Current Series Release Notes

Current Series Release Notes¶

20.0.0-65¶

New Features¶

TLS support for MariaDB connections has been enabled for all services when using ProxySQL.

bootstrap-servers now always uses the system Python interpreter via auto_silent autodetection.

octavia-certificates now use the same Python interpreter as the one running the kolla-ansible command itself.

Adds support for running following services using uWSGI (without using Apache+mod_wsgi) which is enabled by default. To disable it please set <service>_wsgi_provider to apache (default is uwsgi):

Service

Variable

Heat

heat_wsgi_provider

Ironic

ironic_wsgi_provider

Octavia

octavia_wsgi_provider

Upgrade Notes¶

Changes haproxy and rabbitmq default trusted CA store path on EL systems to ca-bundle.crt from ca-bundle.trust.crt.

VMWare support for various OpenStack services (e.g. Nova, Cinder, Neutron) has been dropped due to removal in respective services and no development or new versions of third party libraries.

A fluentd Ansible role has been created and its deployment is not part of the common role anymore.

Deployments using a file-based external certificate and Let’s Encrypt for the internal certificate (separate VIPs) default to managing the external certificate with Let’s Encrypt. To retain a file-based external certificate, set letsencrypt_external_cert_server: "".

Bug Fixes¶

Fixes bug LP#2118452 which stopped the RabbitMQ upgrade from version 3.13 to 4.1 even though it is supported.

Fixes handler invocation failure in the ovs-dpdk role. LP#2088197

In the kolla-toolbox configuration with external rabbitmq an unnecessary “comma” is generated, which is why the container does not want to start. LP#2111267

Fixes invalid use of drain on single-node RabbitMQ setups by using stop_app instead. LP#2111916

Improves query routing in ProxySQL by setting default_hostgroup for all database users and by adding user-based routing rules in addition to schema-based rules. This enhancement also fixes incorrect routing of queries that are executed before a schema is selected, such as SET AUTOCOMMIT or ROLLBACK, which could otherwise be sent to a non-existent hostgroup. LP#2112339

Fixed certificate script rendering in Let’s Encrypt role. LP#2115230

Fixes configuration of backend TLS when network nodes are separate from controllers. LP#2117084

Fixes a bug where Cinder endpoint that Nova uses does not get overridden because of the use of invalid option. LP#2115064

Fixes the bug where Keystone become unable to start when the option OIDCXForwardedHeaders is set with empty string in wsgi-keystone.conf. LP#2119344

Fixes RabbitMQ version check which would always be skipped. LP#2102662

Fixes a bug where K-A can fail service deployment because it tries to copy backend TLS certificates of some hosts to containers when both hosts and containers are not part of backend TLS and do not have certificates to copy. LP#2105505

Allow operators to run kolla-ansible post-deploy without escalating privileges on the deploy node when node_config is writable for that user.

Restore the default Let’s Encrypt ACME server for external certificates so that enabling enable_letsencrypt works out of the box again without explicitly setting letsencrypt_external_cert_server. The default is https://acme-v02.api.letsencrypt.org/directory.

this page last updated: 2025-08-14 04:39:12

Creative Commons Attribution 3.0 License

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.