New Features¶

• Adds support for custom Multipathd configuration.

• Since Kolla containers can built with user providedrepos.yaml Kayobecan override the file with their own content. The override files can be${KAYOBE_CONFIG_PATH}/kolla/repos.yaml (default Kolla filename) or${KAYOBE_CONFIG_PATH}/kolla/repos.yml. Multiple Environments supported.

Bug Fixes¶

• Improves performance of Bifrost operations by preventing unnecessaryrequests to the Ironic API.

• Fixes download of roles from Ansible Galaxy following the renaming of themrlesmithjr.manage_lvm role.LP#2023502

• Fixes an issue where generation ofpasswords.yml for Kolla Ansiblecould fail if the directory containing the file does not exist. This istypical in a multiple environment setup, when creating a new environment.Seestory 2010293for details.

• Fixed issue of seed containers being unable to use passwordprotected registry by adding docker login function to kayobedeploy-containers role.

New Features¶

• Adds support for configuring arbitrarily named VLAN interfaces usingsystemd-networkd. Seestory 2010266 for details.

Bug Fixes¶

• Fixes an issue with systemd-networkd configuration on Ubuntu with multipleVLAN interfaces. Seestory 2009013 for details.

Bug Fixes¶

• public-openrc.sh is now only generated if theadmin-openrc.sh filegenerated by Kolla Ansible exists. This fixes an issue where the task wouldfail, when running in a clean environment, with a set of Kolla Ansible tagsthat did not include the generation ofadmin-openrc.sh. Seestory2009323.

Bug Fixes¶

• Fixes an error when generating passwords.yml if an unencrypted file existsbut a password has been supplied.

New Features¶

• Updates base CentOS Stream 8 cloud image toCentOS-Stream-GenericCloud-8-20220913.0.x86_64.

Bug Fixes¶

• Fixes an issue with nclu-switch command ordering, when description wasapplied first to a non-existent (virtual) interface. Seestory 2010279 for details.

Upgrade Notes¶

• Updates base Rocky Linux 8 cloud image toRocky-8-GenericCloud.latest.x86_64.qcow2

Bug Fixes¶

• Fixes an issue where a custom playbook usingbecome_user could fail whensetting permissions on temporary files. Theacl package is now installedon all systems by default.

Bug Fixes¶

• Fixes an issue with undefined kolla_enable_hacluster variable.

New Features¶

• Adds support for custom Placement configuration.

• Adds support for global configuration options for Apt in files in/etc/apt/apt.conf.d/ on Ubuntu systems. Seestory 2009655 for details.

• Adds support for configuring Apt repositories on Ubuntu hosts. Seestory2009655 for details.

• Add the bonding 802.3ad aggregation selection option.

• Enables hardware clock (RTC) synchronisation by default when applying thechrony role. This setting is configurable with the new variablechrony_rtcsync_enabled.

• Adds support for inspection of L3-routed Ironic networks via DHCP-relay.

• The new filternet_no_ip adds the attributeno_ip which can be settotrue to skip IP address allocation and configuration for specificnetworks.

• Adds a new variableseed_hypervisor_enable_snat that allows users toenable SNAT service on the seed hypervisor. The default value isfalse.

• Adds support for Rocky Linux 8 as Host OS.

• Adds support for running package updates on Ubuntu hosts via the followingexisting commands:

  • kayobeseedhostpackageupdate--packages<packages>

  • kayobeseedhypervisorhostpackageupdate--packages<packages>

  • kayobeinfravmhostpackageupdate--packages<packages>

  • kayobeovercloudhostpackageupdate--packages<packages>

Security Issues¶

• Fixes an issue where any passwords inkolla_ansible_custom_passwordswere exposed in Ansible logs. When using verbosity level 3 (-vvv), theywere also exposed in Ansible output.

Bug Fixes¶

• Ironic inspection through Bifrost now work even if DHCP-relay is used.The dhcp-range in dnsmasq.conf corrctly configured with network mask.

• In production environments, the provision network may be separated from theother networks, so in this case, if you want Bifrost’s DHCP service providesthe correct gateway for the clients theinspection_gateway should beused instead of thegateway attribute for the provision network. Thisalso avoids configuring the multiple IP gateways on a single host whichleads to unpredictable results.

• Fixes an issue where the Neutron SR-IOV agent image is not built when theservice is enabled.

• Fixes an issue with idempotence of local Kolla Ansible configurationgeneration.

• Fixes an issue with the seed’s configdrive when the admin network is aVLAN. Seestory 2008089 for details.

• Enables deployment of Grafana when Monasca is enabled, as a replacement forthe retiredmonasca-grafana image. Seestory 2009717 for details.

• Fixes Ansible inventory generation with some custom group mappings usingthe same group names for Kayobe and Kolla Ansible. Seestory 2009927 for details.

• The set of commands starting withkayobeoverclouddatabase nowgenerate the kolla configuration necessary to login to the nodesrunning the database.

• Fixes an issue with config drive generation for infrastructure and seed VMswhen using untagged interfaces. The symptom of this issue is that kayobecannot login to the instance. If you check the libvirt console log, youwill seeKeyError:'vlan_link'. Seestory 2009910 for details.

• Fixes an issue where hacluster images are not built when the service isenabled.

• Fixes an issue with IPA image builds which used themasterbranch ofironic-python-agent, even on stable releasesof Kayobe, or when explicitly settingipa_build_source_version.

• Fixes an issue seen when using Jinja2 3.1.0.

• Fixes an issue where any passwords inkolla_ansible_custom_passwordswere exposed in Ansible logs. When using verbosity level 3 (-vvv), theywere also exposed in Ansible output.

• Fixes an issue where patch links could be erroneously createdon hosts not in the overcloud group. SeeStory 2009911 for details.

• Fixes an issue where the MTU defined in Kayobe was not applied to Ironicprovisioning and cleaning networks in Neutron.

• Deployment image (IPA) build no longer uses master version ofupper-constraints. Instead, it defaults to using the constraints for theOpenStack release associated with the version of Kayobe being used. Seestory 2009810 fordetails.

• Fixes failures to runkayobeovercloudbiosraidconfigure by upgradingthestackhpc.drac role to version 1.1.6.

• Fixes an issue with masking NTP services which are not found. Seestory2009821 for details.

Bug Fixes¶

• Fixes a failure to detect the Kayobe installation prefix whenlib ispresent multiple times in the installation path. Seestory 2009721 for details.

New Features¶

• Adds support for configuring apt’s proxy setting for Ubuntu hosts.Seestory 2009035 for details.

• Adds support for deploying infrastructure VMs on the seed hypervisor.These can be used to provide supplementary services that do not run wellwithin a containerised environment or are dependencies of the controlplane. Seestory 2008741 for details.

• Adds Arista switch support for the Neutron ML2 genericswitch driver.

• Adds a newkolla_bifrost_deploy_image_filename variable used to definethe name of the root disk image to provision. This may be used to deploydifferent images on different hosts.

• Adds a newkolla_bifrost_use_firewalld variable used to define whetherBifrost uses firewalld, which is now disabled by default.

• Adds support for CentOS Stream 8 as a host Operating System and basecontainer image. This is the only distribution of CentOS supported fromthe Wallaby release. The Victoria release will support both CentOS Linux 8and CentOS Stream 8 hosts and images, and provides a route for migration.

• Adds support for installing Ansible collections. Seestory 2008391 for details.

• Adds a--diff argument to kayobe CLI commands. This is passed throughtoansible-playbook for Kayobe and Kolla Ansible playbooks, and can beused with the--check argument to see changes that would be made tofiles.

• Adds a new variablekolla_docker_registry_insecure to configure whetherDocker should use an insecure registry for Kolla images.

• Adds a new flag,docker_registry_network_mode, which defaults tohost. This may be used to set the network mode of the Docker registrycontainer.

• Adds support for passing through additional host variables from Kayobe toKolla Ansible. This is done via the following variables:

  • kolla_seed_inventory_pass_through_host_vars_extra

  • kolla_seed_inventory_pass_through_host_vars_map_extra

  • kolla_overcloud_inventory_pass_through_host_vars_extra

  • kolla_overcloud_inventory_pass_through_host_vars_map_extra

  Seestory 2008797for details.

• Adds support for configuring a firewall via firewalld on CentOS. Seestory2008991 for details.

• Adds support for merging the following configuration files from theenvironment-specific directory (etc/kayobe/environments/<environment>)and the base directory (etc/kayobe).

  • kolla/config/bifrost/bifrost.yml

  • kolla/config/bifrost/dib.yml

  • kolla/config/bifrost/servers.yml

  • kolla/globals.yml

  • kolla/kolla-build.conf

  Seestory 2002009for details.

• Adds a newkayobeovercloudserviceprechecks command to run KollaAnsible prechecks without deploying services.

• Adds a new variableseed_enable_snat that allows users to enable SNATservice on the seed. The default value isfalse.

• Adds support for configuring thefilter andgather_subset argumentsfor thesetup module viakayobe_ansible_setup_filter andkayobe_ansible_setup_gather_subset respectively. These can be used toreduce the number of facts, which can have a significant effect onperformance of Ansible.

• Adds a new command,kayobeovercloudfactsgather, to gather Ansiblefacts for overcloud hosts. This may be useful for populating a fact cache.

• Adds support for configuring active built-in tuned profile by using thegiovtorres.tuned Ansible role. This is only supported on CentOS.

• Adds support for Ubuntu Focal 20.04 as a host and container OperatingSystem for seed, seed hypervisor and overcloud hosts.

• Adds support for themetalink option in custom DNF repositoriesconfigured withdnf_custom_repos indnf.yml.

Known Issues¶

• Switching an existing deployment frombinary tosource images canbreak Horizon, which can be resolved by flushing contents ofmemcachedwithdockerrestartmemcached. SeeKolla Ansible bug 1886549 for details.

Upgrade Notes¶

• Updates all references to Ansible facts within Kayobe from usingindividual fact variables to using the items in theansible_factsdictionary. This allows users to disablefact variable injectionin their Ansible configuration, which may provide some performanceimprovement. Check for facts referenced in local configuration files, andupdate to useansible_facts before disabling fact variable injection.

• Updates the maximum supported version of Ansible from 2.9 to 4.x(ansible-core 2.11). The minimum supported version is updated from 2.9 to2.10. This is true for both Kayobe and Kolla Ansible.

• Upgrading directly from Ansible 2.9 to Ansible 2.10 or from Ansible 2.10 toAnsible 4 is known to cause problems. You should uninstall Ansible beforeupgrading your Kayobe virtual environment:

  pip uninstall ansible

  If upgrading from Ansible 2.10 to a newer version, also uninstallansible-base:

  pip uninstall ansible-base

• Bifrost is now configured to avoid using firewalld, to prevent conflictswith firewall rules set by Kayobe on the seed host. The existing behaviourcan be retained by settingkolla_bifrost_use_firewalld toTrue inbifrost.yml.

• CentOS Linux 8 is no longer supported as a host Operating System or basecontainer image. CentOS users should migrate to CentOS Stream 8. TheVictoria release will support both CentOS Linux 8 and CentOS Stream 8hosts and images, and provides a route for migration.

• Updates the default image type tosource. Users wishing to build anddeploybinary type images should setkolla_install_type tobinary inkolla.yml. This change is to reflect the reality thatsource images are tested more thoroughly and we (as OpenStack community)have better control over them.

• Consistent network device naming is now enabled by default in overcloudroot disk images, by settingnet.ifnames=1 on the kernel command line.This is performed using theDIB_BOOTLOADER_DEFAULT_CMDLINEdiskimage-builder environment variable, which is set tonofbnomodesetgfxpayload=textnet.ifnames=1 to preserve diskimage-builder defaults. Torestore existing behaviour, setDIB_BOOTLOADER_DEFAULT_CMDLINE tonofbnomodesetgfxpayload=textnet.ifnames=0 in thekolla_bifrost_dib_env_vars_extra dictionary.

• The--check argument to kayobe CLI commands is now passed through toKolla Ansible playbooks.

• The default configuration of Docker, as set by Kolla Ansible, has changedto stop using an insecure registry for Kolla images. To avoid breakingexisting deployments,kolla_docker_registry_insecure is automaticallyset totrue if Kayobe is configured to deploy an insecure registryservice. If using an insecure registry not deployed by Kayobe, you willneed to set the value ofkolla_docker_registry_insecure totrue orconfigure TLS for your registry.

• Updates the NTP implementation from the chrony container deployed bykolla-ansible to configuring chrony as a host service. Chrony is nowinstalled on all hosts in thentp group, which defaults to includethe seed, overcloud, and seed-hypervisor groups. On existing deployments,you should runkayobe overcloud host configure to migrate from thekolla-ansible deployed container. This can optionally be scoped to justuse thentp tag. You can continue to use the kolla container bysettingkolla_enable_chrony totrue.

• Support for deployment of a chrony container managed byKolla Ansible has been removed.

• Removes theiscsi interface fromkolla_ironic_enabled_deploy_interfaces, and changeskolla_ironic_default_deploy_interface todirect. This is in linewith upstream changes in Ironic during the Xena cycle, in which theiscsi deploy driver was removed.

  Existing nodes using theiscsi deploy driver should be updated to analternative such asdirect before upgrading.

• Kayobe now applies a sensibletuned profile to each host by default.This may need to be customised, for example if the seed node is not avirtual machine. See thedocumentationandstory 2007853for details.

• Kolla images Docker namespace used in Kayobe was switched fromkollatoopenstack.kolla to reflect Kolla project changes.

Deprecation Notes¶

• The following variables are deprecated, in favour of using configurationfileskolla/globals.yml andkolla/kolla-build.conf respectively.

  • kolla_extra_globals

  • kolla_bifrost_extra_globals

Bug Fixes¶

• Prevents Bifrost from using firewalld to avoid conflicts with firewallrules set by Kayobe on the seed host. Seestory 2009252 for more details.

• Settingkolla_enable_ovn inkolla.yml did not configure Neutron’sintegration with OVN.Seestory 2009080for details.

• Sets proxy option when usingdnf during user bootstrapping, beforednf.conf is updated. This allows Kayobe to install Python 3 during hostconfiguration whendnf requires a proxy to operate.

• Adds missing hook support for thekayobeenvironmentcreate command.

• Fixes some issues seen when using the--check argument withkayobeovercloudhostconfigure. Seestory 2004798.

• Fixes an issue bug where introspection data save would fail. Seestory2009129 for moredetails.

• Fixes an issue withsystemd-networkd configuration for VLAN interfaceswhen the interface is untagged.

• Fixes an issue with configuration validation when no public API network isin use. Seestory 2009134 for details.

• Filter out 25 Gigabit Ethernet interface names in the Ironic inspector rulesetting node names from interface LLDP switch port descriptions.

• Fixes an issue with container image builds by usinghost as the defaultnetwork_mode forkolla-build. Seestory 2008942 for details.

• Fixes an issue with systemd-networkd MTU mismatch in veth pair on Ubuntu.Seestory 2009072for details.

• Fixes an issue where cached seed VM images are unnecessarily owned by root.Seestory 2009277for details.