11 KiB
2023.2 (Bobcat) (under development)
The 2023.2 (Bobcat) OpenStack Charms release includes updates for the
charms described on the ../project/openstack-charms
page. As of this release,
the project consists of <NUMBER-OF-STABLE-CHARMS> stable
charms.
For scheduling information of past and future releases see the ../project/release-schedule
.
Note
Release notes contents is superseded by updated information published
in the index
(this
guide) after the release of any given OpenStack Charms version.
Important
Always upgrade to the latest stable charms before making any major
changes to your cloud and before filing bug reports. Note that charm
upgrades and OpenStack upgrades are functionally different. For
instructions on performing the different upgrade types see the ../admin/upgrades/overview
page.
Summary of changes:
New stable charms
<TITLE>
New stable charm features
With each new feature, there is a corresponding example bundle in the
form of a test bundle, and/or a section in the current guide (Charm
Guide) that details its usage. Test bundles are located in the
src/tests/bundles
directory of the relevant charm
repository (see all charm
repositories).
Keystone role cache config
The keystone charm now supports configuring the keystone [role] cache_time using a new role-cache-expiration config. If not set, this defaults to the global expiration_time (configurable by the dogpile-cache-expiration config option). Setting the role cache_time to something closer to 10s is recommended for clouds that receive frequent role assignment changes and are sensitive to the (default) 600s delay that assignements can take to propagate to all keystone peer caches.
For example, to set the role cache expiration time to 10 seconds do:
juju config keystone role-cache-expiration=10
The result of this being that keystone will only used cached role assignments for up to 10 seconds before refreshing them from the database.
Designate-bind allow transfer config
The designate-bind charm now supports configuring BIND9
allow-transfer
. If not set, this defaults to none, which
disable allow-transfer.
For example, to set BIND9 allow-transfer to 10.0.0.0/8
and 172.16.0.0/16
:
juju config designate-bind allow_transfer_nets="10.0.0.0/8;172.16.0.0/12"
This will allow designate-bind to perform zone transfer to
10.0.0.0/8
and 172.16.0.0/12
.
Please note that this change modifies the default behaviour of the
BIND9 allow-transfer
setting. To restore the default
behaviour, set allow-transfer
to any
:
juju config designate-bind allow_transfer_nets=any
Improve Vault snap channel refresh
Snap channel refresh for the Vault snap in charm-vault has been improved to properly stop the service before performing a snap refresh. For more details see bug LP #2007587.
Glance custom image properties
The glance charm now supports configuring automatic custom image properties for imported images. The specified properties will be automatically added to all images that go through the interoperable image import process.
To add the custom properties use a comma delimited string of
key:value
pairs as follows:
juju config glance custom-import-properties='property1:value1,property2:value2,property3:value3'
Note properties will only be added to images that go through the
import process such as openstack image create --import
but
will not be applied to regular image uploads.
Adjust ceph credentials to be the same across nova-compute apps
When using the config libvirt-image-backend=rbd, VMs created from image have their disk data stored in ceph instead of the compute node itself.
When performing live-migrations, both nodes need to access the same
ceph credentials to access the VM's disk in ceph. Previously, each
nova-compute charm app had a different credential according to the app
name. Now every nova-compute charm app uses the
nova-compute
ceph credential.
Upon performing the upgrade, any previously running VM will continue to use the old credential until fully stopped and then started to refresh the libvirt XML for the VM. While using the old credentials, the VMs can still continue to operate without disruption and can be live-migrated to nodes pertaning to the same nova-compute charm app.
The old credential file remains alongside the new one in the nova-compute node and is not cleaned up until the relation between nova-compute and ceph-mon is removed. For more details see bug LP #2028559.
magnum charm: new option to expose cluster_user_trust
This configuration option controls whether to assign a trust to the cluster user or not. This option needs to be set to True for clusters with volume_driver=cinder, cloud_provider_enabled=true or registry_enabled=true in the underlying cluster template to work. This is a potential security risk since the trust gives instances OpenStack API access to the cluster's project. For more details see bug LP #1996237.
nova-cloud-controller charm: new relation to openstack-dashboard
juju integrate nova-cloud-controller:dashboard openstack-dashboard:dashboard
allows nova-cloud-controller to know that possible hosts and IP
addresses that the cloud users use to access the OpenStack Dashboard,
the nova-cloud-controller units use this information to configure the
nova-serialproxy daemon and allow requests coming from
the web browsers visiting the dashboard.
This relation is mandatory when the nova-cloud-controller application is configured with enable-serial-console set to True.
For more details see LP #2030094.
Nova AvailabilityZoneFilter removal in Bobcat
The AvailabilityZoneFilter was removed from nova.conf in 2023.2 Bobcat (see nova 2023.2 upgrades). In order for the scheduler to honor an availability zone request, there must now be a placement aggregate that matches the nova host aggregate that was assigned the availability zone.
Since nova 18.0.0 (Rocky), the nova-api service attempts to automatically mirror the association of compute host with a placement aggregate when a host is added/removed to/from a nova host aggregate.
The following example shows how to determine if mirroring of nova host aggregates to placement aggregates has occurred:
openstack aggregate list
+----+------+-------------------+
| ID | Name | Availability Zone |
+----+------+-------------------+
| 1 | myag | myaz |
+----+------+-------------------+
openstack aggregate show --column availability_zone --column hosts --column uuid myag
+-------------------+------------------------------------------------------+
| Field | Value |
+-------------------+------------------------------------------------------+
| availability_zone | myaz |
| hosts | juju-2c7db9-zaza-2349f0f509d3-14.project.serverstack |
| uuid | 4dd789b7-b4c3-45f1-8b2b-a6f5a8c37d55 |
+-------------------+------------------------------------------------------+
openstack resource provider list --column uuid --column name
+--------------------------------------+------------------------------------------------------+
| uuid | name |
+--------------------------------------+------------------------------------------------------+
| 482399c5-9ed7-4d4d-bdcf-c076dae99f2d | juju-2c7db9-zaza-2349f0f509d3-14.project.serverstack |
| d1322831-94db-4628-9adc-3406014d24e4 | juju-2c7db9-zaza-2349f0f509d3-15.project.serverstack |
| 624c0f64-8a2b-47c7-9ea6-e3f1de611bc2 | juju-2c7db9-zaza-2349f0f509d3-16.project.serverstack |
+--------------------------------------+------------------------------------------------------+
openstack resource provider aggregate list --column uuid 482399c5-9ed7-4d4d-bdcf-c076dae99f2d
+--------------------------------------+
| uuid |
+--------------------------------------+
| 4dd789b7-b4c3-45f1-8b2b-a6f5a8c37d55 |
+--------------------------------------+
Manual intervention will be required if an AZ-assigned Nova aggregate
is not associated with a Placement aggregate. This is done with the
openstack resource provider aggregate set
command (see nova
aggregates in placement).
Removal of hyperv mechanism driver
The hyperv mechanism driver has been removed from the neutron-api charm in Bobcat. The networking-hyperv project is now retired and the package was removed from Ubuntu 23.10 (Mantic). For more details see bug LP #2036953.
Documentation updates
<TITLE>
New tech-preview charms
<TITLE>
New tech-preview charm features
<TITLE>
Informational notices
<TITLE>
Deprecation notices
<TITLE>
Removed features
<TITLE>
Removed charms
<TITLE>
Issues discovered during this release cycle
Juju 3.x incompatibilities
The keystone and glance-simplestreams-sync legacy charms (not using channels), and stable channels Xena and before, do not work with a Juju 3.x controller. The problems arising from upgrading these charms so that they (automatically) use Juju 3.x unit agents are related to:
- Fernet key rotations (keystone)
- status setting and endpoint updating (glance-simplestreams-sync)