Zed Series Release Notes

18.0.0.0b1-379

New Features

  • Enable VeNCrypt authentication scheme from noVNC proxy to compute nodes. When using HTTPS, the TLS encryption only applies to data between the tenant user and proxy server. To provide protection from the noVNC proxy to the Compute Nodes, it is necessary to enable the VeNCrypt authentication scheme for VNC.

    A pre-existing PKI (Public Key Infrastructure) setup is required.

    Initially to help with the transition from unencrypted VNC to VeNCrypt, compute nodes auth scheme allows for both encrypted and unencrypted sessions using the variable nova_vencrypt_auth_scheme, this will be removed in future releases.

  • It is now possible to use NFS mountpoints with the role by using the nova_nfs_client variable, which is useful for using NFS for instance data and saves.

  • Implemented new variable connection_recycle_time responsible for SQLAlchemy’s connection recycling

  • The nova configuration is updated to always specify an LXD storage pool name when ‘nova_virt_type’ is ‘lxd’. The variable ‘lxd_storage_pool’ is defaulted to ‘default’, the LXD default storage pool name. A new variable ‘lxd_init_storage_pool’ is introduced which specifies the underlying storage pool name. ‘lxd_init_storage_pool’ is used by lxd init when setting up the storage pool. If not provided, lxd init will not use this parameter at all. Please see the lxd man page for further information about the storage pool parameter.

  • You can now set the Libvirt CPU model and feature flags from the appropriate entry under the nova_virt_types dictionary variable (normally kvm). nova_cpu_model is a string value that sets the CPU model; this value is ignored if you set any nova_cpu_mode other than custom. nova_cpu_model_extra_flags is a list that allows you to specify extra CPU feature flags not normally passed through with host-model, or the custom CPU model of your choice.

  • A new variable nova_ironic_console_type is added to enable the deployment of one of the nova console proxies in the ironic_console ansible group. The only supported setting at this time is disabled or serialconsole.

  • The service setup in keystone for nova will now be executed through delegation to the nova_service_setup_host which, by default, is localhost (the deploy host). Deployers can opt to rather change this to the utility container by implementing the following override in user_variables.yml.

    nova_service_setup_host: "{{ groups['utility_all'][0] }}"

  • Re-added nova_dhcp_domain variable that defaults to the dhcp_domain. When set to empty string, only the hostname without a domain will be configured for the instances.

  • Added variable nova_scheduler_extra_filters which allows to extend list of defaulted nova_scheduler_default_filters

  • New variables nova_glance_rbd_inuse and nova_glance_images_rbd_pool have been implemented that allows deployer to easily configure nova to retrieve glance images from RBD directly, if nova uses local storage for ephemeral drives.

  • The role now supports using the distribution packages for the OpenStack services instead of the pip ones. This feature is disabled by default and can be enabled by simply setting the nova_install_method variable to distro.

  • Support separate oslo.messaging services for RPC and Notifications to enable operation of separate and different messaging backend servers in nova.

Known Issues

  • With the release of CentOS 7.5, all pike releases are broken due to a mismatch in version between the libvirt-python library specified by the OpenStack community, and the version provided in CentOS 7.5. As such OSA is unable build the appropriate python library for libvirt. The only recourse for this is to upgrade the environment to the latest queens release.

Upgrade Notes

  • If your configuration previously set the libvirt/cpu_model and/or libvirt/cpu_model_extra_flags variables in a nova_nova_conf_overrides dictionary, you should consider moving those to nova_cpu_model and nova_cpu_model_extra_flags in the appropriate entry (normally kvm) in the nova_virt_types dictionary.

  • During upgrade your current Nova cell mapings will be converted to usage of the Template URLs. This means, that your changes of transport_url or [database]/connection in nova.conf will be reflected by nova-conductor in cells just after service restart, without need to explicitly run nova-manage cell_v2 update_cell.

  • String value of nova_scheduler_default_filters is converted to the list At the moment there is compatability for overriden values, that are string, but this support will be removed in the future releases. So deployers are recommended to replace their string overrides with list ones.

  • The default nova console type has been changed to novnc. Spice is still supported however due to novnc being more actively maintained it is now a better default option.

  • The following Nova tunables have been removed, users need to start using the nova_nova_conf_overrides dictionary to override them. If those values were not previously overridden, there should be no need to override them. - nova_quota_cores - nova_quota_injected_file_content_bytes - nova_quota_injected_file_path_length - nova_quota_injected_files - nova_quota_instances - nova_quota_key_pairs - nova_quota_metadata_items - nova_quota_ram - nova_quota_server_group_members - nova_quota_server_groups - nova_max_instances_per_host - nova_scheduler_available_filters - nova_scheduler_weight_classes - nova_scheduler_driver - nova_scheduler_driver_task_period - nova_rpc_conn_pool_size - nova_rpc_thread_pool_size - nova_rpc_response_timeout - nova_force_config_drive - nova_enable_instance_password - nova_default_schedule_zone - nova_fatal_deprecations - nova_resume_guests_state_on_host_boot - nova_cross_az_attach - nova_remove_unused_resized_minimum_age_seconds - nova_cpu_model - nova_cpu_model_extra_flags

  • The following Nova variables have been removed because they have no effect in the current release of Nova. - nova_max_age - nova_osapi_compute_workers - nova_metadata_workers

Deprecation Notes

  • Variable nova_glance_api_servers has been removed and has no effect due to corresponsive upstream api_servers being deprecated.

  • The PowerVM driver has been removed as it is not tested and it has been broken since late 2016 due to the driver name being renamed to powervm_ext instead of powervm.

  • The variable nova_compute_pip_packages is no longer used and has been removed.

  • The variable nova_requires_pip_packages is no longer required and has therefore been removed.

  • Variables nova_novncproxy_agent_enabled, nova_serialconsoleproxy_enabled and nova_console_agent_enabled are removed and won’t have any effect in the future. If you want to disable console functionality, set nova_console_type: disabled in your user_variables.yml

  • nova_pci_passthrough_whitelist is now deprecated in favor of nova_device_spec.

  • Variable nova_enabled_vgpu_types has been deprecated and is replaced with nova_enabled_mdev_types.

  • Variable nova_memcached_servers has been deprecated and replaced with nova_cache_servers that defaults to memcached_servers. For backpwards compatability nova_memcached_servers is still respected but will be removed in future releases.

  • nova-placement-api has been removed from the os_nova role, along with all nova_placement_* variables. Please review the os_placement role for information about how to configure the new placement service.

  • Variables nova_external_ssl and nova_secure_proxy_ssl_header have been removed since secure_proxy_ssl_header option from nova.conf they controlled has been deprecated and has no effect.

  • The rabbitmq server parameters have been replaced by corresponding oslo.messaging RPC and Notify parameters in order to abstract the messaging service from the actual backend server deployment. - nova_oslomsg_rpc_servers replaces nova_rabbitmq_servers - nova_oslomsg_rpc_port replaces nova_rabbitmq_port - nova_oslomsg_rpc_use_ssl replaces nova_rabbitmq_use_ssl - nova_oslomsg_rpc_userid replaces nova_rabbitmq_userid - nova_oslomsg_rpc_vhost replaces nova_rabbitmq_vhost - nova_oslomsg_notify_servers replaces nova_rabbitmq_telemetry_servers - nova_oslomsg_notify_port replaces nova_rabbitmq_telemetry_port - nova_oslomsg_notify_use_ssl replaces nova_rabbitmq_telemetry_use_ssl - nova_oslomsg_notify_userid replaces nova_rabbitmq_telemetry_userid - nova_oslomsg_notify_vhost replaces nova_rabbitmq_telemetry_vhost - nova_oslomsg_notify_password replaces nova_rabbitmq_telemetry_password

  • The nova-lxd driver is no longer supported upstream, and the git repo for it’s source code has been retired on the master branch. All code for deploying or testing nova-lxd has been removed from the os_nova ansible role. The following variables have been removed:

    • nova_supported_virt_types ‘lxd’ list entry

    • nova_compute_lxd_pip_packages

    • lxd_bind_address

    • lxd_bind_port

    • lxd_storage_backend

    • lxd_trust_password

    • lxd_storage_create_device

Bug Fixes

  • Fixes a file descriptor leak which may impact services which use the oslo.messaging RabbitMQ heartbeat mechanism.

  • Fixes the absence of libvirtd.service on compute nodes. With CentOS upgrading the libvirt version to 9.3.0, they do not install libvirt-deamon as a dependency to libvirt-deamon-kvm anymore. libvirt-deamon is installed explicitly now.

  • In order to prevent further issues with a libvirt and python-libvirt version mismatch, KVM-based compute nodes will now use the distribution package python library for libvirt. This should resolve the issue seen with pike builds on CentOS 7.5.

  • Fixed behaviour of variable nova_spice_console_agent_enabled. It can be safely used now to disable spice agent when needed.

Other Notes

  • Set new default values for db pooling variables which are inherited from the global ones.