openstack
/
charm-guide
Code Issues Proposed changes
charm-guide/doc/source/2005.rst

8.7 KiB
Raw Blame History

20.05 (Draft version in progress)

Summary

The 20.05 OpenStack Charms release includes updates for the following charms. Additional charm support status information is published in the OpenStack Charm Guide which ultimately supersedes Release Notes contents.

Always use the latest stable charm revision before proceeding with topological changes, application migrations, workload upgrades, series upgrades, or bug reports.

Supported charms

  • aodh
  • barbican
  • barbican-vault
  • ceilometer
  • ceilometer-agent
  • ceph-fs
  • ceph-mon
  • ceph-osd
  • ceph-proxy
  • ceph-radosgw
  • ceph-rbd-mirror
  • cinder
  • cinder-ceph
  • cinder-purestorage
  • designate
  • designate-bind
  • glance
  • gnocchi
  • hacluster
  • heat
  • keystone
  • keystone-ldap
  • lxd
  • manila
  • manila-ganesha
  • neutron-api
  • neutron-openvswitch
  • neutron-gateway
  • neutron-dynamic-routing
  • nova-cloud-controller
  • nova-compute
  • octavia
  • octavia-dashboard
  • octavia-diskimage-retrofit
  • openstack-dashboard
  • percona-cluster
  • placement
  • rabbitmq-server
  • swift-proxy
  • swift-storage
  • vault

Preview charms

  • barbican-softhsm
  • cinder-backup
  • keystone-saml-mellon
  • manila-generic
  • masakari
  • masakari-monitors
  • mysql-innodb-cluster
  • mysql-router
  • neutron-api-plugin-ovn
  • ovn-central
  • ovn-chassis
  • ovn-dedicated-chassis
  • pacemaker-remote
  • tempest
  • watcher
  • watcher-dashboard

Removed charms

n/a

New charm features

With each new feature, there is a corresponding example bundle in the form of a test bundle, and/or a OpenStack Charms Deployment Guide section which details the use of the feature. For example test bundles, see the src/tests/bundles directory within the relevant charm repository.

Configuring Security Compliance for Keystone

Keystone has several configuration options available in order to comply with standards such as the Payment Card Industry -- Data Security Standard (PCI-DSS) v3.1. The keystone charm can now set these options.

The password-security-compliance charm option sets Keystone service options for the [security_compliance] section of Keystone's configuration file.

Note

Please ensure that the page Security compliance and PCI-DSS is consulted before setting these options. The charm does set the ignore_change_password_upon_first_use and ignore_password_expiry options to true for the service accounts to prevent lockout of service users.

Please consult the Keystone charm README for more details on the option.

NEW CHARM FEATURE GOES HERE

Change of default behaviour for Neutron API

Swift global cluster

New charms

NEW CHARM GOES HERE

mysql-innodb-cluster and mysql-router

OVN charms

Preview charm features

PREVIEW CHARM FEATURE GOES HERE

Upgrading charms

Always use the latest stable charm revision before proceeding with topological changes, charm application migrations, workload upgrades, series upgrades, or bug reports.

Please ensure that the keystone charm is upgraded first.

To upgrade an existing deployment to the latest charm version simply use the upgrade-charm command. For example:

juju upgrade-charm keystone

Charm upgrades and OpenStack upgrades are functionally different. Charm upgrades ensure that the deployment has the latest charm revision, containing the latest charm fixes and features, whereas OpenStack upgrades influence the software package versions of OpenStack itself.

A charm upgrade does not trigger an OpenStack upgrade. An OpenStack upgrade is a separate process. However, an OpenStack upgrade does require the latest charm revision. Please refer to OpenStack upgrades in the OpenStack Charms Deployment Guide for more details.

New bundle features

n/a

Deprecation notices

n/a

Removed features

n/a

Known issues

Swift-Proxy and Policy.d overrides

The is no policy.d override mechanism available for Swift (and, therefore, the swift-proxy charm) as Swift does not use the oslo.policy library. Swift uses its own authentication system that connects with Keystone and validates according to Swift's own configuration files. The operator-roles configuration option allows the operator to control which Swift operator roles will be authenticated, as usual. See the Swift Auth System for further details.

Masakari and Masakari Monitors

Both Masakari charms remain as previews. Bugs LP #1728527 and LP #1839715 need to be resolved in order to arrive at a successful instance HA deployment. Bug LP #1773765 is likely to affect on-going support of a Masakari deployment.

Glance Simplestreams Sync

When deploying the glance-simplestreams-sync charm on Bionic a more recent version of the simplestreams package must be installed by configuring a PPA:

juju config glance-simplestreams-sync source=ppa:simplestreams-dev/trunk

See bug LP #1790904 for details.

Designate and Vault at Ocata and earlier

The designate charm for OpenStack releases Pike and earlier does not yet support SSL via Vault and the certificates relation. See bug LP #1839019.

Current versions of OpenStack with Vault and the certificates relation are supported by the Designate charm.

Restart Nova services after adding certificates relation

A race condition exists with the use of the 'certificates' relation. When SSL certificates are issued Nova services may attempt to talk to the placement API over HTTP while the API has already changed to HTTPS. See bug LP #1826382.

To mitigate against this, restart the nova-compute and nova-scheduler services once certificates have been issued:

juju run --application nova-compute "systemctl restart nova-compute"
juju run --application nova-cloud-controller "systemctl restart nova-scheduler"

Bugs fixed

The 20.05 OpenStack Charms release includes NN bug fixes. Refer to the 20.05 milestone in Launchpad for the list of resolved bugs.

Next release info

Please see the OpenStack Charm Guide for current information.