Upgrade Notes¶

• The Debian and Ubuntu images use rabbitmq and erlang from cloudsmith now.Operators might want to mirror/proxy this new source as it provides thecorrect set of packages unlike the previous combination.

Bug Fixes¶

• Fixes wrong update-alternatives usage on CentOS.LP#1936947

• Fixes problems when running with docker-py >=6.LP#1988121

• Fixes the Debian and Ubuntu images to use rabbitmq and erlang fromcloudsmith so that the images are still buildable and use proper versions.

New Features¶

• Adds Cyrus SASL packages necessary for the DIGEST-MD5 and SCRAM-SHA-256mechanisms. These can be used for libvirt SASL authentication.LP#1964013

• Quiet mode (enabled with--quiet argument) can be combined with--logs-dir option now. Console output will be quiet as expected whilebuilding output will be stored in separate log files.

Critical Issues¶

• CentOS Linux 8 (non-Stream) support has been dropped, sincerepositories have been removed from CentOS mirrors - seeannouncement.

Security Issues¶

• Adds mitigation for Apache Log4j 2 Remote Code Execution (RCE)vulnerabilities CVE-2021-44228 and CVE-2021-45046 to Apache Storm.

Bug Fixes¶

• Fixes an issue with Ironic deployments using UEFI and iPXE, where thedefault UEFI iPXE bootloader in Ironic was not available in the TFTPserver. This affects all Kolla releases on CentOS, and Xena onDebian/Ubuntu.LP#1959203

• Installsglusterfs-client in Debian and Ubuntumanila-share imagesto support GlusterFS across supported distributions.LP#1964140

• Fixes an issue when older version of Python OpenvSwitch bindings packagewas used, than the running OpenvSwitch code.LP#1961874

• Fix AArch64 ubuntu ironic-python-agent images UEFI PXE booting failure.Also fix x86_64 lacking of GRUB efi files issue.LP#1879265

• Fixes disabling the use of thecurlrc configuration file inhealthcheck_curl.LP#1967272

• Fixes an issue seen when using Jinja2 3.1.0.

• Fixes an issue with missing Magnum Keystone auth default policy.LP#1957159

• Fixes set_configs.py configuring same permission for directories and files,causing directories lacking execute permission if not set for files.

New Features¶

• Improve the way offline scenario are supported:

  • Switching dumb-init installation to distribution provided packages.

Upgrade Notes¶

• Debian now uses upstream MariaDB repos (thus following Ubuntuimages). This is done to avoid issues like the related one andhave an easy workaround of pinning to chosen MariaDB version ifneed arises.Operators may want to reflect this in their repo mirrors andproxies.LP#1944410

Bug Fixes¶

• Adds an option to the monasca-thresh container which checksif the topology is currently submitted (KOLLA_BOOTSTRAP), withan option to kill it (TOPOLOGY_REPLACE). Topology namesand various timeouts may be customized.LP#1808805

• Fixes missing boto3 library required by glance_store.LP#1884259

• Fixes an issue with logs going missing in the Fluentd pipelineby pinning td-agent to 4.0.* also on Debian.LP#1930867 [Debian]

• Fixes an issue with cinder-volume missinglsscsi andnvme commandson Debian and Ubuntu.LP#1942038

• CentOSnova-compute image haslinux-firmware package removed to saveimage size by ~500MB.LP#1926801

• Fixes “Permission denied” issue for swift-recon tool that appears whenswift-recon tool tries to access deafult recon_lock_path

• Ensures thenvme-cli package is present innova-compute images, asit expected byos-brick.

Other Notes¶

• CentOS images are now buildable using CentOS 8 Streamas a base.

New Features¶

• octavia-driver-agent image was added to support other Octavia providers thanamphora.

Upgrade Notes¶

• RabbitMQ and Erlang packages are now installed frompackagecloud.io(and PPA for Debian/Ubuntu) sincebintray.com is getting shut downMay 1st, 2021.

Bug Fixes¶

• Fixes an issue with Swift containers failing to start in Ubuntu binaryimages.LP#1905279

• Fixes an issue with thekolla_set_configs--check command whenthe compared files are non-Unicode.LP#1913952

• Fixes location of monitoring_policy in Horizon, so accesspolicy is correctly enforced. Note that by current default,admin doesn’t not have Monitoring access.LP#1928408

• Fix support for kolla install in~/.local.LP#1930544

• Fixes an issue with logs going missing in the Fluentd pipelineby pinning td-agent to 4.0.*.LP#1930867

• Fixes issues arising from the lack of Debian updates repo being enabled.LP#1931544

• Fixes an issue with the Fluentd Monasca output plugin relatedto a more recent openssl library.LP#1910382

• Fixes Mistral source images to respect upper-constraints.

Other Notes¶

• Debian images enable the Debian updates repo now. This is aligned withthe base Debian image.

New Features¶

• The Prometheus plugin is now installed into the Fluentd container bydefault.

• Add a Monasca app plugin for the Monasca fork of Grafana. Plugin providesscreens for viewing or configuring: Alarm Definitions, Alarms and Notifications

• Added new option “–(no)summary” to allow to hide after build summary.

Upgrade Notes¶

• The Logstash image has been upgraded from Logstash 2 to Logstash 6.

• Cyborg Agent no longer includes OPAE SDK. The version was outdatedand currently supported platforms do not have ready-to-use binaries.This change was required to make Cyborg buildable.

• Kolla now no longer supports CentOS 8.2 and below.This is to support CentOS 8.3 without extra workarounds (pleasesee the fixes section for more details).The promise is to support the latest CentOS 8 release which is 8.3now.

• Changes the default value of the[DEFAULT]tarballs_base configurationoption fromhttps://tarballs.openstack.org tohttps://tarballs.opendev.org. Since the OpenDev site is namespaced, thedefault source image tarball locations have been updated to include the/openstack (or in a few cases/x) URL path.

• Thecongress project is no longer maintained. This has beenretired since Victoria and has not been used by other OpenStackservices since.

• FWaaS project has been removed in Victoria cycle and it’s no longer includedin Kolla container images and deployment.

• Glance Registry service was deprecated in the Queens release and has been removed in Victoria.Accordingly, container image glance-registry has been removed from Kolla.

• remove mongodb image from kolla, following deprecation process.

• Theneutron-server-opendaylight image has been removed.

• neutron-server-ovn andneutron-metadata-agent-ovn images have beenremoved. OVN drivers have been moved into Neutron code base in Ussurirelease andnetworking-ovn bits are no longer required to be installed.

• Theopendaylight image, which was deprecated in the Ussuri cycle, hasbeen removed.

• Thesensu images which were deprecated in the Ussuri cycle has beenremoved.

• td-agent has been upgraded to version 4. It will be now used for bothx86-64 andaarch64 architectures on all distributions Kolla issupporting. Users before upgrade should analyse changed config file syntaxfor their custom fluentd configuration files.

• Ubuntu images now use Focal 20.04 (ubuntu:20.04) as the default baseimage.

• Source based builds will now install OpenStack projects code from stabletarballs, compared to versioned (released point versions) ones as before.

Deprecation Notes¶

• Deprecates support for thecertmonger,ec2-api,heat-all,novajoin,nova-mksproxy,ptp,radvd,rsyslog andzaqar images. In Wallaby support for these images will be removed fromKolla. No known downstream projects use these images.

• Deprecates support formariadb image. Please usemariadb-serverimage from now on - because the former will be removed in Wallaby cycle.

Bug Fixes¶

• Makes Cyborg buildable for all platforms by removing dependency onOPAE SDK.LP#1873744

• Fixes the FC Cinder backend usage in Nova.LP#1884484

• Fixes Ceilometer deployment and upgrade failing due to wrong mode ofargument passing applied to theceilometer-upgrade command.LP#1884919

• Fixes MariaDB incremental backup failure when fullbackup was not created the same day.LP#1897948

• Fixes builds on CentOS 8.3 failing due to renamed repos.Notice Kolla now no longer supports CentOS 8.2 and below.LP#1907213

• Drop systemd support from nsswitch.conf on RHEL-based distros. This avoidsunneeded systemd nss lookups inside containers and it also avoids possibleselinux denials when a container bind mounts /run and makes the dbus socketavailable inside the container only to be denied by selinux on the host.

• Fixes an issue with thekolla_set_configs--check command when thesource is a directory.LP#1890567

• Fixes an issue with loading Storm and Monasca Thresh when usingCentos8 containers.

• Fixes an issue with the Masakari dashboard where policies were not loadedcorrectly.

• nova-compute uses daxio to cleanup vpmem backend device on instancedelete. If the daxio binary is missing in the nova-compute containerinstance delete fails. daxio is provided in centos via daxio, inubuntu via the pmdk-tools package.

• Added rally-openstack as plugin to rally source image

• Fixes an issue which can block the Monasca Fluentd output plugin.LP#1889065

Other Notes¶

• tripleoclient container image is removed. It is not needed nor useful.