Current Series Release Notes

31.0.0.0b1-75

New Features

  • Added support for defining custom error files using haproxy_errorfiles. These files can be distributed alongside haproxy_static_files_extra.

Known Issues

  • It was discovered that LXC 5.0.3 in Ubuntu 24.04 (Noble Numbat) contains packaging issue resulting in apparmor profiling conflicts. A temporary workaround has been applied in lxc_hosts role to apply a hotfix to the profile. However, it will be wiped with the next update of liblxc-common package. Please, check the bug #2110635 for more details on the issue.

  • On Ubuntu 24.04 (Noble Numbat) Ceph packages are available only from native repository or Ubuntu Cloud Archive. Thus, version selection for Ceph is not available at the moment and Ceph Squid (19.2.X) is being the only available option. This is a subject to change whenever a community repository will start building packages for Ubuntu 24.04.

Upgrade Notes

  • Docker mode for zun-compute has been switched to “local” mode. This means, that supporting etcd cluster is no longer required for Zun to operate. If you want preserve old behavior, you will need to pin Docker and Containerd versions back along with adding zun_docker_kv_storage: etcd to user_variables.yml

  • For deployments with Zun, underlying software versions were upgraded to: * Docker 20.10.24 -> 27.5.1 * Containerd 1.6.20 -> 1.7.27 * Kata 3.1.0 -> 3.16.0

Deprecation Notes

  • Variables zun_docker_kv_storage and zun_docker_kv_group were deprecated and will be removed in the next release.

  • The horizon_default_role_name (default member) Keystone role existence is no longer ensured by the Horizon role. It is expected that the role defined by horizon_default_role_name already exists in Keystone and was bootstrapped via keystone-bootstrap command during os_keystone execution. You can leverage opestack.osa.openstack_resources playbook to create extra roles if you need/want to use non-default value for the horizon_default_role_name variable

Bug Fixes

  • os_neutron role was ignoring actual exit code of aa-disable command, when it was exiting abnormally. It could result in unobvious failures later in neutron agents. This was fixed and the role will fail if aa-disable fails to disable required apparmor profiles instead of suppressing the issue.

  • With change of policy regarding stored versions of MariaDB in mirror.mariadb.org, currently pinned MariaDB versions were removed from the repo. With a switch to archive.mariadb.org, this should resolve failing installation for MariaDB.

Other Notes

  • Mirror for MariaDB has been switched to archive.mariadb.org

31.0.0.0b1

Prelude

In order to support efforts on aligning Cinder service type naming across various deployments and move on from version-specific service type to a generic one, a Cinder service will be named as block-storage from now on, which will be reflected in Keystone service catalog and endpoints. Please check upgrade notes for more details.

Implemented a standalone role httpd for Apache Web Server (HTTPD) configuration that aims to be included in various roles that require Apache2 (i.e. keystone, horizon, skyline, etc).

New Features

  • Allow the definition of a custom sysctl config path through openstack_sysctl_file and/or haproxy_sysctl_file. Defaults to /etc/sysctl.conf to retain backwards compatibility.

  • Created a common httpd role to unify approach for managing Apache2 instalaltion and configuration across roles. Role is written in relatively agnostic way and should be suitable for usage outside of OpenStack-Ansible deployments as well.

  • Added variable repo_server_directory_root which by default points to /var/www/repo and used instead of repo_service_home_folder as Apache DirectoryRoot for the virtual host.

  • Keys for static_routes were liberalized and now can accept any parameter supported by [Route] section of systemd-networkd.

  • Implemented flag network_overrides_only which is applicable to systemd_networks. When this flag is used no .network or .link defenition is created - only {{ filename }}.network.d/overrides.conf configuration file, which contains arbitrary data from config_overrides This can be used to extend existing interface configuration, which is not managed by the role directly (ie managed through netplan).

  • Added routing_rules to manage routing policy rules for the network interface. It is a list of mappings, where each mapping accept keys applicable for section RoutingPolicyRule of systemd.network. You can check documentation for systemd.network for more details.

  • Implemented TLS encryption for the communication between Load Balancer (HAProxy) and Skyline backends if openstack_service_backend_ssl is set to True.

Upgrade Notes

  • Please, beware that behavior for defining resulting content for pipeline.yaml in Ceilometer has changed. Now, _ceilometer_pipeline_yaml_overrides is going to be applied to all environments which do not have ceilometer_pipeline_user_content explicitly supplied. Prior behavior can be ensured by adding _ceilometer_pipeline_yaml_overrides: {} to user_variables.yml.

  • In order to align with recommendations on Cinder service naming, os_cinder role will introduce a new service in catalog named cinder of type block-storage and corresponding set of endpoints representing them. Upgrade script will create a new file /etc/openstack_deploy/user_epoxy_upgrade.yml with defining cinder_service_v3_enabled: true which aims to keep old version-based service type and endpoints intact. If you want to remove old versioned-based endpoints and service type from catalog you may simply undefine that variable, as it is False by default.

    All new deployments will not have cinderv3/volumev3 service unless cinder_service_v3_enabled: true is defined.

  • The os_skyline role was switched to using a standalone httpd role from the in-role httpd deployment.

  • The repo_server role was switched to using a standalone HTTPD role from the in-role HTTPD deployment.

  • In case of using custom path for the repo server vhost, please ensure to use repo_server_directory_root variable instead of repo_service_home_folder.

  • Following keys for static_routes list were renamed in order to match with options available in systemd-networkd configuration files:

    • cidr -> Destination

    • gateway -> Gateway

    While backwards compatability was kept, it’s highly recommended to use new keys as support for old key names will be removed in the future.

  • A ml2.lxb (linuxbridge) plugin has been removed from Neutron for this release and can not be used anymore. Please, ensure migrating to supported Neutron driver before proceeding with the upgrade to this OpenStack version. Unfortunatelly, there is no currently existing automation for such migration. You can reffer to the blog post Migrating from LinuxBridge to OVN to learn more on how such migrations were achieved previously.

  • A uWSGI for Neutron has been disabled again by default in favor of eventlet server. This also stops and disables following services needed for uWSGI mode:

    • neutron-periodic-workers

    • neutron-ovn-maintenance-worker

    • neutron-rpc-server

  • Any deployments using the amqp1 oslo.messaging driver should be migrated to use the default rabbitmq oslo.messaging driver. Previously deprecated support for amqp1 has been removed from oslo.messaging for the Epoxy release, see https://review.opendev.org/c/openstack/oslo.messaging/+/934116. Accordingly, support for amqp1 messaging and deployment of qdrouterd has been removed from OpenStack-Ansible. A migration away from amqp1 is required before any upgrade of OpenStack-Ansible to the Epoxy release. qdrouterd can be removed entirely from the deployment and ansible inventory once the migration to rabbitmq is complete.

Deprecation Notes

  • In order to accomplish Cinder service naming alignment we had revised our prior decision on deprecating following variables, which was introduced previous cycle. Following variables should NOT be considered as deprecated anymore:

    • cinder_service_description

    • cinder_service_publicuri_proto

    • cinder_service_adminuri_proto

    • cinder_service_internaluri_proto

    • cinder_service_type

    • cinder_service_publicuri

    • cinder_service_adminuri

    • cinder_service_internaluri

  • Usage of version-based (cinderv3/volumev3) endpoints and service type for Cinder is considered as a deprecated behaviour and will be removed in the future.

  • Variables for the repo_server role related to Apache (HTTPD) configuration, like repo_apache_*, as well as some repo_pki_ and repo_ssl_* were deprecated and have no effect now on due to migration to a standalone httpd role. Please, reffer to the httpd role for more details on how to manage deprecated settings.

  • Previously marked as experimental by Neutron linuxbridge (ml2.lxb) plugin has been removed from the codebase. Please make sure that you are using supported driver before upgrade.

  • Use of amqp1 messaging, previously deprecated in oslo.messaging is not supported in the Epoxy release of OpenStack-Ansible. The previously supported provider of amqp1 messaging, qdrouterd, can no longer be deployed using the OpenStack-Ansible playbooks.

Critical Issues

  • Previously marked as experimental by Neutron linuxbridge (ml2.lxb) plugin has been removed from the codebase. Please make sure that you are using supported driver before upgrade.

Bug Fixes

  • Logic for applying enchanced pipelines for Ceilomter+Gnocchi has been fixed. Now sinks and tranformation overrides defined in pipeline.yaml will be populated with content when operator did not supply any custom content, instead of applying them on top of it.

  • A bug #2096937 related to HashRing generation has been reported when using uWSGI with Neutron. In order to quickly address the bug, uWSGI mode has been disabled again by default for Neutron until a proper fix is provided for uWSGI.

Other Notes

  • Scripts openstack-ansible-inventory-manage and openstack-ansible-inventory are now symlinked to /usr/local/bin and should be available for standalone execution.

30.0.0.0rc1

Prelude

Behavior of rabbitmq_upgrade variable has changed. It no longer can be used to reset the cluster state. It now acts solely as a flag to perform a rolling-upgrade of the existing cluster.

New Features

  • Added a variable rabbitmq_erlang_package_version that can be used to define an erlang version being used when external_repo is used as package source.

  • The neutron firewall-as-a-servie dashboard will be automatically deployed if the FWaaS service is enabled. FWaaS is now an active deliverable again fron the Neutron project.

  • RabbitMQ version is upgraded to a new major version 4.0

Upgrade Notes

  • uWSGI has been re-enabled by default for Neutron one more time. With that new services are introduced which should ensure adequate functionality of Neutron when uWSGI is being used.

    • neutron-periodic-workers service is enabled for all drivers when WSGI is being used. It runs along with previously existing neutron-rpc-server

    • neutron-ovn-maintenance-worker service is added only if ml2.ovn is being used as neutron_plugin_type. The service will be enabled and running only when WSGI is used for Neutron neutron_use_uwsgi is set to True

  • If you are using Ubuntu 22.04 Jammy Jellyfish and install_method: distro please make sure to disable neutron_use_uwsgi as required binaries for this mode to work are missing from packages for this distro.

  • Please, make sure you are running RabbitMQ version of 3.13 before proceeding with the upgrade. In case you RabbitMQ version is lower then 3.13 upgrade to 4.0 will fail. You can run upgrade to 3.13 with same version of role by supplying variable rabbitmq_package_version during runtime, for example: openstack-ansible openstack.osa.rabbitmq_server -e rabbitmq_upgrade=true -e rabbitmq_package_version=3.13.7-1 and then re-running upgrade normally to 4.0.

Deprecation Notes

  • Following deprecated variables were removed and have no effect:

    • cinder_service_v2_name

    • cinder_service_v2_port

    • cinder_service_v2_proto

    • cinder_service_v2_type

    • cinder_service_v2_description

    • cinder_service_v2_publicuri

    • cinder_service_v2_publicurl

    • cinder_service_v2_adminuri

    • cinder_service_v2_adminurl

    • cinder_service_v2_internaluri

    • cinder_service_v2_internalurl

  • Following variables were deprecated and removed in favor of their analogues

    • cinder_service_description -> cinder_service_v3_description

    • cinder_service_publicuri_proto -> cinder_service_v3_publicuri_proto

    • cinder_service_adminuri_proto -> cinder_service_v3_adminuri_proto

    • cinder_service_internaluri_proto -> cinder_service_v3_internaluri_proto

    • cinder_service_type -> cinder_service_v3_type

    • cinder_service_publicuri -> cinder_service_v3_publicurl

    • cinder_service_adminuri -> cinder_service_v3_adminurl

    • cinder_service_internaluri -> cinder_service_v3_internalurl

    • cinder_service_v3_port -> cinder_service_port

    • cinder_service_v3_proto -> cinder_service_proto

  • Variable rabbitmq_erlang_version_spec has been deprecated and does not have any effect anymore. Please, use rabbitmq_erlang_package_version instead.

  • Variable haproxy_tls_vip_binds has been renamed to haproxy_vip_binds to better reflect variable purpose. Old variable name is still respected but it’s usage is descouraged and old naming will be removed in the future.

Bug Fixes

  • Issues with uWSGI mode for Neutron has been addressed and uWSGI be used for the service.

Other Notes

  • Supplying rabbitmq_upgrade=true no longer re-initialize cluster and will perform regular rolling upgrade of the RabbitMQ cluster.