2025.1 Series Release Notes

20.0.0

New Features

• Adds aarch64 iPXE support to the ironic-pxe image, by adding ipxe-bootimgs-aarch64 RPM package to Rocky Linux ironic-pxe images, and ensuring that an aarch64 iPXE binary is available in Ubuntu ironic-pxe images. No support for aarch64 iPXE in Debian images is included, as the distro packages do not install an aarch64 binary.

• Adds a support for external account binding (EAB) in Let’s Encrypt.

• Extends the support of externally-managed projects provided by the --docker-dir option with an ability to use configure_user jinja2 macros like Kolla built-in projects. The operator should specify “non-default” user details with <custom_user_name>-user configuration section and include info for uid and gid at least.

• Updated the contents of Python package options in documentation to reflect latest customisation methods.

• Added ESP image needed for UEFI virtual media boot. More context in Ironic documentation.

• Improves logging format of kolla containers by adding timestamps with milliseconds, log levels, and a custom date format.

• Add support for patching container images during build. See the build guide for details.

• Upgrade Let’s Encrypt lego from version to version v4.20.4 for better handling of custom ACMEs and general improvements. Changelog: https://github.com/go-acme/lego/compare/v4.15.0…v4.20.4

• Updates Prometheus version to v3.2.1. Also, switches back to the prometheus-server generic image name by removing the v2 part.

Known Issues

• libnetfilter_log, which is required in neutron-l3-agent when fwaas_v2_log is enabled, is not available in official rpm repos and enabling this feature on rpm platforms will prevent neutron-l3-agent from running.

Upgrade Notes

• Kolla toolbox is now using ansible-core 2.18

• The use of UPPER_CONSTRAINTS_FILE environment variable was moved from base_pip_conf block in base Dockerfile to kolla_toolbox_pip_conf block in kolla-toolbox Dockerfile as the environment variable now only affects Kolla-toolbox build. Bifrost python upper-constraints now follows openstack-base’s python upper-constraints instead of UPPER_CONSTRAINTS_FILE environment variable.

• Debian container image builds now use Dalmatian (2024.2) repositories of Debian OpenStack.

• Users who parse Docker container logs should take into account that for example INFO:__main__:Validating config file is now YYYY-MM-DD HH:MM:SS.fff INFO Validating config file.

• RabbitMQ version has been upgraded to 4.0.

• Update Prometheus services to latest releases:

  • prometheus-alertmanager: 0.28.0 -> 0.28.1

  • prometheus-blackbox-exporter: 0.24.0 -> 0.25.0

  • prometheus-cadvisor: 0.49.1 -> 0.49.2

  • prometheus-elasticsearch-exporter: 1.7.0 -> 1.8.0

  • prometheus-memcached-exporter: 0.14.2 -> 0.15.0

  • prometheus-mtail: 3.0.0-rc54 -> 3.0.8

  • prometheus-mysqld-exporter: 0.15.1 -> 0.16.0

  • prometheus-node-exporter: 1.7.0 -> 1.8.2

  • prometheus 2.50.1 -> 2.55.1

  This upgrade migrates to a new TSDB format which is compatible with Prometheus v3.

• Prometheus will be upgraded from v2 to v3 - which introduces minor breaking changes. Make sure there’s version 2.5.5 or later running before attempting an upgrade. Read the official migration guide for more details: https://prometheus.io/docs/prometheus/3.0/migration/.

• uwsgi and uwsgi-plugin-python3 installation has been moved from barbican-base image to openstack-base.

Deprecation Notes

• Building bifrost-deploy container image has been deprecated, in favor of a new ironic standalone deployment using ironic container images that will be implemented in kolla-ansible in the next cycles.

• swift images have been deprecated for removal in 2025.2.

Bug Fixes

• Fixes the inconsistency issue between config.json and real state in the container. LP#2060855

• Python3-pip installs the dependent package tzdata and blocks the mount of the /etc/localtime file in docker. LP#2091161

• Removes Git remote URLs after cloning to prevent credential exposure. LP#2098904

• Ensure that ipxe-snponly-aarch64.efi is available in /tftpboot in Centos and Rocky after bootstrapping ironic-pxe.

• libnnetfilter_log has been added to deb platforms in order to support the fwaas_v2_log feature in neutron l3 agent.

• Fixes a bug with Thales Luna HSM deployments. The new client software version requires the use of a specific group called “hsmusers”, and for consistency reasons, we are specifying both, the user id and the group id, and inserting the Barbican username inside of such a group. More information can be found at LP#Luna

• Remove the gnocchixyz-gnocchi-datasource plugin from grafana due to angular plugins being deprecated

• Fixes ironic-conductor missing mtools package.