|
2 | 2 | OSISM 7
|
3 | 3 | =======
|
4 | 4 |
|
5 |
| -Instructions for the upgrade can be found in the `upgrade guide <https://osism.github.io/docs/guides/upgrade-guide/manager>`_. |
6 |
| - |
7 |
| -The release notes build on each other. When upgrading from 6.0.2 to 7.0.4, you should |
8 |
| -therefore not only read and take into account the release notes for 7.0.4 but also the |
9 |
| -previous release notes. The same applies to an update from, for example, 7.0.2 to 7.0.4. |
10 |
| -The release notes for 7.0.3 must then also be taken into account. |
11 |
| - |
12 | 5 | .. warning::
|
13 | 6 |
|
14 |
| - 7.0.0a, 7.0.0b, 7.0.0c, 7.0.0d are pre-releases. Do not use these releases. |
15 |
| - |
16 |
| -7.0.4 |
17 |
| -===== |
18 |
| - |
19 |
| -Release date: 7. May 2024 |
20 |
| - |
21 |
| -Due to an error in the ``osism/sbom`` repository, the Nova and Octavia images were not updated as |
22 |
| -originally stated in the release notes for OSISM 7.0.3. Therefore it was unfortunately necessary |
23 |
| -to release a 7.0.4 which contains the correct SBOM. In 7.0.4 nothing has changed except the SBOM. |
24 |
| -The correct images for Nova and Octavia are now included in 7.0.4 and the bugs listed below have |
25 |
| -been fixed. An update of the Manager Service must be done and then, if required, an update of Nova |
26 |
| -and Octavia can be updated as originally planned for OSISM 7.0.3. We apologise for the mistake and |
27 |
| -the resulting effort. |
28 |
| - |
29 |
| -* The OpenStack service images for Octavia and Nova have been rebuilt. Upgrades of the Octavia |
30 |
| - and Nova services are recommended. No upgrades of other OpenStack and associated |
31 |
| - infrastructure services such as MariaDB or RabbitMQ are required. |
32 |
| - |
33 |
| - * The Nova images have been rebuilt to add packages to be able to use vTMP (`osism/issues#1008 <https://github.com/osism/issues/issues/1008>`_) |
34 |
| - If this is not relevant, the upgrade can be skipped. |
35 |
| - |
36 |
| - * The octavia images have been rebuilt to resolve an issue when creating a LB + a listener |
37 |
| - with an allowed_cidr with the fully-populated API (`osism/issues#980 <https://github.com/osism/issues/issues/980>`_) |
38 |
| - |
39 |
| - * When upgrading the Nova and Octavia API services, there is a short downtime of the APIs. |
40 |
| - This downtime is usually less than 1 minute. |
41 |
| - |
42 |
| -7.0.3 |
43 |
| -===== |
44 |
| - |
45 |
| -Release date: 3. May 2024 |
46 |
| - |
47 |
| -* The Ceph service images have not been rebuilt. No upgrade of Ceph is required. |
48 |
| - |
49 |
| -* The OpenStack service images have not been rebuilt. No upgrade of OpenStack is required. |
50 |
| - |
51 |
| -* During the preparation of the upgrades of the regions of the PCO a bug (`osism/issues#973 <https://github.com/osism/issues/issues/973>`_) |
52 |
| - has been noticed which leads to a delay of up to 2 minutes between the necessary container stops and starts. |
53 |
| - This is due to a bug in the service units of all Kolla services. The bug is fixed in the current release. |
54 |
| - To avoid the delay during an upgrade, a fix must be applied in advance for all service units from |
55 |
| - Kolla. |
56 |
| - |
57 |
| - .. code-block:: console |
58 |
| -
|
59 |
| - osism apply fix-gh973 |
60 |
| -
|
61 |
| -* The ``openstack_cacert`` parameter used by Kolla is now set to ``"/etc/ssl/certs/ca-certificates.crt"`` |
62 |
| - by default. The previous default was ``""``. If this is not wanted, the parameter must be overwritten in |
63 |
| - ``environments/kolla/configuration.yml``. |
64 |
| - |
65 |
| -* The ``ironic_agent_files_directory`` parameter used by Kolla is now set to ``/share/ironic`` by default. |
66 |
| - The previous default was ``"{{ node_custom_config }}"``. If this is not wanted, the parameter must be overwritten |
67 |
| - in ``environments/kolla/configuration.yml``. This is in preparation for the Ironic IPA images no longer being |
68 |
| - stored in the configuration repository but within the manager service at runtime. |
69 |
| - |
70 |
| -* The Ironic IPA images are now downloaded from ironic play by default. If this is not wanted, |
71 |
| - ``enable_ironic_agent_download_images: false`` must be set in ``environments/kolla/configuration.yml``. |
72 |
| - The Ironic IPA images can now also be downloaded independently of the ironic play with ``osism apply ironic-download-ipa-images``. |
73 |
| - |
74 |
| -* The ``ceph_cluster_fsid`` parameter is now generated automatically. It can be removed from ``environments/configuration.yml``. |
75 |
| - The automatically generated ``ceph_clusterfs_fsid`` parameter is set to the value of the ``fsid`` |
76 |
| - parameter from ``environments/ceph/configuration.yml``. |
77 |
| - |
78 |
| -* Versions not yet pinned in the manager environment of the configuration repository (Ansible collections, ``osism/cfg-generics``, ..) |
79 |
| - are now automatically pinned during synchronisation with ``gilt overlay``. This also applies to the |
80 |
| - ``osism update manager`` script. |
81 |
| - |
82 |
| -* The Docker version and the Docker CLI version can now also be managed via ``osism/cfg-generics``. |
83 |
| - It is recommended to pin the Docker version in ``environments/configuration.yml``. |
84 |
| - |
85 |
| - .. code-block:: yaml |
86 |
| -
|
87 |
| - docker_version: '5:24.0.9' |
88 |
| -
|
89 |
| -* The Kubernetes Cluster API image for the Kubernetes (K8s) 1.30 series is available. The images are now provided directly with |
90 |
| - ``osism manage image clusterapi``. This means that K8s Cluster API images are now available |
91 |
| - for K8s series 1.27, 1.28, 1.29 and 1.30. |
92 |
| - |
93 |
| -* All Ansible collections have been prepared for use with Ubuntu 24.04. It is currently not recommended to |
94 |
| - upgrade existing clusters to Ubuntu 24.04 or to install new clusters with Ubuntu 24.04. There will be a note |
95 |
| - in future release notes that announces the full support of Ubuntu 24.04. At the moment everything related to Ubuntu |
96 |
| - 24.04 is a technical preview. |
97 |
| - |
98 |
| -* A new role ``tempest`` has been added to the Ansible collection ``osism.validations``. This makes it possible |
99 |
| - to perform significantly more tests than with the previously used ``osism.validations.refstack`` role. The new |
100 |
| - role will be used in the testbed in future to significantly increase the number of tests performed in the CI. |
101 |
| - |
102 |
| -* New documentation for the `project manager <https://osism.tech/docs/guides/operations-guide/openstack/day2-operations/project-manager>`_ |
103 |
| - and the `simple stress <https://osism.tech/docs/guides/operations-guide/openstack/day2-operations/simple-stress>`_. |
104 |
| - |
105 |
| -* When using the reboot play, it is now possible to wait for the reboot to be completed (`osism/issues#758 <https://github.com/osism/issues/issues/758>`_). |
106 |
| - |
107 |
| - .. code-block:: console |
108 |
| -
|
109 |
| - osism apply reboot \ |
110 |
| - -e reboot_wait=yes \ |
111 |
| - -e ireallymeanit=yes |
112 |
| -
|
113 |
| -* Monitoring services are now activated by default for the internal Kubernetes cluster. |
114 |
| - |
115 |
| -* You can now use your own hook scripts in ``osism/cfg-cookiecutter``. These are placed in the directory |
116 |
| - ``{{cookiecutter.project_name}}/scripts.d/`` directory. The scripts are executed in alphabetical order. |
117 |
| - The scripts must be executable. |
118 |
| - |
119 |
| -* When using the single service plays for Ceph (``ceph-osds``, ``ceph-mons``, ..), no service restarts |
120 |
| - are executed for other services. This can be adjusted with the ``ceph_handler_*_restart`` parameters. |
121 |
| - The default value is ``false``. |
122 |
| - |
123 |
| - .. code-block:: yaml |
124 |
| -
|
125 |
| - ceph_handler_crash_restart |
126 |
| - ceph_handler_mdss_restart |
127 |
| - ceph_handler_mgrs_restart |
128 |
| - ceph_handler_mons_restart |
129 |
| - ceph_handler_osds_restart |
130 |
| - ceph_handler_rbdmirrors_restart |
131 |
| - ceph_handler_rgws_restart |
132 |
| -
|
133 |
| - The following example now makes it possible when adding new OSDs to really only start the OSDs that |
134 |
| - have been newly added and to avoid a restart of all OSDs in the cluster or on a node. |
135 |
| - |
136 |
| - .. code-block:: console |
137 |
| -
|
138 |
| - osism apply ceph-osds -e ceph_handler_osds_restart=False |
139 |
| -
|
140 |
| -* The restart of Ceph Services is now throttled. By default, only one Ceph service is restarted at a time. |
141 |
| - This can be adjusted with the ``ceph_handler_*_restart_throttle`` parameters. The default value is ``1``. |
142 |
| - |
143 |
| - .. code-block:: yaml |
144 |
| -
|
145 |
| - ceph_handler_crash_restart_throttle |
146 |
| - ceph_handler_mdss_restart_throttle |
147 |
| - ceph_handler_mgrs_restart_throttle |
148 |
| - ceph_handler_mons_restart_throttle |
149 |
| - ceph_handler_osds_restart_throttle |
150 |
| - ceph_handler_rbdmirrors_restart_throttle |
151 |
| - ceph_handler_rgws_restart_throttle |
152 |
| -
|
153 |
| -* OVN container images will be built without the ``-march=broadwell`` parameter in the future. The OVN |
154 |
| - images have not been updated with this release, this only serves as an announcement for the future. By |
155 |
| - removing the parameter, it is possible to use the OVN container images on older CPUs. It is planned to |
156 |
| - provide different variants of the OVN and OVS container images in the future to enable parameters for |
157 |
| - modern CPUs in order to improve performance in particular. |
158 |
| - |
159 |
| -* This has nothing to do with the release itself and is just a notice. The build of the OpenStack Zed images has been |
160 |
| - disabled. |
161 |
| - |
162 |
| -7.0.2 |
163 |
| -===== |
164 |
| - |
165 |
| -Release date: 17. April 2024 |
166 |
| - |
167 |
| -* The Ceph & OpenStack service images have not been rebuilt. No upgrades of Ceph & OpenStack and associated |
168 |
| - infrastructure services such as MariaDB or RabbitMQ are required. |
169 |
| - |
170 |
| -* Properties for device type vrfs are now supported in the osism.commons.network role. |
171 |
| - |
172 |
| -* Debian support in osism.commons & osism.services Ansible collection. |
173 |
| - |
174 |
| - * The roles of the osism.commons collection are now usable with Debian. The roles have been tested with Debian Bookworm. |
175 |
| - * The roles of the osism.services collection are now usable with Debian. The roles have been tested with Debian Bookworm. |
176 |
| - |
177 |
| -* If the OSISM CLI is executed as root user there is now an informal warning message. |
178 |
| - |
179 |
| -* Use a single network for ceph frontend & backend in the cookiecutter (https://docs.ceph.com/en/latest/rados/configuration/network-config-ref/#network-configuration-reference |
180 |
| - for details). |
181 |
| - |
182 |
| -* When synchronising the configuration repository, it is now ensured that you are on the correct branch. |
183 |
| - |
184 |
| -* Senlin images available again as rolling tag for OpenStack 2023.2. |
185 |
| - |
186 |
| -* Zun images available again as rolling tag for OpenStack 2023.2 & 2024.1. |
187 |
| - |
188 |
| -* New FRR configuration template for loadbalancers with an external uplink in the osism.services.frr role. |
189 |
| - |
190 |
| -* ``scs:name-v1`` and ``scs:name-v2`` extra specs are now set via the OpenStack flavor manager. |
191 |
| - |
192 |
| -* Task ID is now displayed in the output of the OSISM CLI for prepared tasks. |
193 |
| - |
194 |
| -* New Makefile target in the OSISM Testbed to fetch the Wireguard configuration file: ``vpn-wireguard-config``. |
195 |
| - |
196 |
| -* With the play ``noop`` it is now possible to run a play with noop. This is useful for testing purposes of the manager service. |
197 |
| - |
198 |
| -* The stable repository is now used as the default for the Netdata service in the osism.services.netdata role. This avoids |
199 |
| - package conflicts in future. |
200 |
| - |
201 |
| -7.0.1 |
202 |
| -===== |
203 |
| - |
204 |
| -Release date: 27. March 2024 |
205 |
| - |
206 |
| -* It's now possible to also use custom plays in the ``kolla`` and in the ``ceph`` environments. |
207 |
| - As for the other environments, custom plays can now be stored there in a e.g. ``playbook-hello-world.yml`` |
208 |
| - file and run by using e.g. ``osism apply -e kolla hello-world``. |
209 |
| - |
210 |
| -* The version of k3s has been updated to ``1.29.2``. If Kubernetes is used, upgrade with |
211 |
| - ``osism apply kubernetes``. |
212 |
| - |
213 |
| -* There is a new parameter ``ceph_custom_keys`` in the ``copy-ceph-keys`` play. This makes |
214 |
| - it possible to copy the keys from custom Ceph pools. |
215 |
| - |
216 |
| - .. code-block:: yaml |
217 |
| -
|
218 |
| - ceph_custom_keys: |
219 |
| - - src: ceph.client.manila1.keyring |
220 |
| - dest: "{{ configuration_directory }}/environments/kolla/files/overlays/manila/ceph.client.manila1.keyring" |
221 |
| -
|
222 |
| -* There is a new parameter ``with_keycloak`` in the cookiecutter. This can now be used to |
223 |
| - select whether the keycloak integration should be prepared or not. |
224 |
| - |
225 |
| -* An error in the ``ceph-pools`` play has been fixed that prevented the keys from being |
226 |
| - created for the pools. |
227 |
| - |
228 |
| -* The ``ceph-iscsigws`` play has been removed. The iSCSI gateway is in maintenance as of |
229 |
| - November 2022. This means that it is no longer in active development and will not be |
230 |
| - updated to add new features. |
231 |
| - |
232 |
| -* With ``ceph_serial`` it is now possible to define how many hosts Ansible should manage at a single time |
233 |
| - in the Ceph plays. |
234 |
| - |
235 |
| - .. code-block:: none |
236 |
| -
|
237 |
| - osism apply ceph-mgrs -e ceph_serial=1 |
238 |
| -
|
239 |
| -* With ``ANSIBLE_VERSION`` it's now possible to overwrite the use Ansible version when working with the ``run.sh`` |
240 |
| - script inside the manager environment. |
241 |
| - |
242 |
| -* The ``osism.commons.known_hosts`` role has been completely revised. |
243 |
| - |
244 |
| - * avoid duplicate entries in the destination file |
245 |
| - * avoid comments in the destination file |
246 |
| - * make use of static entries possible |
247 |
| - |
248 |
| - It's now possible to add a ``known_hosts`` parameter to the host_vars to |
249 |
| - set static known hosts entries for a specific host. When this parameter |
250 |
| - is set ``ssh-keygen`` will not be used to generate the known hosts entries |
251 |
| - on the fly. |
252 |
| - |
253 |
| - .. code-block:: yaml |
254 |
| -
|
255 |
| - known_hosts: |
256 |
| - - ssh-rsa AAAAB3NzaC1y... |
257 |
| - - ecdsa-sha2-nistp256 AAAAE2VjZHN... |
258 |
| - - ssh-ed25519 AAAAC3NzaC1... |
259 |
| -
|
260 |
| - * make use of extra entries possible |
261 |
| - |
262 |
| - It's now possible to add a ``known_hosts_extra`` parameter to the configuration |
263 |
| - repository to set extra known hosts entries. |
264 |
| - |
265 |
| - .. code-block:: yaml |
266 |
| -
|
267 |
| - known_hosts_extra: |
268 |
| - - testbed-node-1.testbed.osism.xyz ssh-rsa AAAAB3Nza... |
269 |
| - - testbed-node-2.testbed.osism.xyz ssh-rsa AAAAB3Nza... |
270 |
| -
|
271 |
| - * The Octavia images have been updated. If Octavia is used, an upgrade must be done |
272 |
| - with ``osism apply -a upgrade octavia``. We addressed the following issues. |
273 |
| - |
274 |
| - * Backport of https://review.opendev.org/c/openstack/octavia/+/896995 to fix errors |
275 |
| - when deleting LB with broken amphorae. |
276 |
| - |
277 |
| - * Bugfix for https://github.com/osism/issues/issues/890 (octavia (ovn) does |
278 |
| - not find existing subnet) by enabling the use of the custom CA for octavia |
279 |
| - user session queries with the following PR: |
280 |
| - https://github.com/osism/container-images-kolla/pull/412 |
281 |
| - |
282 |
| -7.0.0 |
283 |
| -===== |
284 |
| - |
285 |
| -Release date: 20. March 2024 |
286 |
| - |
287 |
| -General notes |
288 |
| -------------- |
289 |
| - |
290 |
| -* Shortly before the release, `gilt <https://github.com/retr0h/gilt>`_ |
291 |
| - made a major release which led to breaking changes. It is therefore important |
292 |
| - for the moment to install ``python-gilt < 2`` when synchronising the |
293 |
| - configuration repository against the generics. In the CI and within the container |
294 |
| - images, we currently use ``python-gilt == 1.2.3``. This is also the version that's |
295 |
| - currently installed in the container images and that's set in the ``requirements.txt``. |
296 |
| - |
297 |
| -Deprecations |
298 |
| ------------- |
299 |
| - |
300 |
| -* The role for deploying the Tang service (``osism.services.tang``) is deprecated in preparation for removal |
301 |
| - as it is currently not in a usable state. An attempt will be made to make the role usable until the next |
302 |
| - release. The same applies to Clevis integration via the ``osism.commons.clevis`` role. |
303 |
| - |
304 |
| -Removals |
305 |
| --------- |
306 |
| - |
307 |
| -* The role for deploying the OpenLDAP service (``osism.services.openldap``) has been removed. |
308 |
| - |
309 |
| -* The manager plays to control the Vault service (``seal``, ``unseal``, ..) have been removed as these tasks will |
310 |
| - be realized directly via the OSISM CLI (``osism set vault password``, ..) in the future. |
311 |
| - |
312 |
| -* The role for deploying the Bird service (``osism.services.bird``) has been removed. |
313 |
| - |
314 |
| -New features |
315 |
| ------------- |
316 |
| - |
317 |
| -* With the ``osism manage image octavia`` command it is possible to rotate the Octavia Amphora image, |
318 |
| - which is rebuilt daily. Older images are deactivated. The old images must be removed manually after |
319 |
| - rotating the amphorae instances. |
320 |
| - |
321 |
| -* With the ``osism manage image clusterapi`` command it is possible to import all currently stable Cluster |
322 |
| - API images (v1.27, v1.28, and v1.29). As soon as new minor or major versions are available, these are also |
323 |
| - imported. Old and no longer used versions must currently be removed manually. |
324 |
| - |
325 |
| -* The persistence feature in Octavia can enabled with the new ``enable_octavia_jobboard`` parameter. |
326 |
| - The jobboard in Octavia is an `experimental feature <https://docs.openstack.org/octavia/latest/install/install-amphorav2.html>`_. |
327 |
| - It is not recommended to use it in production. |
328 |
| - |
329 |
| - .. code-block:: yaml |
330 |
| -
|
331 |
| - enable_octavia_jobboard: "yes" |
332 |
| -
|
333 |
| - This requires an additional database, which is only created when Octavia play is run in bootstrap mode |
334 |
| - first. |
335 |
| - |
336 |
| - .. code-block:: none |
337 |
| -
|
338 |
| - osism apply -a bootstrap octavia |
339 |
| -
|
340 |
| - The secret ``octavia_persistence_database_password`` (see above) must be added to |
341 |
| - ``environments/kolla/secrets.yml`` before. |
342 |
| - |
343 |
| -* In preparation for the migration to Rook, the Rook operator is deployable on the internal Kubernetes |
344 |
| - cluster with ``osism apply rook``. The Rook operator is not yet used for the Ceph deployment. For the deployment |
345 |
| - of Ceph we still use the ceph-ansible project. For the next release a tool called ``rookify`` is planned to |
346 |
| - migrate the Ceph deployment from ceph-ansible to Rook. |
347 |
| - |
348 |
| -* The roles of the osism.commons collection are now usable with CentOS 9. The roles have been tested with |
349 |
| - CentOS 9. |
350 |
| - |
351 |
| -* The roles of the osism.services collection are now usable with CentOS 9. The roles have been tested with |
352 |
| - CentOS 9. |
353 |
| - |
354 |
| -* With the openstack-resource-manager it is now possible to clean up orphaned amphora instances of Octavia |
355 |
| - or volumes that are stuck in the DELETING state. |
356 |
| - |
357 |
| -* Kubernetes can now be deployed with k3s-ansible on the management plane and the control plane. |
358 |
| - |
359 |
| -* It is now possible to manage the Ceph pools independently of ceph-osds Play using ceph-pools. |
360 |
| - |
361 |
| -Upgrade notes |
362 |
| -------------- |
363 |
| - |
364 |
| -* The switch from classic queue mirroring and durable queues to quorum queues |
365 |
| - in RabbitMQ has not yet been tested and documented. This is planned for the |
366 |
| - next release. The switch is not yet recommended. |
367 |
| - |
368 |
| -* The ``hosts_interface`` parameter is now set to ``internal_interface`` by default. |
369 |
| - |
370 |
| -* The Keycloak deployment via Docker Compose, which was previously included |
371 |
| - as a technical preview, has been completely revised and is now deployed on |
372 |
| - Kubernetes. No migration from the old deployment via Docker Compose to the |
373 |
| - new deployment via Kubernetes has been prepared. If you are currently using |
374 |
| - the Keycloak service, do not upgrade the Keycloak service and contact us in |
375 |
| - advance. |
376 |
| - |
377 |
| -* The Keystone role ``service`` is required by a number of OpenStack services. The |
378 |
| - role has been created automatically with new deployments for some time now. It is |
379 |
| - possible that this role is not yet available on older deployments and must be created |
380 |
| - once in preparation for the upgrade. You can check whether the role is available in |
381 |
| - the output of ``openstack --os-cloud admin role list``. If it does not exist, it can |
382 |
| - be created with ``openstack --os-cloud admin role create service``. |
383 |
| - |
384 |
| - This ``service`` role is required by the service accounts for authentication after the |
385 |
| - upgrade of the OpenStack services. To avoid problems during the upgrade, it is important |
386 |
| - to assign this role to all existing service accounts in advance. |
387 |
| - |
388 |
| - .. code-block:: none |
389 |
| -
|
390 |
| - # List all users in the project service with the admin role. The existing service |
391 |
| - # accounts depend on the deployed services and may vary. |
392 |
| - $ openstack --os-cloud admin role assignment list --names --role admin --project service |
393 |
| - +-------+--------------------------+-------+-----------------+--------+--------+-----------+ |
394 |
| - | Role | User | Group | Project | Domain | System | Inherited | |
395 |
| - +-------+--------------------------+-------+-----------------+--------+--------+-----------+ |
396 |
| - | admin | ironic@Default | | service@Default | | | False | |
397 |
| - | admin | neutron@Default | | service@Default | | | False | |
398 |
| - | admin | gnocchi@Default | | service@Default | | | False | |
399 |
| - | admin | swift@Default | | service@Default | | | False | |
400 |
| - | admin | nova@Default | | service@Default | | | False | |
401 |
| - | admin | placement@Default | | service@Default | | | False | |
402 |
| - | admin | cinder@Default | | service@Default | | | False | |
403 |
| - | admin | glance@Default | | service@Default | | | False | |
404 |
| - | admin | designate@Default | | service@Default | | | False | |
405 |
| - | admin | octavia@Default | | service@Default | | | False | |
406 |
| - | admin | skyline@Default | | service@Default | | | False | |
407 |
| - | admin | ironic-inspector@Default | | service@Default | | | False | |
408 |
| - | admin | ceilometer@Default | | service@Default | | | False | |
409 |
| - +-------+--------------------------+-------+-----------------+--------+--------+-----------+ |
410 |
| -
|
411 |
| - # Assign the service role to all users in the project service (repeat this step for every |
412 |
| - # user in the list. |
413 |
| - $ openstack --os-cloud admin role add --user ironic --project service service |
414 |
| - [...] |
415 |
| -
|
416 |
| -* The use of ProxySQL for MariaDB is now possible and it is possible to switch |
417 |
| - to it as part of the upgrade. It is not mandatory and there is no recommendation. |
418 |
| - The parameter ``enable_proxysql`` is added to ``environments/kolla/configuration.yml`` |
419 |
| - for this purpose. |
420 |
| - |
421 |
| - .. code-block:: yaml |
422 |
| -
|
423 |
| - enable_proxysql: yes |
424 |
| -
|
425 |
| - The secrets listed below (``proxysql_admin_password``, ``proxysql_stats_password``, |
426 |
| - ``mariadb_monitor_password``) must also be added or changed. |
427 |
| - |
428 |
| - When migrating to ProxySQL, it is important to upgrade MariaDB first. |
429 |
| - |
430 |
| - When migrating to ProxySQL, it is important to perform the loadbalancer upgrade |
431 |
| - before all OpenStack service upgrades. To make sure that the OpenStack services |
432 |
| - continue to work after the upgrade when ProxySQL is enabled as part of the upgrade, |
433 |
| - the ProxySQL service must have been deployed first. The ProxySQL service is deployed |
434 |
| - with the loadbalancer play. |
435 |
| - |
436 |
| - It is possible that connectivity with the database may be interrupted for a short time |
437 |
| - during the migration. It is therefore recommended to carry out extensive tests on the |
438 |
| - staging environment in advance. |
439 |
| - |
440 |
| -* The following secrets must be added in ``environments/kolla/secrets.yml``: |
441 |
| - |
442 |
| - .. code-block:: yaml |
443 |
| -
|
444 |
| - octavia_persistence_database_password: # generate with: pwgen 32 1 |
445 |
| - prometheus_bcrypt_salt: # generate with: pwgen 22 1 <-- there's a 22 |
446 |
| - prometheus_grafana_password: # generate with: pwgen 32 1 |
447 |
| - prometheus_password: # generate with: pwgen 32 1 |
448 |
| - proxysql_admin_password: # generate with: pwgen 32 1 |
449 |
| - proxysql_stats_password: # generate with: pwgen 32 1 |
450 |
| -
|
451 |
| -* The parameter ``mariadb_monitoring_password`` in ``environments/kolla/secrets.yml`` |
452 |
| - has to be renamed to ``mariadb_monitor_password``. If the parameter is not present, |
453 |
| - it is added. |
454 |
| - |
455 |
| - .. code-block:: yaml |
456 |
| -
|
457 |
| - mariadb_monitor_password: # generate with: pwgen 32 1 |
458 |
| -
|
459 |
| -* The following parameters must be removed from the configuration repository from |
460 |
| - ``environments/kolla/configuration.yml``: |
461 |
| - |
462 |
| - .. code-block:: yaml |
463 |
| -
|
464 |
| - ceph_nova_user: nova |
465 |
| - ceph_nova_keyring: ceph.client.nova.keyring |
466 |
| -
|
467 |
| -* Parameters for the Netbox service in ``environments/infrastructure/configuration.yml`` or |
468 |
| - ``secrets.yml`` must now also be added in ``environments/manager/configuration.yml`` or |
469 |
| - ``secrets.yml``. In an upcoming release, the parameters can be removed from the |
470 |
| - infrastructure environment. |
471 |
| - |
472 |
| -* The Ansible callback plugin ``osism.commons.still_alive`` is now available to avoid timeouts |
473 |
| - for long-running tasks. This currently has to be explicitly enabled in the Ansible configuration. |
474 |
| - This is done in the ``environments/ansible.cfg`` file in the configuration repository. |
475 |
| - The callback plugin is enabled by default in the future. After this change has been made, the |
476 |
| - update of the manager must be performed. A manager with a version before OSISM 7.0.0 cannot be |
477 |
| - longer used if this plugin is set in ``environments/ansible.cfg``. |
478 |
| - |
479 |
| - .. code-block:: ini |
480 |
| -
|
481 |
| - [defaults] |
482 |
| - ... |
483 |
| - stdout_callback = osism.commons.still_alive |
484 |
| -
|
485 |
| -* In the inventory, the ``nova_backend`` parameter must be added to the host vars of |
486 |
| - compute nodes where local storage is used. |
487 |
| - |
488 |
| - .. code-block:: yaml |
489 |
| -
|
490 |
| - nova_backend: default |
491 |
| -
|
492 |
| -* The SSL certificate file ``haproxy.pem`` is now available in a different location in the |
493 |
| - ``haproxy`` container. Previously it was stored under ``/etc/haproxy/haproxy.pem``. From |
494 |
| - now on it is stored under ``/etc/haproxy/certificates/haproxy.pem``. If you have customised |
495 |
| - the configuration for the haproxy service or use overlays for this, adjust the locations of |
496 |
| - the SSL certificate as required. |
497 |
| - |
498 |
| -* Due to the upgrade from Fluentd to version 5, some directory names within the container |
499 |
| - image for Fluentd have changed. If you have worked with overlay files in the Fluentd service, |
500 |
| - check these in advance. Currently we know that ``/var/run/td-agent`` is now available as |
501 |
| - ``/var/run/fluentd`` (check `GitHub issue #864 <https://github.com/osism/issues/issues/864>`_ |
502 |
| - for details). We assume that other directory names have changed similarly. |
503 |
| - |
504 |
| -* If a Keystone domain with LDAP backend is used, it is important to add the ``tls_cacertfile`` |
505 |
| - parameter in the ``[ldap]`` section of the corresponding domain configuration. |
506 |
| - |
507 |
| - .. code-block:: ini |
508 |
| -
|
509 |
| - [ldap] |
510 |
| - ... |
511 |
| - tls_cacertfile = /etc/ssl/certs/ca-certificates.crt |
512 |
| -
|
513 |
| -Known issues |
514 |
| ------------- |
515 |
| - |
516 |
| -* If error ``Couldn't fetch the key client.bootstrap-rbd at /var/lib/ceph/bootstrap-rbd/."`` |
517 |
| - occurs when updating Ceph in task ``create potentially missing keys (rbd and rbd-mirror)``, |
518 |
| - create directory ``/var/lib/ceph/bootstrap-rbd/`` on the 1st control node used for Ceph. |
519 |
| - Use the UID ``64045`` and the GID ``64045``. Set ``0755`` as permissions. |
520 |
| - |
521 |
| -* There are currently problems when using a custom CA in combination with Octavia. A bugfix |
522 |
| - for this will be made available with OSISM 7.0.1 (`osism/issues#890 <https://github.com/osism/issues/issues/890>`_). |
523 |
| - |
524 |
| - There is another problem when using Octavia in combination with OVN which leads to a leakage |
525 |
| - of ports when deleting load balancers (`osism/issues#921 <https://github.com/osism/issues/issues/921>`_). |
526 |
| - A bugfix for this is also expected to be available with OSISM 7.0.1. |
527 |
| - |
528 |
| -* The manager service is updated via ``osism update manager``. If this command is not yet |
529 |
| - available, you can use ``osism-update-manager`` as an alternative. |
530 |
| - |
531 |
| - .. code-block:: none |
532 |
| -
|
533 |
| - osism: 'update manager' is not an osism command. See 'osism --help'. |
534 |
| -
|
535 |
| -* With some upgrades we noticed that in certain constellations there were problems with the |
536 |
| - OpenStack Octavia service, which could be prevented if the parameter ``valid_interfaces`` was added |
537 |
| - to the ``environments/kolla/files/overlays/octavia.conf`` file ([osism/issues#1021](https://github.com/osism/issues/issues/1021)). |
538 |
| - |
539 |
| - .. code-block:: ini |
540 |
| -
|
541 |
| - [certificates] |
542 |
| - valid_interfaces = internal |
543 |
| -
|
544 |
| - [keystone_authtoken] |
545 |
| - valid_interfaces = internal |
546 |
| -
|
547 |
| - [glance] |
548 |
| - valid_interfaces = internal |
549 |
| -
|
550 |
| - [neutron] |
551 |
| - valid_interfaces = internal |
552 |
| -
|
553 |
| - [nova] |
554 |
| - valid_interfaces = internal |
555 |
| -
|
556 |
| -Other |
557 |
| ------ |
558 |
| - |
559 |
| -* Refstack 2022.11 results |
560 |
| - |
561 |
| - .. code-block:: none |
562 |
| -
|
563 |
| - ====== |
564 |
| - Totals |
565 |
| - ====== |
566 |
| - Ran: 356 tests in 1221.9879 sec. |
567 |
| - - Passed: 353 |
568 |
| - - Skipped: 3 |
569 |
| - - Expected Fail: 0 |
570 |
| - - Unexpected Success: 0 |
571 |
| - - Failed: 0 |
572 |
| - Sum of execute time for each test: 715.6658 sec. |
573 |
| -
|
574 |
| -References |
575 |
| ----------- |
576 |
| - |
577 |
| -OpenStack 2023.2 press announcement: https://www.openstack.org/software/openstack-bobcat |
578 |
| - |
579 |
| -OpenStack 2023.2 release notes: https://releases.openstack.org/bobcat/index.html |
580 |
| - |
581 |
| -Release notes for each OpenStack service: |
582 |
| - |
583 |
| -* Barbican: https://docs.openstack.org/releasenotes/barbican/2023.2.html |
584 |
| -* Ceilometer: https://docs.openstack.org/releasenotes/ceilometer/2023.2.html |
585 |
| -* Cinder: https://docs.openstack.org/releasenotes/cinder/2023.2.html |
586 |
| -* Designate: https://docs.openstack.org/releasenotes/designate/2023.2.html |
587 |
| -* Glance: https://docs.openstack.org/releasenotes/glance/2023.2.html |
588 |
| -* Heat: https://docs.openstack.org/releasenotes/heat/2023.2.html |
589 |
| -* Horizon: https://docs.openstack.org/releasenotes/horizon/2023.2.html |
590 |
| -* Ironic: https://docs.openstack.org/releasenotes/ironic/2023.2.html |
591 |
| -* Keystone: https://docs.openstack.org/releasenotes/keystone/2023.2.html |
592 |
| -* Manila: https://docs.openstack.org/releasenotes/manila/2023.2.html |
593 |
| -* Neutron: https://docs.openstack.org/releasenotes/neutron/2023.2.html |
594 |
| -* Nova: https://docs.openstack.org/releasenotes/nova/2023.2.html |
595 |
| -* Octavia: https://docs.openstack.org/releasenotes/octavia/2023.2.html |
596 |
| -* Placement: https://docs.openstack.org/releasenotes/placement/2023.2.html |
597 |
| -* Skyline: https://docs.openstack.org/releasenotes/skyline-apiserver/2023.2.html, https://docs.openstack.org/releasenotes/skyline-console/2023.2.html |
| 7 | + The release notes have been migrated. OSISM release notes are now only |
| 8 | + available here: https://osism.tech/docs/release-notes/osism-7. The release |
| 9 | + notes for OSISM 7 have been migrated and the previous content has been |
| 10 | + removed here. |
0 commit comments