Release Notes

0.0.0

New Features

  • Added ansible-lint to all of the playbooks and roles.

  • Added AvailabilityZoneFilter for the OpenStack Nova service.

  • Added ceph_config module to allow tweaking Ceph configuration via IaC.

  • Added commit message checks. Starting now, commits must include Sem-Ver tags in the commit message as well as a release note in the releasenotes

  • Added native deployment of CoreDNS dedicated for forwarding and caching DNS requests for the cloud. By default, it’s enabled to use DNS over TLS using both CloudFlare and Google DNS.

  • Added CoreDNS metrics for the Neutron service.

  • Added documentation to using DNS01 challenges for certificates.

  • Added mirroring for GitHub

  • Added ipmi-exporter with alertings.

  • Added support to migrating IP from interface when adding to bridge

  • Added the ability to customize the Heat stack properties

  • Added openstack-exporter with alertings.

  • Added ability to create overrides for Prometheus monitoring.

  • Add support for multiple CSIs including PowerStore

  • Add jobs to promote the generated artifact to the tarballs server in order to make it easy to pull in latest version.

  • Added a playbook to automatically generate all secrets for all roles for those which are not already defined.

  • Added automatic SSH key generation for workspace, as well as cold & live migration support by enabling SSH keys.

  • Added tempest images built from the master branch.

  • Added Zuul jobs for building wheels and publishing them

  • Added playbook to allow for generating workspace for deployment and integrate it into Molecule in order to make sure we always test it.

  • Added Zuul artifacts with built collections for all commits.

  • Load the kubectl & helm auto complete in the .bashrc file

  • Allow disabling of the keepalived service.

  • Add ability to use an externally deployed Ceph cluster.

  • Add ability for a user to avoid using Keepalived for Kubernetes in cases where the API is behind an external load balancer.

  • Support new environment variable ATMOSPHERE_BOOT_FROM_VOLUME, When this boolean variable is set (like true, yes, or anytihng can be accpeted by Ansible bool filter), you can change OpenStack instances to boot from volume, and allow image not specify local disk.

  • Add barbican role

  • Bump Horizon chart to version 0.2.24 to include fixes for logo ConfigMap.

  • Bump Nova helm chart version to 0.2.32. To interdice fix for ironic.

  • Distribute self-signed certificate on the controller node

  • Add self-signed issuer and CA certificate

  • Create cloud resources such as networks and flavors

  • Add ability to include custom node labels for scenarios where you might want to distribute workloads across different nodes.

  • Disable oslo_messaging_notifications by default. From now, [oslo_messaging_notifications]/driver will be default to noop. operators can enable them base on real needs.

  • Added support for additional Neutron service plugins.

  • The generate_secrets playbook can now be used to generate secrets that are encrypted using ansible-vault.

  • Change the DNS suffix and ACME server. Both with the goal to get in this ansible-collection-atmosphere running in internal environments.

  • Provision images inside Openstack

  • Update horizon chart version from 0.2.16 to 0.2.20 - 0.2.17 Add custom logo - 0.2.18 Enable taint toleration for Openstack services - 0.2.19 Remove unsupported value overrides - 0.2.20 Add SHOW_OPENRC_FILE value

  • Add ansible variables for ingress annotations for roles consuming openstack_helm_ingress role

    • openstack_helm_barbican

    • openstack_helm_cinder

    • openstack_helm_glance

    • openstack_helm_heat

    • openstack_helm_horizon

    • openstack_helm_keystone

    • openstack_helm_neutron

    • openstack_helm_nova

    • openstack_helm_placement

    • openstack_helm_senlin

  • Add role for keepalived in openstack namespace

  • Add sysctl gc_thresh tuning in kubernetes role

  • Set containerd as container runtime

  • Add the ability to lookup for the ip address of the ceph public network. This is useful when the ceph public network is differnet from the default network on the system.

  • Introduce usage of RabbitMQ operator, remove usage of old RabbitMQ charts and start to run a single replica of RabbitMQ for each OpenStack service.

  • Use designate as external dns driver and enable dns_domain_ports

  • Set allow_resize_to_same_host as true in Default

  • Add openstacksdk role which installs openstacksdk py package and configures clouds.yaml.

  • Added additional monitoring to RabbitMQ in order to detect and alert on alarms raised by it such as memory, etc.

  • Set custom resource requirements

  • Simplified the structure of the required inventory to 3 groups only which are controllers, cephs and computes.

  • FluxCD is now used to deploy the Helm charts which will result in speedier deployments and eventually dropping the client-side Helm CLI.

  • Added ansible role to deploy tempest

  • Collect tempest log after tempest run

Known Issues

  • The Ironic deployment is not functional at the moment, therefore, the manifest has been disabled until the Ironic API endpoint is completed.

  • Wait longer till instances are ready

Upgrade Notes

  • When upgrading to this version, you’ll need to make sure that you destroy your existing Molecule testing environment before convering again since it is now using automatically generated secrets instead of hard-coded secrets. The secrets are stored inside the MOLECULE_EPHEMERAL_DIRECTORY.

  • The playbooks must all be ran in order, and once done make sure to have the cleanup playbook run to clean up the old cluster.

Bug Fixes

  • AlertManager did not have any persistence which meant that any silences would not last through a restart of the pod. This patch adds persistence so that silences would last survive a restart of the pod.

  • add barbican role to deployment

  • Fix issues around upgrading existing releases around waiting for deploys for larger environments.

  • Added wheels for master branches to allow for building Tempest images.

  • Added notes on working around Molecule bug.

  • Live migrations will take longer than expected because the default value of the option live_migration_events regressed to false since the addition of this value was forgotten. They should now complete on time with no network outages.

  • Start ignoring tbr interfaces inside node-exporter which are used by trunk interfaces with Neutron.

  • Added “provides” to wheels jobs in order to allow passing the artifact to image build jobs.

  • Added “upper-constraints.txt” to wheels archive.

  • Allow using an older version of JoinConfiguration to support older clusters.

  • Drop CephNodeDiskspaceWarning alerts since they already have better coverage through other alerts.

  • Remove stale old Terraform content from the Keystone side of things.

  • Drops symbolic link in pre-run and replaces it with an ansible-galaxy installation of the collection.

  • Set consecutive_build_service_disable_threshold to 0 as it was observed that some nodes on a cluster were disabled after a certain amount of build failures, overloading the other healthy nodes in the cluster causing a bunch of issues.

  • Correct the Nova timeout

  • The commit checks had hard-coded values for debugging that were accidentally added into the code.

  • Stop alerts from firing about etcd that are mostly invalid.

  • Fix gc_thres tuning values for both IPv4 and IPv6.

  • The GitHub mirroring job was not included to run so this patch fixes that.

  • The IPMI exporter depended on the ipmi module being loaded, however, it is the case that the module could be loaded on a virtual machine. This patch instead only runs it on systems that don’t expose the HYPERVISOR flag.

  • Resolve issues with nodeSelector for IPMI exporter.

  • Fix the image used for the Keystone domain management

  • Since we’re not waiting for the monitoring to fully go up, we have issues with later tasks that run way too fast and the operator is not ready, this will make sure it’s all good to go before moving forward.

  • Fix services which are running on nodes other than the control plane.

  • Fixed RabbitMQ memory alerts using watermark instead of actual limit for the container.

  • Add missing job for promotion of branch-tip tarballs.

  • Fix pbr version os the .devN part to be -N instead to have proper semantic versioning.

  • Fixes senlin username which was wrongly pointing to cinder, causing authentication issues to volume service.

  • Since we define the monmap based on the ceph public network, we should build ceph.conf for osd with the correct ip addresses.

  • Remove grafana path from horizon ingress till monasca realized

  • gre_sys interfaces is now ignored inside node-exporter.

  • Install iputils-ping dist package in tempest image

  • Bump CI timeout to 2 hours from 1 hour to prevent job timeouts.

  • Add default backend in ingress nginx controller

  • Include more IPMI sensors which are generally not reporting clean results for Dell systems.

  • Pin openstacksdk to 0.61.0 to avoid breaking the openstack.cloud collection.

  • Switch RabbitmqConnections to a more reliable solution that can avoid alerting on larger scale clouds.

  • Fix documentation for avoiding workaround involving manual symbolic links for the Ansible collection.

  • Add missing packages for install on Debian 11 cloud image environment.

  • Switch Cilium to use Geneve tunnels instead of VXLAN.

  • Lock ansible-lint package version in tox

  • Skip variables of keepalived vip and interface from secret generating and use br-ex for keepalived_interface.

  • Upgrade kube-prometheus-stack to 36.2.0 and add Ceph monitoring.

  • Use symbolic link for kube admin config, instead of copy and maintain two identical file. /root/.kube/config is now a symbolic link of file /etc/kubernetes/admin.conf. This will prevent any unsync file issue.

  • Fix image manifest creation in zuul CI

Other Notes

  • Added basic documentation infrastructure.