Skip to content
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.

Commit a71dd6b

Browse files
authoredMay 22, 2024
Archive release notes (#1392)
Signed-off-by: Christian Berendt <berendt@osism.tech>
1 parent 4f8e401 commit a71dd6b

File tree

3 files changed

+23
-594
lines changed

3 files changed

+23
-594
lines changed
 

‎doc/source/conf.py

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@
22
source_suffix = ".rst"
33
master_doc = "index"
44
project = "OSISM"
5-
copyright = "2022-2023, OSISM GmbH"
5+
copyright = "2022-2024, OSISM GmbH"
66
author = "OSISM GmbH"
77
version = ""
88
release = ""
@@ -24,7 +24,7 @@
2424
}
2525
html_context = {}
2626
html_logo = "images/logo.png"
27-
html_title = "OSISM Release Notes"
27+
html_title = "Archived OSISM Release Notes"
2828
html_sidebars = {
2929
"**": ["logo-text.html", "globaltoc.html", "localtoc.html", "searchbox.html"]
3030
}

‎doc/source/index.rst

Lines changed: 17 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,11 +2,20 @@
22
OSISM releases
33
==============
44

5-
The latest available stable release is 7.0.4.
5+
.. warning::
6+
7+
This page is archived.
68

79
Release notes
810
=============
911

12+
.. warning::
13+
14+
The release notes have been migrated. OSISM release notes are now only
15+
available here: https://osism.tech/docs/release-notes. The content on
16+
this page remains as it is. The list of available releases is probably
17+
no longer up to date.
18+
1019
.. toctree::
1120
:maxdepth: 1
1221

@@ -27,6 +36,13 @@ Release notes
2736
Release Series
2837
==============
2938

39+
.. warning::
40+
41+
The release notes have been migrated. OSISM release notes are now only
42+
available here: https://osism.tech/docs/release-notes. Please visit this
43+
page to get information about the latest available OSISM release. This
44+
table is probably no longer up to date.
45+
3046
+--------------+-----------------------+----------------------------+-----------------------+--------------+
3147
| Series | Status | Initial Release Date | Next Phase | EOL Date |
3248
+==============+=======================+============================+=======================+==============+

‎doc/source/notes/7.rst

Lines changed: 4 additions & 591 deletions
Original file line numberDiff line numberDiff line change
@@ -2,596 +2,9 @@
22
OSISM 7
33
=======
44

5-
Instructions for the upgrade can be found in the `upgrade guide <https://osism.github.io/docs/guides/upgrade-guide/manager>`_.
6-
7-
The release notes build on each other. When upgrading from 6.0.2 to 7.0.4, you should
8-
therefore not only read and take into account the release notes for 7.0.4 but also the
9-
previous release notes. The same applies to an update from, for example, 7.0.2 to 7.0.4.
10-
The release notes for 7.0.3 must then also be taken into account.
11-
125
.. warning::
136

14-
7.0.0a, 7.0.0b, 7.0.0c, 7.0.0d are pre-releases. Do not use these releases.
15-
16-
7.0.4
17-
=====
18-
19-
Release date: 7. May 2024
20-
21-
Due to an error in the ``osism/sbom`` repository, the Nova and Octavia images were not updated as
22-
originally stated in the release notes for OSISM 7.0.3. Therefore it was unfortunately necessary
23-
to release a 7.0.4 which contains the correct SBOM. In 7.0.4 nothing has changed except the SBOM.
24-
The correct images for Nova and Octavia are now included in 7.0.4 and the bugs listed below have
25-
been fixed. An update of the Manager Service must be done and then, if required, an update of Nova
26-
and Octavia can be updated as originally planned for OSISM 7.0.3. We apologise for the mistake and
27-
the resulting effort.
28-
29-
* The OpenStack service images for Octavia and Nova have been rebuilt. Upgrades of the Octavia
30-
and Nova services are recommended. No upgrades of other OpenStack and associated
31-
infrastructure services such as MariaDB or RabbitMQ are required.
32-
33-
* The Nova images have been rebuilt to add packages to be able to use vTMP (`osism/issues#1008 <https://github.com/osism/issues/issues/1008>`_)
34-
If this is not relevant, the upgrade can be skipped.
35-
36-
* The octavia images have been rebuilt to resolve an issue when creating a LB + a listener
37-
with an allowed_cidr with the fully-populated API (`osism/issues#980 <https://github.com/osism/issues/issues/980>`_)
38-
39-
* When upgrading the Nova and Octavia API services, there is a short downtime of the APIs.
40-
This downtime is usually less than 1 minute.
41-
42-
7.0.3
43-
=====
44-
45-
Release date: 3. May 2024
46-
47-
* The Ceph service images have not been rebuilt. No upgrade of Ceph is required.
48-
49-
* The OpenStack service images have not been rebuilt. No upgrade of OpenStack is required.
50-
51-
* During the preparation of the upgrades of the regions of the PCO a bug (`osism/issues#973 <https://github.com/osism/issues/issues/973>`_)
52-
has been noticed which leads to a delay of up to 2 minutes between the necessary container stops and starts.
53-
This is due to a bug in the service units of all Kolla services. The bug is fixed in the current release.
54-
To avoid the delay during an upgrade, a fix must be applied in advance for all service units from
55-
Kolla.
56-
57-
.. code-block:: console
58-
59-
osism apply fix-gh973
60-
61-
* The ``openstack_cacert`` parameter used by Kolla is now set to ``"/etc/ssl/certs/ca-certificates.crt"``
62-
by default. The previous default was ``""``. If this is not wanted, the parameter must be overwritten in
63-
``environments/kolla/configuration.yml``.
64-
65-
* The ``ironic_agent_files_directory`` parameter used by Kolla is now set to ``/share/ironic`` by default.
66-
The previous default was ``"{{ node_custom_config }}"``. If this is not wanted, the parameter must be overwritten
67-
in ``environments/kolla/configuration.yml``. This is in preparation for the Ironic IPA images no longer being
68-
stored in the configuration repository but within the manager service at runtime.
69-
70-
* The Ironic IPA images are now downloaded from ironic play by default. If this is not wanted,
71-
``enable_ironic_agent_download_images: false`` must be set in ``environments/kolla/configuration.yml``.
72-
The Ironic IPA images can now also be downloaded independently of the ironic play with ``osism apply ironic-download-ipa-images``.
73-
74-
* The ``ceph_cluster_fsid`` parameter is now generated automatically. It can be removed from ``environments/configuration.yml``.
75-
The automatically generated ``ceph_clusterfs_fsid`` parameter is set to the value of the ``fsid``
76-
parameter from ``environments/ceph/configuration.yml``.
77-
78-
* Versions not yet pinned in the manager environment of the configuration repository (Ansible collections, ``osism/cfg-generics``, ..)
79-
are now automatically pinned during synchronisation with ``gilt overlay``. This also applies to the
80-
``osism update manager`` script.
81-
82-
* The Docker version and the Docker CLI version can now also be managed via ``osism/cfg-generics``.
83-
It is recommended to pin the Docker version in ``environments/configuration.yml``.
84-
85-
.. code-block:: yaml
86-
87-
docker_version: '5:24.0.9'
88-
89-
* The Kubernetes Cluster API image for the Kubernetes (K8s) 1.30 series is available. The images are now provided directly with
90-
``osism manage image clusterapi``. This means that K8s Cluster API images are now available
91-
for K8s series 1.27, 1.28, 1.29 and 1.30.
92-
93-
* All Ansible collections have been prepared for use with Ubuntu 24.04. It is currently not recommended to
94-
upgrade existing clusters to Ubuntu 24.04 or to install new clusters with Ubuntu 24.04. There will be a note
95-
in future release notes that announces the full support of Ubuntu 24.04. At the moment everything related to Ubuntu
96-
24.04 is a technical preview.
97-
98-
* A new role ``tempest`` has been added to the Ansible collection ``osism.validations``. This makes it possible
99-
to perform significantly more tests than with the previously used ``osism.validations.refstack`` role. The new
100-
role will be used in the testbed in future to significantly increase the number of tests performed in the CI.
101-
102-
* New documentation for the `project manager <https://osism.tech/docs/guides/operations-guide/openstack/day2-operations/project-manager>`_
103-
and the `simple stress <https://osism.tech/docs/guides/operations-guide/openstack/day2-operations/simple-stress>`_.
104-
105-
* When using the reboot play, it is now possible to wait for the reboot to be completed (`osism/issues#758 <https://github.com/osism/issues/issues/758>`_).
106-
107-
.. code-block:: console
108-
109-
osism apply reboot \
110-
-e reboot_wait=yes \
111-
-e ireallymeanit=yes
112-
113-
* Monitoring services are now activated by default for the internal Kubernetes cluster.
114-
115-
* You can now use your own hook scripts in ``osism/cfg-cookiecutter``. These are placed in the directory
116-
``{{cookiecutter.project_name}}/scripts.d/`` directory. The scripts are executed in alphabetical order.
117-
The scripts must be executable.
118-
119-
* When using the single service plays for Ceph (``ceph-osds``, ``ceph-mons``, ..), no service restarts
120-
are executed for other services. This can be adjusted with the ``ceph_handler_*_restart`` parameters.
121-
The default value is ``false``.
122-
123-
.. code-block:: yaml
124-
125-
ceph_handler_crash_restart
126-
ceph_handler_mdss_restart
127-
ceph_handler_mgrs_restart
128-
ceph_handler_mons_restart
129-
ceph_handler_osds_restart
130-
ceph_handler_rbdmirrors_restart
131-
ceph_handler_rgws_restart
132-
133-
The following example now makes it possible when adding new OSDs to really only start the OSDs that
134-
have been newly added and to avoid a restart of all OSDs in the cluster or on a node.
135-
136-
.. code-block:: console
137-
138-
osism apply ceph-osds -e ceph_handler_osds_restart=False
139-
140-
* The restart of Ceph Services is now throttled. By default, only one Ceph service is restarted at a time.
141-
This can be adjusted with the ``ceph_handler_*_restart_throttle`` parameters. The default value is ``1``.
142-
143-
.. code-block:: yaml
144-
145-
ceph_handler_crash_restart_throttle
146-
ceph_handler_mdss_restart_throttle
147-
ceph_handler_mgrs_restart_throttle
148-
ceph_handler_mons_restart_throttle
149-
ceph_handler_osds_restart_throttle
150-
ceph_handler_rbdmirrors_restart_throttle
151-
ceph_handler_rgws_restart_throttle
152-
153-
* OVN container images will be built without the ``-march=broadwell`` parameter in the future. The OVN
154-
images have not been updated with this release, this only serves as an announcement for the future. By
155-
removing the parameter, it is possible to use the OVN container images on older CPUs. It is planned to
156-
provide different variants of the OVN and OVS container images in the future to enable parameters for
157-
modern CPUs in order to improve performance in particular.
158-
159-
* This has nothing to do with the release itself and is just a notice. The build of the OpenStack Zed images has been
160-
disabled.
161-
162-
7.0.2
163-
=====
164-
165-
Release date: 17. April 2024
166-
167-
* The Ceph & OpenStack service images have not been rebuilt. No upgrades of Ceph & OpenStack and associated
168-
infrastructure services such as MariaDB or RabbitMQ are required.
169-
170-
* Properties for device type vrfs are now supported in the osism.commons.network role.
171-
172-
* Debian support in osism.commons & osism.services Ansible collection.
173-
174-
* The roles of the osism.commons collection are now usable with Debian. The roles have been tested with Debian Bookworm.
175-
* The roles of the osism.services collection are now usable with Debian. The roles have been tested with Debian Bookworm.
176-
177-
* If the OSISM CLI is executed as root user there is now an informal warning message.
178-
179-
* Use a single network for ceph frontend & backend in the cookiecutter (https://docs.ceph.com/en/latest/rados/configuration/network-config-ref/#network-configuration-reference
180-
for details).
181-
182-
* When synchronising the configuration repository, it is now ensured that you are on the correct branch.
183-
184-
* Senlin images available again as rolling tag for OpenStack 2023.2.
185-
186-
* Zun images available again as rolling tag for OpenStack 2023.2 & 2024.1.
187-
188-
* New FRR configuration template for loadbalancers with an external uplink in the osism.services.frr role.
189-
190-
* ``scs:name-v1`` and ``scs:name-v2`` extra specs are now set via the OpenStack flavor manager.
191-
192-
* Task ID is now displayed in the output of the OSISM CLI for prepared tasks.
193-
194-
* New Makefile target in the OSISM Testbed to fetch the Wireguard configuration file: ``vpn-wireguard-config``.
195-
196-
* With the play ``noop`` it is now possible to run a play with noop. This is useful for testing purposes of the manager service.
197-
198-
* The stable repository is now used as the default for the Netdata service in the osism.services.netdata role. This avoids
199-
package conflicts in future.
200-
201-
7.0.1
202-
=====
203-
204-
Release date: 27. March 2024
205-
206-
* It's now possible to also use custom plays in the ``kolla`` and in the ``ceph`` environments.
207-
As for the other environments, custom plays can now be stored there in a e.g. ``playbook-hello-world.yml``
208-
file and run by using e.g. ``osism apply -e kolla hello-world``.
209-
210-
* The version of k3s has been updated to ``1.29.2``. If Kubernetes is used, upgrade with
211-
``osism apply kubernetes``.
212-
213-
* There is a new parameter ``ceph_custom_keys`` in the ``copy-ceph-keys`` play. This makes
214-
it possible to copy the keys from custom Ceph pools.
215-
216-
.. code-block:: yaml
217-
218-
ceph_custom_keys:
219-
- src: ceph.client.manila1.keyring
220-
dest: "{{ configuration_directory }}/environments/kolla/files/overlays/manila/ceph.client.manila1.keyring"
221-
222-
* There is a new parameter ``with_keycloak`` in the cookiecutter. This can now be used to
223-
select whether the keycloak integration should be prepared or not.
224-
225-
* An error in the ``ceph-pools`` play has been fixed that prevented the keys from being
226-
created for the pools.
227-
228-
* The ``ceph-iscsigws`` play has been removed. The iSCSI gateway is in maintenance as of
229-
November 2022. This means that it is no longer in active development and will not be
230-
updated to add new features.
231-
232-
* With ``ceph_serial`` it is now possible to define how many hosts Ansible should manage at a single time
233-
in the Ceph plays.
234-
235-
.. code-block:: none
236-
237-
osism apply ceph-mgrs -e ceph_serial=1
238-
239-
* With ``ANSIBLE_VERSION`` it's now possible to overwrite the use Ansible version when working with the ``run.sh``
240-
script inside the manager environment.
241-
242-
* The ``osism.commons.known_hosts`` role has been completely revised.
243-
244-
* avoid duplicate entries in the destination file
245-
* avoid comments in the destination file
246-
* make use of static entries possible
247-
248-
It's now possible to add a ``known_hosts`` parameter to the host_vars to
249-
set static known hosts entries for a specific host. When this parameter
250-
is set ``ssh-keygen`` will not be used to generate the known hosts entries
251-
on the fly.
252-
253-
.. code-block:: yaml
254-
255-
known_hosts:
256-
- ssh-rsa AAAAB3NzaC1y...
257-
- ecdsa-sha2-nistp256 AAAAE2VjZHN...
258-
- ssh-ed25519 AAAAC3NzaC1...
259-
260-
* make use of extra entries possible
261-
262-
It's now possible to add a ``known_hosts_extra`` parameter to the configuration
263-
repository to set extra known hosts entries.
264-
265-
.. code-block:: yaml
266-
267-
known_hosts_extra:
268-
- testbed-node-1.testbed.osism.xyz ssh-rsa AAAAB3Nza...
269-
- testbed-node-2.testbed.osism.xyz ssh-rsa AAAAB3Nza...
270-
271-
* The Octavia images have been updated. If Octavia is used, an upgrade must be done
272-
with ``osism apply -a upgrade octavia``. We addressed the following issues.
273-
274-
* Backport of https://review.opendev.org/c/openstack/octavia/+/896995 to fix errors
275-
when deleting LB with broken amphorae.
276-
277-
* Bugfix for https://github.com/osism/issues/issues/890 (octavia (ovn) does
278-
not find existing subnet) by enabling the use of the custom CA for octavia
279-
user session queries with the following PR:
280-
https://github.com/osism/container-images-kolla/pull/412
281-
282-
7.0.0
283-
=====
284-
285-
Release date: 20. March 2024
286-
287-
General notes
288-
-------------
289-
290-
* Shortly before the release, `gilt <https://github.com/retr0h/gilt>`_
291-
made a major release which led to breaking changes. It is therefore important
292-
for the moment to install ``python-gilt < 2`` when synchronising the
293-
configuration repository against the generics. In the CI and within the container
294-
images, we currently use ``python-gilt == 1.2.3``. This is also the version that's
295-
currently installed in the container images and that's set in the ``requirements.txt``.
296-
297-
Deprecations
298-
------------
299-
300-
* The role for deploying the Tang service (``osism.services.tang``) is deprecated in preparation for removal
301-
as it is currently not in a usable state. An attempt will be made to make the role usable until the next
302-
release. The same applies to Clevis integration via the ``osism.commons.clevis`` role.
303-
304-
Removals
305-
--------
306-
307-
* The role for deploying the OpenLDAP service (``osism.services.openldap``) has been removed.
308-
309-
* The manager plays to control the Vault service (``seal``, ``unseal``, ..) have been removed as these tasks will
310-
be realized directly via the OSISM CLI (``osism set vault password``, ..) in the future.
311-
312-
* The role for deploying the Bird service (``osism.services.bird``) has been removed.
313-
314-
New features
315-
------------
316-
317-
* With the ``osism manage image octavia`` command it is possible to rotate the Octavia Amphora image,
318-
which is rebuilt daily. Older images are deactivated. The old images must be removed manually after
319-
rotating the amphorae instances.
320-
321-
* With the ``osism manage image clusterapi`` command it is possible to import all currently stable Cluster
322-
API images (v1.27, v1.28, and v1.29). As soon as new minor or major versions are available, these are also
323-
imported. Old and no longer used versions must currently be removed manually.
324-
325-
* The persistence feature in Octavia can enabled with the new ``enable_octavia_jobboard`` parameter.
326-
The jobboard in Octavia is an `experimental feature <https://docs.openstack.org/octavia/latest/install/install-amphorav2.html>`_.
327-
It is not recommended to use it in production.
328-
329-
.. code-block:: yaml
330-
331-
enable_octavia_jobboard: "yes"
332-
333-
This requires an additional database, which is only created when Octavia play is run in bootstrap mode
334-
first.
335-
336-
.. code-block:: none
337-
338-
osism apply -a bootstrap octavia
339-
340-
The secret ``octavia_persistence_database_password`` (see above) must be added to
341-
``environments/kolla/secrets.yml`` before.
342-
343-
* In preparation for the migration to Rook, the Rook operator is deployable on the internal Kubernetes
344-
cluster with ``osism apply rook``. The Rook operator is not yet used for the Ceph deployment. For the deployment
345-
of Ceph we still use the ceph-ansible project. For the next release a tool called ``rookify`` is planned to
346-
migrate the Ceph deployment from ceph-ansible to Rook.
347-
348-
* The roles of the osism.commons collection are now usable with CentOS 9. The roles have been tested with
349-
CentOS 9.
350-
351-
* The roles of the osism.services collection are now usable with CentOS 9. The roles have been tested with
352-
CentOS 9.
353-
354-
* With the openstack-resource-manager it is now possible to clean up orphaned amphora instances of Octavia
355-
or volumes that are stuck in the DELETING state.
356-
357-
* Kubernetes can now be deployed with k3s-ansible on the management plane and the control plane.
358-
359-
* It is now possible to manage the Ceph pools independently of ceph-osds Play using ceph-pools.
360-
361-
Upgrade notes
362-
-------------
363-
364-
* The switch from classic queue mirroring and durable queues to quorum queues
365-
in RabbitMQ has not yet been tested and documented. This is planned for the
366-
next release. The switch is not yet recommended.
367-
368-
* The ``hosts_interface`` parameter is now set to ``internal_interface`` by default.
369-
370-
* The Keycloak deployment via Docker Compose, which was previously included
371-
as a technical preview, has been completely revised and is now deployed on
372-
Kubernetes. No migration from the old deployment via Docker Compose to the
373-
new deployment via Kubernetes has been prepared. If you are currently using
374-
the Keycloak service, do not upgrade the Keycloak service and contact us in
375-
advance.
376-
377-
* The Keystone role ``service`` is required by a number of OpenStack services. The
378-
role has been created automatically with new deployments for some time now. It is
379-
possible that this role is not yet available on older deployments and must be created
380-
once in preparation for the upgrade. You can check whether the role is available in
381-
the output of ``openstack --os-cloud admin role list``. If it does not exist, it can
382-
be created with ``openstack --os-cloud admin role create service``.
383-
384-
This ``service`` role is required by the service accounts for authentication after the
385-
upgrade of the OpenStack services. To avoid problems during the upgrade, it is important
386-
to assign this role to all existing service accounts in advance.
387-
388-
.. code-block:: none
389-
390-
# List all users in the project service with the admin role. The existing service
391-
# accounts depend on the deployed services and may vary.
392-
$ openstack --os-cloud admin role assignment list --names --role admin --project service
393-
+-------+--------------------------+-------+-----------------+--------+--------+-----------+
394-
| Role | User | Group | Project | Domain | System | Inherited |
395-
+-------+--------------------------+-------+-----------------+--------+--------+-----------+
396-
| admin | ironic@Default | | service@Default | | | False |
397-
| admin | neutron@Default | | service@Default | | | False |
398-
| admin | gnocchi@Default | | service@Default | | | False |
399-
| admin | swift@Default | | service@Default | | | False |
400-
| admin | nova@Default | | service@Default | | | False |
401-
| admin | placement@Default | | service@Default | | | False |
402-
| admin | cinder@Default | | service@Default | | | False |
403-
| admin | glance@Default | | service@Default | | | False |
404-
| admin | designate@Default | | service@Default | | | False |
405-
| admin | octavia@Default | | service@Default | | | False |
406-
| admin | skyline@Default | | service@Default | | | False |
407-
| admin | ironic-inspector@Default | | service@Default | | | False |
408-
| admin | ceilometer@Default | | service@Default | | | False |
409-
+-------+--------------------------+-------+-----------------+--------+--------+-----------+
410-
411-
# Assign the service role to all users in the project service (repeat this step for every
412-
# user in the list.
413-
$ openstack --os-cloud admin role add --user ironic --project service service
414-
[...]
415-
416-
* The use of ProxySQL for MariaDB is now possible and it is possible to switch
417-
to it as part of the upgrade. It is not mandatory and there is no recommendation.
418-
The parameter ``enable_proxysql`` is added to ``environments/kolla/configuration.yml``
419-
for this purpose.
420-
421-
.. code-block:: yaml
422-
423-
enable_proxysql: yes
424-
425-
The secrets listed below (``proxysql_admin_password``, ``proxysql_stats_password``,
426-
``mariadb_monitor_password``) must also be added or changed.
427-
428-
When migrating to ProxySQL, it is important to upgrade MariaDB first.
429-
430-
When migrating to ProxySQL, it is important to perform the loadbalancer upgrade
431-
before all OpenStack service upgrades. To make sure that the OpenStack services
432-
continue to work after the upgrade when ProxySQL is enabled as part of the upgrade,
433-
the ProxySQL service must have been deployed first. The ProxySQL service is deployed
434-
with the loadbalancer play.
435-
436-
It is possible that connectivity with the database may be interrupted for a short time
437-
during the migration. It is therefore recommended to carry out extensive tests on the
438-
staging environment in advance.
439-
440-
* The following secrets must be added in ``environments/kolla/secrets.yml``:
441-
442-
.. code-block:: yaml
443-
444-
octavia_persistence_database_password: # generate with: pwgen 32 1
445-
prometheus_bcrypt_salt: # generate with: pwgen 22 1 <-- there's a 22
446-
prometheus_grafana_password: # generate with: pwgen 32 1
447-
prometheus_password: # generate with: pwgen 32 1
448-
proxysql_admin_password: # generate with: pwgen 32 1
449-
proxysql_stats_password: # generate with: pwgen 32 1
450-
451-
* The parameter ``mariadb_monitoring_password`` in ``environments/kolla/secrets.yml``
452-
has to be renamed to ``mariadb_monitor_password``. If the parameter is not present,
453-
it is added.
454-
455-
.. code-block:: yaml
456-
457-
mariadb_monitor_password: # generate with: pwgen 32 1
458-
459-
* The following parameters must be removed from the configuration repository from
460-
``environments/kolla/configuration.yml``:
461-
462-
.. code-block:: yaml
463-
464-
ceph_nova_user: nova
465-
ceph_nova_keyring: ceph.client.nova.keyring
466-
467-
* Parameters for the Netbox service in ``environments/infrastructure/configuration.yml`` or
468-
``secrets.yml`` must now also be added in ``environments/manager/configuration.yml`` or
469-
``secrets.yml``. In an upcoming release, the parameters can be removed from the
470-
infrastructure environment.
471-
472-
* The Ansible callback plugin ``osism.commons.still_alive`` is now available to avoid timeouts
473-
for long-running tasks. This currently has to be explicitly enabled in the Ansible configuration.
474-
This is done in the ``environments/ansible.cfg`` file in the configuration repository.
475-
The callback plugin is enabled by default in the future. After this change has been made, the
476-
update of the manager must be performed. A manager with a version before OSISM 7.0.0 cannot be
477-
longer used if this plugin is set in ``environments/ansible.cfg``.
478-
479-
.. code-block:: ini
480-
481-
[defaults]
482-
...
483-
stdout_callback = osism.commons.still_alive
484-
485-
* In the inventory, the ``nova_backend`` parameter must be added to the host vars of
486-
compute nodes where local storage is used.
487-
488-
.. code-block:: yaml
489-
490-
nova_backend: default
491-
492-
* The SSL certificate file ``haproxy.pem`` is now available in a different location in the
493-
``haproxy`` container. Previously it was stored under ``/etc/haproxy/haproxy.pem``. From
494-
now on it is stored under ``/etc/haproxy/certificates/haproxy.pem``. If you have customised
495-
the configuration for the haproxy service or use overlays for this, adjust the locations of
496-
the SSL certificate as required.
497-
498-
* Due to the upgrade from Fluentd to version 5, some directory names within the container
499-
image for Fluentd have changed. If you have worked with overlay files in the Fluentd service,
500-
check these in advance. Currently we know that ``/var/run/td-agent`` is now available as
501-
``/var/run/fluentd`` (check `GitHub issue #864 <https://github.com/osism/issues/issues/864>`_
502-
for details). We assume that other directory names have changed similarly.
503-
504-
* If a Keystone domain with LDAP backend is used, it is important to add the ``tls_cacertfile``
505-
parameter in the ``[ldap]`` section of the corresponding domain configuration.
506-
507-
.. code-block:: ini
508-
509-
[ldap]
510-
...
511-
tls_cacertfile = /etc/ssl/certs/ca-certificates.crt
512-
513-
Known issues
514-
------------
515-
516-
* If error ``Couldn't fetch the key client.bootstrap-rbd at /var/lib/ceph/bootstrap-rbd/."``
517-
occurs when updating Ceph in task ``create potentially missing keys (rbd and rbd-mirror)``,
518-
create directory ``/var/lib/ceph/bootstrap-rbd/`` on the 1st control node used for Ceph.
519-
Use the UID ``64045`` and the GID ``64045``. Set ``0755`` as permissions.
520-
521-
* There are currently problems when using a custom CA in combination with Octavia. A bugfix
522-
for this will be made available with OSISM 7.0.1 (`osism/issues#890 <https://github.com/osism/issues/issues/890>`_).
523-
524-
There is another problem when using Octavia in combination with OVN which leads to a leakage
525-
of ports when deleting load balancers (`osism/issues#921 <https://github.com/osism/issues/issues/921>`_).
526-
A bugfix for this is also expected to be available with OSISM 7.0.1.
527-
528-
* The manager service is updated via ``osism update manager``. If this command is not yet
529-
available, you can use ``osism-update-manager`` as an alternative.
530-
531-
.. code-block:: none
532-
533-
osism: 'update manager' is not an osism command. See 'osism --help'.
534-
535-
* With some upgrades we noticed that in certain constellations there were problems with the
536-
OpenStack Octavia service, which could be prevented if the parameter ``valid_interfaces`` was added
537-
to the ``environments/kolla/files/overlays/octavia.conf`` file ([osism/issues#1021](https://github.com/osism/issues/issues/1021)).
538-
539-
.. code-block:: ini
540-
541-
[certificates]
542-
valid_interfaces = internal
543-
544-
[keystone_authtoken]
545-
valid_interfaces = internal
546-
547-
[glance]
548-
valid_interfaces = internal
549-
550-
[neutron]
551-
valid_interfaces = internal
552-
553-
[nova]
554-
valid_interfaces = internal
555-
556-
Other
557-
-----
558-
559-
* Refstack 2022.11 results
560-
561-
.. code-block:: none
562-
563-
======
564-
Totals
565-
======
566-
Ran: 356 tests in 1221.9879 sec.
567-
- Passed: 353
568-
- Skipped: 3
569-
- Expected Fail: 0
570-
- Unexpected Success: 0
571-
- Failed: 0
572-
Sum of execute time for each test: 715.6658 sec.
573-
574-
References
575-
----------
576-
577-
OpenStack 2023.2 press announcement: https://www.openstack.org/software/openstack-bobcat
578-
579-
OpenStack 2023.2 release notes: https://releases.openstack.org/bobcat/index.html
580-
581-
Release notes for each OpenStack service:
582-
583-
* Barbican: https://docs.openstack.org/releasenotes/barbican/2023.2.html
584-
* Ceilometer: https://docs.openstack.org/releasenotes/ceilometer/2023.2.html
585-
* Cinder: https://docs.openstack.org/releasenotes/cinder/2023.2.html
586-
* Designate: https://docs.openstack.org/releasenotes/designate/2023.2.html
587-
* Glance: https://docs.openstack.org/releasenotes/glance/2023.2.html
588-
* Heat: https://docs.openstack.org/releasenotes/heat/2023.2.html
589-
* Horizon: https://docs.openstack.org/releasenotes/horizon/2023.2.html
590-
* Ironic: https://docs.openstack.org/releasenotes/ironic/2023.2.html
591-
* Keystone: https://docs.openstack.org/releasenotes/keystone/2023.2.html
592-
* Manila: https://docs.openstack.org/releasenotes/manila/2023.2.html
593-
* Neutron: https://docs.openstack.org/releasenotes/neutron/2023.2.html
594-
* Nova: https://docs.openstack.org/releasenotes/nova/2023.2.html
595-
* Octavia: https://docs.openstack.org/releasenotes/octavia/2023.2.html
596-
* Placement: https://docs.openstack.org/releasenotes/placement/2023.2.html
597-
* Skyline: https://docs.openstack.org/releasenotes/skyline-apiserver/2023.2.html, https://docs.openstack.org/releasenotes/skyline-console/2023.2.html
7+
The release notes have been migrated. OSISM release notes are now only
8+
available here: https://osism.tech/docs/release-notes/osism-7. The release
9+
notes for OSISM 7 have been migrated and the previous content has been
10+
removed here.

0 commit comments

Comments
 (0)
Please sign in to comment.