openstack
/
charm-guide
Code Issues Proposed changes
charm-guide/doc/source/release-notes/2023.2-bobcat.rst

11 KiB
Raw Blame History

2023.2 (Bobcat) (under development)

The 2023.2 (Bobcat) OpenStack Charms release includes updates for the charms described on the ../project/openstack-charms page. As of this release, the project consists of <NUMBER-OF-STABLE-CHARMS> stable charms.

For scheduling information of past and future releases see the ../project/release-schedule.

Note

Release notes contents is superseded by updated information published in the index (this guide) after the release of any given OpenStack Charms version.

Important

Always upgrade to the latest stable charms before making any major changes to your cloud and before filing bug reports. Note that charm upgrades and OpenStack upgrades are functionally different. For instructions on performing the different upgrade types see the ../admin/upgrades/overview page.

Summary of changes:

New stable charms

<TITLE>

New stable charm features

With each new feature, there is a corresponding example bundle in the form of a test bundle, and/or a section in the current guide (Charm Guide) that details its usage. Test bundles are located in the src/tests/bundles directory of the relevant charm repository (see all charm repositories).

Keystone role cache config

The keystone charm now supports configuring the keystone [role] cache_time using a new role-cache-expiration config. If not set, this defaults to the global expiration_time (configurable by the dogpile-cache-expiration config option). Setting the role cache_time to something closer to 10s is recommended for clouds that receive frequent role assignment changes and are sensitive to the (default) 600s delay that assignements can take to propagate to all keystone peer caches.

For example, to set the role cache expiration time to 10 seconds do:

juju config keystone role-cache-expiration=10

The result of this being that keystone will only used cached role assignments for up to 10 seconds before refreshing them from the database.

Designate-bind allow transfer config

The designate-bind charm now supports configuring BIND9 allow-transfer. If not set, this defaults to none, which disable allow-transfer.

For example, to set BIND9 allow-transfer to 10.0.0.0/8 and 172.16.0.0/16:

juju config designate-bind allow_transfer_nets="10.0.0.0/8;172.16.0.0/12"

This will allow designate-bind to perform zone transfer to 10.0.0.0/8 and 172.16.0.0/12.

Please note that this change modifies the default behaviour of the BIND9 allow-transfer setting. To restore the default behaviour, set allow-transfer to any:

juju config designate-bind allow_transfer_nets=any

Improve Vault snap channel refresh

Snap channel refresh for the Vault snap in charm-vault has been improved to properly stop the service before performing a snap refresh. For more details see bug LP #2007587.

Glance custom image properties

The glance charm now supports configuring automatic custom image properties for imported images. The specified properties will be automatically added to all images that go through the interoperable image import process.

To add the custom properties use a comma delimited string of key:value pairs as follows:

juju config glance custom-import-properties='property1:value1,property2:value2,property3:value3'

Note properties will only be added to images that go through the import process such as openstack image create --import but will not be applied to regular image uploads.

Adjust ceph credentials to be the same across nova-compute apps

When using the config libvirt-image-backend=rbd, VMs created from image have their disk data stored in ceph instead of the compute node itself.

When performing live-migrations, both nodes need to access the same ceph credentials to access the VM's disk in ceph. Previously, each nova-compute charm app had a different credential according to the app name. Now every nova-compute charm app uses the nova-compute ceph credential.

Upon performing the upgrade, any previously running VM will continue to use the old credential until fully stopped and then started to refresh the libvirt XML for the VM. While using the old credentials, the VMs can still continue to operate without disruption and can be live-migrated to nodes pertaning to the same nova-compute charm app.

The old credential file remains alongside the new one in the nova-compute node and is not cleaned up until the relation between nova-compute and ceph-mon is removed. For more details see bug LP #2028559.

magnum charm: new option to expose cluster_user_trust

This configuration option controls whether to assign a trust to the cluster user or not. This option needs to be set to True for clusters with volume_driver=cinder, cloud_provider_enabled=true or registry_enabled=true in the underlying cluster template to work. This is a potential security risk since the trust gives instances OpenStack API access to the cluster's project. For more details see bug LP #1996237.

nova-cloud-controller charm: new relation to openstack-dashboard

juju integrate nova-cloud-controller:dashboard openstack-dashboard:dashboard allows nova-cloud-controller to know that possible hosts and IP addresses that the cloud users use to access the OpenStack Dashboard, the nova-cloud-controller units use this information to configure the nova-serialproxy daemon and allow requests coming from the web browsers visiting the dashboard.

This relation is mandatory when the nova-cloud-controller application is configured with enable-serial-console set to True.

For more details see LP #2030094.

Nova AvailabilityZoneFilter removal in Bobcat

The AvailabilityZoneFilter was removed from nova.conf in 2023.2 Bobcat (see nova 2023.2 upgrades). In order for the scheduler to honor an availability zone request, there must now be a placement aggregate that matches the nova host aggregate that was assigned the availability zone.

Since nova 18.0.0 (Rocky), the nova-api service attempts to automatically mirror the association of compute host with a placement aggregate when a host is added/removed to/from a nova host aggregate.

The following example shows how to determine if mirroring of nova host aggregates to placement aggregates has occurred:

openstack aggregate list
+----+------+-------------------+
| ID | Name | Availability Zone |
+----+------+-------------------+
|  1 | myag | myaz              |
+----+------+-------------------+

openstack aggregate show --column availability_zone --column hosts --column uuid myag
+-------------------+------------------------------------------------------+
| Field             | Value                                                |
+-------------------+------------------------------------------------------+
| availability_zone | myaz                                                 |
| hosts             | juju-2c7db9-zaza-2349f0f509d3-14.project.serverstack |
| uuid              | 4dd789b7-b4c3-45f1-8b2b-a6f5a8c37d55                 |
+-------------------+------------------------------------------------------+

openstack resource provider list --column uuid --column name
+--------------------------------------+------------------------------------------------------+
| uuid                                 | name                                                 |
+--------------------------------------+------------------------------------------------------+
| 482399c5-9ed7-4d4d-bdcf-c076dae99f2d | juju-2c7db9-zaza-2349f0f509d3-14.project.serverstack |
| d1322831-94db-4628-9adc-3406014d24e4 | juju-2c7db9-zaza-2349f0f509d3-15.project.serverstack |
| 624c0f64-8a2b-47c7-9ea6-e3f1de611bc2 | juju-2c7db9-zaza-2349f0f509d3-16.project.serverstack |
+--------------------------------------+------------------------------------------------------+

openstack resource provider aggregate list --column uuid 482399c5-9ed7-4d4d-bdcf-c076dae99f2d
+--------------------------------------+
| uuid                                 |
+--------------------------------------+
| 4dd789b7-b4c3-45f1-8b2b-a6f5a8c37d55 |
+--------------------------------------+

Manual intervention will be required if an AZ-assigned Nova aggregate is not associated with a Placement aggregate. This is done with the openstack resource provider aggregate set command (see nova aggregates in placement).

Removal of hyperv mechanism driver

The hyperv mechanism driver has been removed from the neutron-api charm in Bobcat. The networking-hyperv project is now retired and the package was removed from Ubuntu 23.10 (Mantic). For more details see bug LP #2036953.

Documentation updates

<TITLE>

New tech-preview charms

<TITLE>

New tech-preview charm features

<TITLE>

Informational notices

<TITLE>

Deprecation notices

<TITLE>

Removed features

<TITLE>

Removed charms

<TITLE>

Issues discovered during this release cycle

Juju 3.x incompatibilities

The keystone and glance-simplestreams-sync legacy charms (not using channels), and stable channels Xena and before, do not work with a Juju 3.x controller. The problems arising from upgrading these charms so that they (automatically) use Juju 3.x unit agents are related to:

  • Fernet key rotations (keystone)
  • status setting and endpoint updating (glance-simplestreams-sync)