Zed Series Release Notes

18.0.0.0b1-233

New Features

  • Implemented openstack_hosts_package_manager_extra_conf variable. It allows to add extra content into package manager’s configuration (works with apt,yum and dnf).

  • A new variable centos_mirror_url is introduced to the openstack_hosts role to allow a single deployment wide variable to control the location of the centos package mirror.

  • Added variable openstack_host_custom_hosts_records that allows deployer to add custom records to /etc/hosts file. It’s structure a simple list where each element is a string wich should be placed to /etc/hosts.

  • In deployments where a separate host is used to manage the OpenStack Ansible configuration, the ‘/etc/hosts’ file on that host will now include a section adding hostname to IP resolution for all hosts in the inventory. This can be enabled/disabled via ‘openstack_host_manage_deploy_hosts_file’.

  • A new variable openstack_hosts_apt_pinned_packages is added which allows deployment wide apt pins to be defined in user_variables. The variable defaults to pinning the UCA repository to a priority lower than the Ubuntu repositories for any binary packages generated from the ceph source package. The intention is to ensure that Ceph packages are always installed from the Ubuntu repositories, or alternatively the official ceph repositories if the ceph_client role is run later against a host. The ceph packages for a particular openstack release may not be the same version as those expected by the rest of openstack-ansible so this change ensures consistency in the deployed ceph version.

  • New variable openstack_ca_bundle_path has been added which defines the path to the ca-bundle certificate which contains all system-trusted CA and will be used by the Python Requests module.

  • Added variable openstack_systemd_global_overrides that defines some defaults for all systemd services. It will be deployed to all hosts and containers, but can be controlled with group_vars or host_vars as well if needed.

  • Added variable keepalived_sysctl_tcp_retries that allows to control number of retries kernel will make to give up on connection. It controls net.ipv4.tcp_retries2 sysctl setting which default value of which is 15. Default value of keepalived_sysctl_tcp_retries is 8, so VIP failover time will be ~1min. Setting keepalived_sysctl_tcp_retries to 0 will remove mentioned sysctl setting.

  • Deployers may require custom CA certificates installing on their openstack hosts or service containers. A new variable openstack_host_ca_certificates is added which is a list of certificates that should be copied from the deploy host to the target hosts. Certificates may be selectively deployed by defining the variable either in user_variables.yml or via host/group vars.

Known Issues

  • Where a single OSA deploy host is used to manage multiple deployments, some delegated Ansible tasks are performed using hostnames rather than IP addresses due to Ansible issue 72776. Hostnames such as ‘infra1’ will be ambiguous, so use of separate hosts for each deployment is recommended.

  • Ubuntu Cloud Archive (UCA) does not contain Ubuntu Bionic distro packages for Victoria, so only source install/upgrade path (default) will work correctly for Ubuntu 18.04.

Upgrade Notes

  • Variable uca_repo has been removed. Deployers are appreciated to use user_external_repos_list instead if they want to define extra repository Variable uca_apt_repo_url was renamed to apt_repo_url in order to correspond it’s usage as it also affect Debian deployments now.

  • Generation of records for /etc/hosts is now made with blockinfile ansible module. During upgrade you will have records doubled in yours /etc/hosts as we don’t drop previously created records for safety reasons if openstack_host_manage_hosts_file is set to true.

  • In order to accomodate Centos-8 Stream support, it is necessary require the minimum version of Centos-8 Classic to be 8.3. There are breaking changes between Stream and Classic versions prior to 8.3 which break ansible code that detects major/minor versions of Centos. Before upgrading to Wallaby, deployers should ensure that their Centos hosts are updated to 8.3.

  • Existing use of the variable openstack_hosts_centos_mirror_url will continue to work as in previous releases, but the new variable centos_mirror_url can be used to define the mirror location for the whole deployment.

  • CentOS/Rocky linux deployments will get major update of OVS version from 2.17 to 3.1 and OVN from 22.12 to 23.03. RDO has stopped building packages for previous OVS/OVN versions which means they will not recieve any upstream bugfixes or security patches.

    If you still want to preserve old versions of OVS/OVN, you can define a following variable:

    openstack_hosts_package_repos:
      - name: rdo-deps
        file: rdo-deps
        description: rdo-deps
        baseurl: "{{ openstack_hosts_rdo_deps_url }}"
        gpgcheck: no
        module_hotfixes: yes
        exclude:
          - '*rdo-openvswitch*3.1*'
          - '*rdo-ovn*3.1*'
    
  • Deployments which follows distro path (services are installed from distro packages rather then in virtualenvs) should upgrade Ubuntu 18.04 -> 20.04 before performing OpenStack Ussuri -> Victoria upgrade, since Ubuntu Cloud Archive does not provide Victoria system packages for 18.04.

  • The new variable openstack_hosts_apt_pinned_packages is added to the openstack_hosts ansible role and sets the value of apt_pinned_packages for the apt_package_pinning role run as a dependancy of the openstack_hosts role. Existing use of the apt_pinned_packages variable by deployers in user_variables should be reviewed to ensure that those pins are applied by the intended ansible roles, and swapped to this new variable if necessary.

Deprecation Notes

  • Since certificates and CA distribution are now handled with PKI role, variable openstack_host_ca_location has been deprecated and removed.

Bug Fixes

  • After adding localhost to inventory explicitly this resulted in potential FQDN change due to adding a record for localhost into managed block inside /etc/hosts file. This is now fixed and record for 127.0.0.1 will be removed from managed by Ansible blocks inside /etc/hosts file.

Other Notes

  • Code which added ‘Acquire::http:No-Cache true’ to the host and container apt preferences when http proxy environment variables were set has been removed. This setting is only required when working around issues introduced by badly configured http proxies. In some cases proxies can improperly cache the apt Releases and Packages files leading to package installation errors. If a deployment is behind a badly configured proxy, the deployer can add the necessary apt config fragment as part of host provisioning. OSA will replicate that config into any containers that are created. This setting can be removed from existing deployments if required by manually deleting the file /etc/apt/apt.conf.d/00apt-no-cache from all host and containers.