Known Issues¶

• NTP configuration was missing from infrastructure VMs becauseinfra-vmswas not present under the[ntp] group. Operators should ensure the mostrecent upstreamkayobe-config is merged into their local configurationto resolve this issue.

Bug Fixes¶

• Fixes generation of Bifrost host variable files whenipv4_gateway isundefined.LP#2133489

Upgrade Notes¶

• The default bootstrap user has been changed tocloud-user ifos_distribution is set tocentos. Set*_bootstrap_uservariables tocentos to retain existing behaviour.

Bug Fixes¶

• The default bootstrap user has been changed tocloud-user ifos_distribution is set tocentos, to match official cloud images.

• Fixes issue when Bifrost hostvars file incorectly generated by Kayobe.LP#2045927

• Fixes a regression in network connectivity check when using theno_ipattribute.LP#2125560

New Features¶

• Theneutron-bgp-dragent container will now be built by default whenkolla_enable_neutron_bgp_dragent is true.

Upgrade Notes¶

• Deployments using Juniper Junos OS switches are required to update theirconfiguration according toJuniper Junos OS documentation.This is due to thejunos_config module dropping support for theprovider parameter.

Bug Fixes¶

• Fixes physical network configuration for Juniper Junos OS switches.Note that users are required to update their configuration according toJuniper Junos OS documentation.LP#2111341

• Fixes duplicateOS_CACERT lines inpublic-openrc.sh when both adminand public cacert variables are set.LP#2116318

• Fixes configuration of backend TLS when network nodes are separate fromcontrollers.LP#2117084

• Fixes wrong name ofgpgkey used for EPEL repositories whendnf_use_local_mirror is enabled.LP#2119921

• Fixes an issue where incorrect network-data.json wouldbe generated when interfaces without IP addresses areattached to infrastructure VMs.LP#2118403

• Fixes failure to activate SR-IOV on GPU devices by bumping thestackhpc.linux collection to v1.3.4.

• Fixes support for empty strings in thedev-tools package lists. Thisallows using expressions such as{{'foo'ifos_distribution=='rocky'else''}}.LP#2115000

• Fixes network connectivity check when a subset of hosts have theno_ipproperty set via group or host variables.LP#2120918

New Features¶

• Adds a new dev scriptdev/rabbitmq-migrate-queues.sh that will enablequorum queues and migrate RabbitMQ to use these.

• Deploying and destroying infrastructure VMs is now significantly fasteras only the required variables are passed to the relevant tasks as opposedto the entire collection of hostvars for each VM.

• Adds support for Ubuntu Noble Numbat (24.04) LTS as a host and containerOperating System for seed, seed hypervisor and overcloud hosts.

Upgrade Notes¶

• Theopenstacksdk_upper_constraints_file variable now defaults to thevalue ofpip_upper_constraints_file. Setopenstacksdk_upper_constraints_file to"https://releases.openstack.org/constraints/upper/{{openstack_release}}" if you want to retain existing behaviour.

• Updates the default cloud image for CentOS Stream 9 deployments to useCentOS-Stream-GenericCloud-9-latest.x86_64.qcow2.

Bug Fixes¶

• Ensure theOS_SYSTEM_SCOPE environment variable is present inopenstack_auth to prevent authentication issues occurring inbaremetal-compute playbooks.LP#2111103

• Fixespublic-openrc.sh missing theOS_CACERT variable when absentfromadmin-openrc.sh.LP#2110549

• Bumps the MichaelRigart.interfaces role to v1.15.4 to fix compatibilitywith CentOS Stream 9 due to changes in theiproute package.

• Bumps thestackhpc.libvirt-vm role to v1.16.3 to fix seed and infra VMprovisioning failures on Rocky Linux 9.6.

• Fixes an issue building images with a regex when no image registry is setLP#2112646

• Fixesipa_kernel_options_default whenipa_collect_lldp is set tofalse.LP#2110505

• Fix a bug where netplan packages are not fully removed resulting generatednetwork configurations are not getting applied withhostconfigurecommands. ‘LP#2103794 <https://bugs.launchpad.net/kayobe/+bug/2103794>’__

• Bumps MichaelRigart.interfaces to fix an issue wherekayobeovercloudhostconfigure would fail to template during the networking tasks onRocky hosts, with the errorCouldnotload"ipaddr".LP#2107335

• Fixes an issue on boot where vgpu devices would fail to start due to a racecondition in the startup logic. SeeLP#2102153 for moredetails.

• Adds aname field to elements ofapt_repositories, which specifiesthe name of the repository file (without the.sources suffix). Thedefault value of this field iskayobe and it may be omitted. The usercan override the default by providing a different name, such asubuntu,and new repository data. This way, the default file,/etc/apt/source.list.d/ubuntu.sources, will be overwritten by theprovided repository configuration.LP#2107280

New Features¶

• Supports forcing time synchronisation after configuringchrony ifntp_force_sync is changed toTrue.

Bug Fixes¶

• Bumps the MichaelRigart.interfaces role to v1.15.3 to fix an issue whereNetworkManager was not restarted before bouncing network interfaces.LP#2100792

New Features¶

• Adds variables to configure authentication parameters in theimage-download role, which is used to download IPA images. The newvariables areimage_download_url_username,image_download_url_password,image_download_force_basic_auth andimage_download_unredirected_headers. See documentation of theget_urlanduriAnsible modules for more details on how to use these variables.

Bug Fixes¶

• Fixes an issue where task ‘ensure ironic nodes use the new IronicPython Agent (IPA) images` fails with ‘dict object’ has noattribute ‘deploy_kernel’.<https://bugs.launchpad.net/kayobe/+bug/2083014>`__.

• Fixes a bug where non-overcloud hosts would show up in the confirmationprompt forkayobeoverclouddeprovisionLP#2091703

• Fixes an issue where slave interfaces would not be brought back up whenbouncing the master interface.LP#2072340.

New Features¶

• Adds the internal VIP to the NOPROXY/noproxy environment variables.

• Adds support for using Cumulus switches (NCLU and NVUE) with NetworkingGeneric Switch.

Upgrade Notes¶

• Bumps thestackhpc.linux collection to 1.3.0. Note this versionusessystemd to activate virtual functions. Thischange is restricted to thestackhpc.linux.sriov role, which is notused by Kayobe. If a custom playbook uses this role, you can retainexisting behaviour by settingsriov_numvfs_driver toudev.

Security Issues¶

• When running API requests from a host configured with kayobe, trafficdestined for the internal VIP is sent via the default proxy. This can be asecurity issue if not using TLS as the proxy will be able to intercept thetraffic. If using an untrusted proxy, with TLS disabled on the internalVIP, it is recommended that you runkayobeovercloudhostconfigure-tproxy,kayobeseedhypervisorhostconfigure-tproxy,kayobeseedhostconfigure-tproxy, andkayobeinfravmhostconfigure-tproxy,to add the internal VIP to the no proxy configuration. This is considered aminor issue as traffic between containers will not use the proxy bydefault.LP#2087556

Bug Fixes¶

• Fixes IPA and host image build failures when Git was not installed on thebuild host.LP#2058922

• Theproxysql image is now built whenkolla_enable_proxysql is settotrue.

• Updates the group and mode set on the/var/log/journal directory tomatch default ownership and permissions used bysystemd-journald.LP#2083494

• Fixes generation of kernel parameters when the GRUB_CMDLINE_LINUX_DEFAULTvariable is absent from/etc/default/grub.LP#2083874.

• Pin requirements for IPA image build to ensure that theironic-libversion matchesironic-python-agent.LP#2089263

• Changes the default cloud image for seed and infra VMs to use Rocky Linux9.3 when usingbios boot mode, to fix boot failures with newer cloudimages. When deploying new VMs, it is recommended to setinfra_vm_boot_firmware andseed_vm_boot_firmware toefi.

• Fixes an issue when using overcloud Ironic with a shared Ansible controlhost. The use of a shared cache directory could lead to a failure todownload Ironic Python Agent (IPA) images.LP#2069845

New Features¶

• Adds support for specifyingboot_firmware andmachine variables toseed and infra VMs. This can be used to launch VMs in UEFI boot mode withQ35 machine type.

• Bumps stackhpc.libvirt-vm Ansible role tov1.16.1.

Bug Fixes¶

• eos_config does not support theprovider parameter since Ansible 7.Users are required to update their configuration according toArista EOSdocumentation.

• Fixes a bug where systemd-networkd was not permanently enabled when theunit was already in stateruntime-enabled.LP#2073100

New Features¶

• Adds the commandkayobebaremetalintrospectiondatasave to save thehardware introspection data gathered bykayobebaremetalcomputeinspect.

• Adds a new variablekolla_build_neutron_ovs which gives users theoption to build Neutron OVS container images while the system is using OVN.This is useful when users want to build all Neutron container images at thesame time.

• Configures journald to use a persistent storage by default. This allows youto keep journald logs across reboots and is controlled by thejournald_storage variable. SeeKayobe documentation for more details.

• Adds the commandkayobeseedservicedestroy. This can be used to cleanup all services on the seed host. Caution is advised when using this commandas it will delete all of the data on the seed.

• Adds support for auth configuration for Apt respositories and proxies usingauth.conf files.

• This patch adds experimental functionality to enroll baremetal nodes intoIronic using Kayobe via a new playbookbaremetal-compute-register.ymland addskayobebaremetalcomputeregister into the Kayobe CLI.

• kayobeoverclouddeprovision now requires confirmation before any hostsare deprovisioned. Automatic confirmation can still be achieved by settingconfirm_deprovision toyes.

• Adds support for specifying credentials (username and password) for customDNF repositories.

• Adds support for defining custom playbook hooks in Kayobe environments.

• kayobekollaansiblerun will now generate Kolla-Ansible configurationbefore the command is run. You can use--skip-tagskolla-openstack toskip this for commands that do not require the kolla config.

• Adds support for setting the max fail percentage for Ansible plays viakayobe_max_fail_percentage. It can also be set on a per-playbook basis,e.g.time_max_fail_percentage.

• Adds support for specifying IP policy-based routing rules using thedict-based format on CentOS Stream and Rocky Linux systems. Thestring-based format is still supported on these systems.

• Adds new Redfish rules to Ironic and Bifrost introspection. The followingvariables are added:

  • inspector_rules_redfish_enabled

  • inspector_redfish_username

  • inspector_redfish_password

  • inspector_rule_var_redfish_verify_ca

  • inspector_rules_ipmi_enabled

  • kolla_bifrost_inspector_redfish_username

  • kolla_bifrost_inspector_redfish_password

• Custom telegraf configuration is now supported. SeeKayobe documentation onconfiguring kolla-ansible services.

Upgrade Notes¶

• Updates the maximum supported version of Ansible from 8.x (ansible-core2.15) to 9.x (ansible-core 2.16). The minimum supported version is updatedfrom 7.x to 8.x. This is true for both Kayobe and Kolla Ansible.

• Bumpsstackhpc.linux collection to 1.2.0 to include new roles. Addsstackhpc.network andstackhpc.openstack collections torequirements. Refactors invocation of the roles moved into collectionsmentioned above, and updates the documentation - role names and outdatedAnsible Galaxy documentation links.

• kayobeoverclouddeprovision now requires confirmation before any hostsare deprovisioned. Automatic confirmation can still be achieved by settingconfirm_deprovision toyes.

• Support for deploying Murano has been dropped.

• Support for deploying Sahara has been dropped.

• Support for deploying Senlin has been dropped.

• Support for deploying Solum has been dropped.

• Support for deploying Vitrage has been dropped.

• kayobekollaansiblerun will now generate Kolla-Ansible configurationbefore the command is run. You can use--skip-tagskolla-openstack toskip this for commands that do not require the kolla config.

• Support for thedevicemapper Docker storage driver is removedfollowing its removal from Docker Engine 25.0. Operators usingdevicemapper should migrate to a supported storage driver beforeupdating Docker to 25.0 or later.

• Support for deploying Freezer has been dropped.

Bug Fixes¶

• Added fix for the custom RabbitMQ configuration. Fixed incorrect path andglob, so now you can template also all other configuration files such asadvanced.config,definitions.json,enabled_plugins, anderl_inetrc together withrabbitmq.conf andrabbitmq-env.conf.

• Fixes an issue where Dell OS6 and Dell OS9 switch configuration was notapplied correctly.LP#2061102.

• letsencrypt andhaproxy-ssh images are now built whenkolla_enable_letsencrypt is set totrue.

• Fixes issue of ironic files being left behind after node deprovision whichprevents it from being enrolled and provisioned again.

• Fixes default Ubuntu Apt keyrings location to the recommended/etc/apt/keyrings.

• Fixes gateway assignment when seed SNAT is disabled. In this circumstanceBifrost was generating ConfigDrive data with the default gateway unset evenwhen one is available on the admin network.

• Fixes the bug where /etc/hosts was not populated correctly when runningKayobe using a host limit.LP#2051714

• Fixes issue building container images when docker registry contained aport. SeeLP#2054715for more details.

• Fixes an issue with overcloud service destroy where it failed to remove theinspection store docker volume. SeeLP#2050092.

• Fixes bugs with thekolla_enable_letsencrypt variable which werecausing overcloud container image build to fail, or to includeletsencrypt images when disabled.

• Fixes a bug where NetworkManager would overwrite resolv.conf whenresolv_is_managed is set toTrue.LP#2044537

• Fixes thewipe-disks role which was failing on supported host operatingsystems due to a change in the output format oflsblk-J inutil-linux version2.37.LP#2051859

Other Notes¶

• Kayobe networking documentation for IP rules on CentOS Stream/Rocky Linuxsystems has been updated to reflect that routing tables must be specifiedby ID rather than by name.