New Features¶

• Adds support for custom RabbitMQ configuration.

Bug Fixes¶

• Fixes an issue where Dell OS6 and Dell OS9 switch configuration was notapplied correctly.LP#2061102.

• Fixes default Ubuntu Apt keyrings location to the recommended/etc/apt/keyrings.

• Fixes an issue with overcloud service destroy where it failed to remove theinspection store docker volume. SeeLP#2050092.

• Changes the default cloud image for seed and infra VMs to use Rocky Linux9.3, to fix boot failures seen with newer cloud images which require UEFIboot mode.

Bug Fixes¶

• Fixes thewipe-disks role which was failing on supported host operatingsystems due to a change in the output format oflsblk-J inutil-linux version2.37.LP#2051859

Deprecation Notes¶

• Support for thedevicemapper Docker storage driver is deprecatedfollowing its removal from Docker Engine 25.0. Support will be fullyremoved in the Caracal 16.0.0 release. Operators usingdevicemappershould ensure that a compatible version of Docker Engine is installed (i.e.release 24.x or below).

Upgrade Notes¶

• If the admin network does not have a gateway defined andseed_enable_snat isfalse, which is the default, overcloud hostswill not have a default gateway immediately after provisioning anymore. Adefault gateway on another network can still be applied during the hostconfiguration step.

• Introduces a new variablekolla_ansible_extra_custom_passwords to avoidthe need to combinekolla_ansible_default_custom_passwords andkolla_ansible_custom_passwords when adding or overriding passwords.

Bug Fixes¶

• Fixes an issue where local configuration generation would be skipped whenrunning in check mode. This would lead to Kolla Ansible checking with staleconfiguration. Seestory 2010526 for details.

• Fixes an issue wherekayobeconfigurationdump would fail whenvariables are encrypted using Ansible Vault. Encrypted variables are nowsanitised in the dump output.LP#2031390

• Fixes slow fact gathering in some environments by not configuring the seedhost as the initial default gateway for overcloud hosts whenseed_enable_snat isfalse, which is the default.LP#2039461

• Fixes an issue where the Kolla Ansible variablekolla_admin_openrc_cacert was not set to the value ofkolla_internal_fqdn_cacert.

• Disables configuration of SELinux by Kolla Ansible, which could revertconfiguration set by Kayobe.

• Fixes gateway assignment when seed SNAT is disabled. In this circumstanceBifrost was generating ConfigDrive data with the default gateway unset evenwhen one is available on the admin network.

• Fixes a bug where NetworkManager would overwrite resolv.conf whenresolv_is_managed is set toTrue.LP#2044537

• When determining whether or not a host needs bootstrapping, we attempt toconnect to the host usingansible_user, if the login fails, we thenassume that the host needs bootstrapping. In previous releases we used amanually craftedssh command. This did not respect any customisationsto the SSH arguments made through Ansible configuration. We now use the rawmodule so that these customisations are used when connecting to the host.One possible use case is to configure a jump host between the control hostand the target hosts. If bootstrapping was needed, hosts will now show asunreachable in the summary stats at the end of the run. This can safely beignored.

• Fixes an issue when user forgot to combinekolla_ansible_custom_passwords,kolla_ansible_default_custom_passwords and own dictionary with custompasswords in configuration files. Nowkolla_ansible_extra_custom_passwords should provide only user custompasswords to add or override inkolla/passwords.yml.

New Features¶

• The Spanning Tree Protocol (STP) can now be configured on bridge interfaces.Enable or disable STP by setting thebridge_stp attribute for a network.Note that STP is not set by default on Ubuntu, but it is disabled on RockyLinux 9 for compatibility with network scripts, as NetworkManager enablesSTP on all bridges by default.

• Attempts to log in to the kolla docker registry can be skipped by settingdeploy_containers_registry_attempt_login to false.

  This is required for deployments using a non-standard registrydeployed on the seed during the deploy-container step, since it takesplace after the registry login attempt.

Upgrade Notes¶

• For Rocky Linux 9, Kayobe now disables STP on a bridge by default. Thisaction will cause the bridge interface to restart during the hostconfiguration process.

• Adds an introspection rule to update the location of the deployment kernelregistered in existing Ironic nodes. Nodes discovered on a deploymentrunning the Train release or earlier may still be using theipa.vmlinuzkernel, which stays unchanged when deployment images get updated. If onlydefault introspection rules are in use, existing nodes may be updated fromthe Bifrost container with the following command:

  OS_CLOUD=bifrostbaremetalintrospectionreprocess$NODE_UUID_OR_NAME

  If non-default rules are used, reprocessing may revert any customisationdone by the operator. In this case, a more cautious approach is to updatethe deployment kernel location manually:

  OS_CLOUD=bifrostbaremetalnodeset--driver-infodeploy_kernel=<http://url/to/ipa.kernel>$NODE_UUID_OR_NAME

  If thekolla_bifrost_inspector_rules list is customised, the ruleinspector_rule_legacy_deploy_kernel should be added to it.

Bug Fixes¶

• Fixes failure to runkayobeoverclouddeprovision after Bifrost isredeployed.LP#2038889

• Improves performance of Bifrost operations by preventing unnecessaryrequests to the Ironic API.

• Fixes detection of data file path when using editable installations with arecent pip.

• Fixes the regression in configuring additional route options onCentOS / Rocky.

• Fixed issue of seed containers being unable to use passwordprotected registry by adding docker login function to kayobedeploy-containers role.

• Adds a workaround to avoid NetworkManager setting the MTU of bridge VLANinterfaces to an incorrect value.LP#2039947

• Fixes conflicts between NetworkManager nmconnection files generated bycloud-init and those generated by Kayobe by upgrading theMichaelRigart.interfaces role to version 1.14.4.LP#2039975

New Features¶

• Adds support for custom Multipathd configuration.

• Since Kolla containers can built with user providedrepos.yaml Kayobecan override the file with their own content. The override files can be${KAYOBE_CONFIG_PATH}/kolla/repos.yaml (default Kolla filename) or${KAYOBE_CONFIG_PATH}/kolla/repos.yml. Multiple Environments supported.

Upgrade Notes¶

• Modifies the default value ofkolla_ansible_venv_python to/usr/bin/python3. Using operating system python to createkolla-ansible venv fixes corner cases when using older venvs created withvirtualenv command.

Bug Fixes¶

• Fixes download of roles from Ansible Galaxy following the renaming of themrlesmithjr.manage_lvm role.LP#2023502

• Fixes an issue where generation ofpasswords.yml for Kolla Ansiblecould fail if the directory containing the file does not exist. This istypical in a multiple environment setup, when creating a new environment.Seestory 2010293for details.

• Fixes an issue with systemd-networkd configuration on Ubuntu with multipleVLAN interfaces. Seestory 2009013 for details.

• Fixes repositories files names in Rocky Linux 9. Distributions moved tolowercase names with RHEL 9 release.

• Fixes various issues when applying network configuration on Rocky 9 hosts.See bugs:2016970 and2016971.

• Installsncclient dependency for Juniper switch configuration whenusing Ansible check mode.

New Features¶

• Adds support for configuring arbitrarily named VLAN interfaces usingsystemd-networkd. Seestory 2010266 for details.

Bug Fixes¶

• Synchronises the default valuekolla_tag with the container imagetagging scheme expected by Kolla Ansible. This ensures images are builtwith tags such aszed-ubuntu-jammy instead ofzed.

Prelude¶

Ubuntu Jammy Jellyfish (22.04) LTS and Rocky Linux 9 are nowsupported as a host Operating System and base container image.

New Features¶

• Adds the--skip-hooks argument to ignore hooks for the execution of acommand. Seestory 2009241 for details.

• Adds support for configuring a firewall via firewalld on Ubuntu. Seestory2010160 for details.

• Adds support for configuring Dell OS10 Switches using thedellemc.os10Ansible collection. This isintegrated with thekayobephysicalnetworkconfigure command.

• Adds support for installing additional build host dependencies whenbuilding IPA and overcloud host images viaipa_build_dib_host_packages_extra andovercloud_dib_host_packages_extra.

• Adds support for specifying a custom playbook when running Kolla Ansiblecommands via a--kolla-playbook argument. For example:

  kayobe overcloud service deploy --kolla-playbook /path/to/playbook.yml

  This may be used to specify a playbook that replaces or extends the defaultsite.yml playbook, and needs to execute in the Kolla Ansible context.

• Adds support for copying$KAYOBE_CONFIG_PATH/kolla/config/nova_computeto Kolla configuration. This folder can contain aNova release filewhich can configure thevendor orproduct strings used by Nova.

• Roles, collections and plugins included with Kayobe configuration are nowaccessible to all Kayobe playbook executions.

• Adds functionality to configure desired SELinux state (in addition todisabling SELinux previously).

• Adds support for Rocky Linux 9 as a host Operating System and basecontainer image. CentOS Stream 8 is not supported anymore.

• Adds support for copying the Bifrostclouds.yaml file and optionally aTLS CA certificate from the Bifrost container to the seed host. This makesit possible to enable authentication and TLS for Bifrost services.

• Kayobe now configures SELinux on the seed hypervisor. The default is to setSELinux topermissive.

• Adds support for specifying SNAT source and destination filters. This isuseful if forwarded packets need to exit on a different interface dependingon the source or destination IP address or port.

• Adds the--add-known-hosts option to control host bootstrap. This will addSSH known hosts entries for each host. This should provide a way aroundthe issues described instory 2001670.

• Adds support for theANSIBLE_VAULT_PASSWORD_FILE environment variableas a source for the Ansible Vault password. Seestory 2006766 for details.

• Adds support for configuring swap files and devices on seed, seedhypervisor, overcloud and infra VM hosts duringhostconfigurecommands.

• Adds support for Ubuntu Jammy Jellyfish (22.04) LTS as a host andcontainer Operating System for seed, seed hypervisor and overcloud hosts.

Upgrade Notes¶

• Updates the maximum supported version of Ansible from 5.x (ansible-core2.12) to 6.x (ansible-core 2.13). The minimum supported version is updatedfrom 4.x to 5.x. This is true for both Kayobe and Kolla Ansible.

• Changes the Kayobe playbook group variables inansible/group_vars/ tobe inventory group variables inansible/inventory/group_vars. This hastwo important consequences:

  1. Inventory group variables have a lower precedence than playbook groupvariables. This means that these variables can now be overridden bygroup variables in the Kayobe configuration inventory.

  2. The new inventory group variables are automatically used by all Kayobecommands, and do not need to be in the same directory as the playbookbeing executed. This means that theprevious workaroundfor custom playbooks involving symlinking to thegroup_varsdirectory from the directory containing the custom playbook is no longernecessary.

• Removes thekolla_ironic_default_boot_option variable and theinspector_rule_local_boot inspector rule, since Ironic has removedsupport for defining a boot option configuration. TheSetlocalbootcapability rule should be removed from Bifrost and Ironic Inspector bythe operator.

• Starting with Yoga, Ironic has changed the default PXE from plain PXE toiPXE.Kayobe follows this upstream decision but allows users to revert tothe previous default of plain PXE. For details, please refer toKolla Ansible’s documentation.

• Removes thekolla_install_type variable. This is due to removal ofsupport forbinary images from the Kolla project.

• Overcloud host images are now built via DIB by default, rather thanBifrost. The old behaviour may be obtained by settingovercloud_dib_build_host_images tofalse.

• Removes support for configuring Grafana withkayobeovercloudpostconfigure. See theKolla Ansible documentationfor an alternative method of loading dashboards.

• Changes the environment used during Kayobe playbook execution to includeKayobe’s collections, roles and plugins in the Ansible lookup paths.This allows custom playbooks to use these items, without the requirement tosymlink into the Kayobe installation. Existing symlinks may be removed.

• Removes support for deploying Monasca and its dependencies (Kafka, Stormand Zookeeper).

• Thedisable-selinux role has been renamed toselinux and so havebeen the related variables. If you set one of them, adapt yourconfiguration:

  • disable_selinux_do_reboot becomesselinux_do_reboot

  • disable_selinux_reboot_timeout becomesselinux_reboot_timeout

• Kayobe now sets SELinux topermissive by default (compared todisabled previously). This may require a reboot, which will only betriggered ifselinux_do_reboot is set totrue. If you want toretain previous behaviour, setselinux_state todisabled.

• Elasticsearch has been replaced with OpenSearch. Any custom Kayobeconfiguration should be moved from${KAYOBE_CONFIG_PATH}/kolla/config/elasticsearch to${KAYOBE_CONFIG_PATH}/kolla/config/opensearch.

• The default value ofos_distribution was changed torocky.CentOS Stream 8 is not supported anymore.

• Enables authentication by default in Bifrost.

• Updates thestackhpc.os-images role to version 0.16.0. This new releaseseparates configuration of upper constraints for diskimage-builder (DIB)from those used by the OpenStack SDK and client. This allows operators touse a newer version of DIB while keeping compatible versions of theOpenStack SDK and client. This is configured with the following variables:

  • ipa_build_dib_upper_constraints_file inipa.yml

  • overcloud_dib_dib_upper_constraints_file inovercloud-dib.yml

  The variables are empty by default in order to allow for Rocky Linux 9image builds.

Security Issues¶

• Fixes an issue where any passwords inkolla_ansible_custom_passwordswere exposed in Ansible logs. When using verbosity level 3 (-vvv), theywere also exposed in Ansible output.

Bug Fixes¶

• Ironic inspection through Bifrost now work even if DHCP-relay is used.The dhcp-range indnsmasq.conf is now correctly configured with itsnetwork mask.

• Adds missing Ansible group following the addition of support in KollaAnsible for forwarding Prometheus alerts to Microsoft Teams.

• Fixes an issue with undefinedkolla_enable_hacluster variable.

• Fixes an issue where a host configure with--wipe-disks wouldwipe block devices that were mounted. Seestory2010367 for details.

• Fixes an error when generating passwords.yml if an unencrypted file existsbut a password has been supplied.

• Fixes an issue where hacluster images are not built when the service isenabled.

• Fixes an issue where a custom playbook usingbecome_user could failwhen setting permissions on temporary files. Theacl package is nowinstalled on all systems by default.

• Fixes an issue where any passwords inkolla_ansible_custom_passwordswere exposed in Ansible logs. When using verbosity level 3 (-vvv), theywere also exposed in Ansible output.

• Fixes an issue with nclu-switch command ordering, when description wasapplied first to a non-existent (virtual) interface. Seestory 2010279 for details.

• Fixes an issue where the MTU defined in Kayobe was not applied to Ironicprovisioning and cleaning networks in Neutron.

• Configures SELinux topermissive on the seed hypervisor, which fixespermission issues when provisioning seed or infra VMs.

• Fixes failures to runkayobeovercloudbiosraidconfigure by upgradingthestackhpc.drac role to version 1.1.6.