we remove it from the nova ansible role.

Security Issues

• The kolla-host playbook will create a kolla user on all nodes using the ssh-key specified in the passwords.yml. The kolla user will be granted passwordless sudo privileges on the host. this behavior can be disabled by setting create_kolla_user=False

Bug Fixes

• Change Barbican default secret store to pkcs11 instead of default one. Add barbican_p11_password to passwords.yml

• The wrong urls of Cinder Service endpoints was fixed.

• Integrates gnocchi with ceph to resolve the the lack of HA.

Other Notes

• Congress doesn’t work correctly out of the box and will not deploy. See Bug

• Reducing disk footprint for Ubuntu/Debian images by only installing English locales and no documentation files.