11 KiB
2023.2 (Bobcat) (under development)
The 2023.2 (Bobcat) OpenStack Charms release includes updates for the
charms described on the ../project/openstack-charms
page. As of this release,
the project consists of 62 stable charms.
Note
This release corresponds to a non-SLURP (upstream OpenStack) release and will consequently only be supported until July 2024.
For scheduling information of past and future releases see the ../project/release-schedule
.
Note
Release notes contents is superseded by updated information published
in the index
(this
guide) after the release of any given OpenStack Charms version.
Important
Always upgrade to the latest stable charms before making any major
changes to your cloud and before filing bug reports. Note that charm
upgrades and OpenStack upgrades are functionally different. For
instructions on performing the different upgrade types see the ../admin/upgrades/overview
page.
Summary of changes:
New stable charms
watcher
The watcher charm enables
the OpenStack Watcher service. The watcher charm provides a flexible and
scalable resource optimization service for multi-tenant OpenStack-based
clouds. A how-to is available at: ../admin/compute/watcher
.
watcher-dashboard
The watcher-dashboard charm provides the Watcher Dashboard plugin for use with the openstack-dashboard charm.
Usage example:
juju deploy --channel 2023.2/stable openstack-dashboard
juju deploy --channel 2023.2/stable watcher-dashboard
juju integrate openstack-dashboard:dashboard-plugin watcher-dashboard:dashboard
New stable charm features
With each new feature, there is a corresponding example bundle in the
form of a test bundle, and/or a section in the current guide (Charm
Guide) that details its usage. Test bundles are located in the
src/tests/bundles
directory of the relevant charm
repository (see all charm
repositories).
Keystone role cache config
The keystone charm now supports configuring the Keystone
[role] cache_time
option using a new
role-cache-expiration
charm configuration option. If not
set, this defaults to the global expiration_time
(configurable by the dogpile-cache-expiration
charm
configuration option). Setting cache_time
to around 10
(seconds) is recommended for clouds that receive frequent role
assignment changes and that are therefore sensitive to the (default)
600s delay that assignments can take to propagate to all Keystone peer
caches.
For example, to set the role cache expiration time to 10 seconds do:
juju config keystone role-cache-expiration=10
Designate-bind allow transfer config
The designate-bind charm now supports configuring the BIND9
allow-transfer
option. If not set, the corresponding
feature is disabled.
For example, to set allow-transfer
to
10.0.0.0/8
and 172.16.0.0/16
:
juju config designate-bind allow_transfer_nets="10.0.0.0/8;172.16.0.0/12"
This will allow designate-bind to perform a zone transfer to
10.0.0.0/8
and 172.16.0.0/12
.
This change modifies the default behaviour of the
allow-transfer
setting. To restore the default behaviour,
set allow-transfer-nets
to any
:
juju config designate-bind allow_transfer_nets=any
Improve Vault snap channel refresh
The refresh mechanism for the Vault snap managed within the vault charm has been improved. It now properly stops the service before performing a snap refresh. For more details see bug LP #2007587.
Glance custom image properties
The glance charm now supports configuring automatic custom image properties for imported images.
To add custom properties, use a comma-delimited string of
key:value
pairs:
juju config glance custom-import-properties='property1:value1,property2:value2,property3:value3'
These properties will only be added to images that go through the Interoperable
image import process such as
openstack image create --import
. They will not be applied
to regular image uploads.
magnum charm: new option to expose cluster_user_trust
This configuration option controls whether to assign a trust to the cluster user or not. This option needs to be set to True for clusters with volume_driver=cinder, cloud_provider_enabled=true or registry_enabled=true in the underlying cluster template to work. This is a potential security risk since the trust gives instances OpenStack API access to the cluster's project.
For more details see bug LP #1996237.
nova-cloud-controller charm: new relation to openstack-dashboard
juju integrate nova-cloud-controller:dashboard openstack-dashboard:dashboard
allows nova-cloud-controller to know that possible hosts and IP
addresses that the cloud users use to access the OpenStack Dashboard,
the nova-cloud-controller units use this information to configure the
nova-serialproxy daemon and allow requests coming from
the web browsers visiting the dashboard.
This relation is mandatory when the nova-cloud-controller application is configured with enable-serial-console set to True.
For more details see bug LP #2030094.
Documentation updates
OpenStack 2023.2 guide updates
The Charm Guide and the Deploy Guide were updated for OpenStack 2023.2.
Juju 3.x guide updates
The Charm Guide and the Deploy Guide were updated for Juju 3.x.
Charm Guide changes
- the project's backport policy was refreshed
- legacy charm revisions were published as reference material
- policy overrides page refactored into how-to, conceptual, and tutorial material
- ongoing improvements and corrections
Informational notices
Ceph FileStore support removed
OSD FileStore format has been deprecated in upstream Ceph starting with the Quincy release. With the Reef release, FileStore support has been removed, leaving support for only BlueStore format.
Warning
Data loss may occur if you attempt to upgrade to Ceph Reef when FileStore OSDs are present.
Before upgrading the payload ("OpenStack upgrade") of any of the Ceph
charms, migrate all FileStore OSDs to BlueStore. See upgrade path note
BlueStore
migration <bluestore_migration>
for guidance.
Nova
AvailabilityZoneFilter
removal in 2023.2
The AvailabilityZoneFilter
option was removed from Nova
in 2023.2 Bobcat (see the Nova
2023.2 upgrade notes).
In order for the scheduler to honour an availability zone request, there must now be a Placement aggregate that matches the Nova host aggregate that was assigned to an availability zone.
This should not technically affect users as the new configuration
should have been automatically done. However, verification steps have
been provided as an upgrade path note <az_option_removal>
.
Enforce MTU size between Octavia networks
The behaviour of the Octavia loadbalancer charm has been changed to
ensure that the MTU size on the health manager port (typically called
o-hm0
) matches the MTU on the load balancer network (called
lb-mgmt-net
). Prior to this change, when the MTU sizes were
not aligned and the o-hm0
MTU is less than the
lb-mgmt-net
MTU, then health check messages will be dropped
causing the load balancer to fail-over.
The new behaviour is to always align the MTU of the health
manager port (o-hm0
) to that of the load balancer network
(lb-mgmt-net
).
For more details please see bug LP #2018998.
Removed features
hyperv mechanism driver
The hyperv mechanism driver has been removed from the neutron-api charm. The networking-hyperv (OpenStack Winstackers) project is now retired and the package was removed from Ubuntu 23.10 (Mantic).
For more details see bug LP #2036953.
Issues discovered during this release cycle
Juju 3.x incompatibilities
The keystone and glance-simplestreams-sync legacy charms (not using channels), and stable channels Xena and before, do not work with a Juju 3.x controller. The problems arising from upgrading these charms so that they (automatically) use Juju 3.x unit agents are related to:
- Fernet key rotations (keystone)
- status setting and endpoint updating (glance-simplestreams-sync)
LXD container upgrade to jammy
While performing LXD container series upgrades from focal to jammy, these containers may lose their IP addresses and network connectivity on reboot.
For more details see Upgrade issues.