Chapter 3. Release Information

These release notes highlight technology preview items, recommended practices, known issues, and deprecated functionality to be taken into consideration when deploying this release of Red Hat OpenStack Platform. Notes for updates released during the support lifecycle of this Red Hat OpenStack Platform release will appear in the advisory text associated with each update.

3.1. Red Hat OpenStack Platform 15 GA

These release notes highlight technology preview items, recommended practices, known issues, and deprecated functionality to be taken into consideration when deploying this release of Red Hat OpenStack Platform.

3.1.1. Enhancements

This release of Red Hat OpenStack Platform features the following enhancements:

BZ#1240852

In Red Hat OpenStack Platform 15, you can specify MTU (maximum transmission unit) settings for each network, and RHOSP will automatically write those settings to the network interface configuration templates. MTU values should be set in the network_data.yaml file.

This enhancement alleviates the step of manually updating the network templates for each role, and reduces the likelihood of manual entry errors.

BZ#1484601

The Shared File Systems service (manila) API now supports Transport Layer Security (TLS) endpoints on the internal API network, through SSL/TLS certificates. The Shared File Systems service is automatically secured when you opt to secure Red Hat OpenStack Platform during deployment.

BZ#1535066

In Red Hat OpenStack Platform 15, which depends on Red Hat Enterprise Linux 8, there is a new default Time service, chrony.

With this switch, Red Hat highly recommends that you use multiple Network Time Protocol (NTP) servers for both the undercloud and overcloud deployments.

BZ#1547728

In Red Hat Open Stack Platform 15, the Data Processing service (sahara) plug-ins have been decoupled and are now installed as libraries.

To obtain newer versions of Data Processing service plug-ins, you no longer have to upgrade RHOSP. Instead, install the newest version of the desired plug-in.

BZ#1585012

You can now configure automatic restart of VM instances on a Compute node if the compute node reboots without first migrating the instances.

With the following two new parameters, you can configure the Red Hat OpenStack Platform Compute service (nova) and the libvirt-guests agent to shut down VM instances gracefully and start them when the Compute node reboots:

 - NovaResumeGuestsStateOnHostBoot (True or False)
 - NovaResumeGuestsShutdownTimeout (default, 300s)

BZ#1619762

In Red Hat OpenStack Platform 15, director uses version 5.5 of Puppet.

BZ#1626139

In Red Hat OpenStack Platform 15, a new role and environment file have been added to enable the undercloud to deploy an all-in-one overcloud node that contains both the controller services and compute services. The new role and the new environment file are named, respectively, roles/Standalone.yaml and environments/standalone/standalone-overcloud.yaml.

Because this new architecture does not yet support high availability, Red Hat cannot guarantee zero down time during RHOSP 15 updates and upgrades. For this reason, Red Hat highly recommends that you properly back up your system.

BZ#1633146

Red Hat OpenStack Platform director now has the ability to control Block Storage service (cinder) snapshots on NFS back ends. A new director parameter, CinderNfsSnapshotSupport, has a default value of True.

BZ#1635862

Using the Red Hat OpenStack Platform director, you can now configure the Image service (glance) to have an optional local image cache. You turn on the image cache, by setting the “GlanceCacheEnabled” property to True.

A typical use case for the image cache is edge computing. Because the Image service resides at central site, you can deploy and enable the image cache at remote sites and save bandwidth and reduce the Image service’s boot time.

BZ#1647057

With Paunch you can now manage container memory consumption using three new attributes: mem_limit, memswap_limit, and mem_swappiness.

BZ#1661022

In Red Hat OpenStack Platform 15, if the back end driver supports it, you can now simultaneously attach a volume to multiple machines for both the Block Storage service (cinder) and the Compute service (nova). This feature addresses the use case for clustered application workloads that typically requires active/active or active/standby scenarios.

BZ#1666529

In Red Hat OpenStack Platform 15, the Image service (glance) is automatically configured for any glance-import execution to convert imported images into RAW format when Red Hat Ceph Storage is used as the back end for the Image service.

BZ#1693268

The Load Balancing service (octavia) now provides the capability to refine access policies for its load balancers, by allowing you to change security group ownership to a security group associated with a user project. (The user project must be on the whitelist.)

In previous RHOSP releases, you could not restrict access to the load balancer, because octavia exclusively assigned the project ID to the security group associated with the VIP and VRRP ports on the load balancing agent (amphora).

3.1.2. Technology Preview

The items listed in this section are provided as Technology Previews. For further information on the scope of Technology Preview status, and the associated support implications, refer to https://access.redhat.com/support/offerings/techpreview/.

BZ#1466008

The director can now deploy different, isolated Ceph clusters into different Edge zones by creating an overcloud composed of multiple Heat stacks. For example, the director can deploy an overcloud consisting of a Heat stack for the control plane (Controller nodes) and multiple additional stacks for Edge zones (Computes and Ceph Storage nodes or Compute and HCI nodes).

BZ#1504662

Neutron bulk port creation (create multiple ports in a single request) has been optimized for speed and is now significantly faster. The benefits of this improvement include faster initialization of containers via Kuryr on neutron networks.

BZ#1526109

A new Red Hat OpenStack Platform Bare Metal service (ironic) driver for XClarity managed Lenovo devices is available. The xclarity driver provides more reliable operation on Lenovo devices managed with XClarity, and opportunities for additional vendor-specific features in the future.

BZ#1593758

Red Hat OpenStack Platform Bare Metal service (ironic) now has a BIOS management interface, with which you can inspect and modify a device’s BIOS configuration.

In Red Hat OpenStack Platform 15, the Bare Metal service supports BIOS management capabilities for data center devices that are Redfish API compliant. The Bare Metal service implements Redfish calls through the Python library, Sushy.

BZ#1601576

Red Hat OpenStack Platform undercloud networks are now layer 3 (L3) capable. This enhancement enables all segments to use one network, and alleviates the need for service net map overrides.

This enhancement is important for Red Hat OpenStack Platform edge computing sites that deploy roles in different sites and make service net map overrides unwieldy.

BZ#1624486

As a technology preview in Red Hat OpenStack Platform 15, the novajoin service tech uses the new, versioned format of notifications sent by the Compute service (nova).

To enable the new format, set the value of the new configuration setting, configuration_format, to "versioned." The default value for configuration_format is "unversioned".

In a future version of RHOSP, unversioned notifications will be deprecated.

BZ#1624488

As a technology preview in Red Hat OpenStack Platform 15, the novajoin service uses the Python 3 runtime.

BZ#1624490

With this technology preview, it is possible to configure Barbican through Director to store secrets using the ATOS Trustway Proteccio NetHSM. This is mediated through the Barbican PKCS#11 back-end plugin.

The technology preview is provided in the following packages:
 - openstack-barbican
 - tripleo-heat-templates

BZ#1624491

With this technology preview, it is possible to configure Barbican through director to store secrets using the nCipher NetShield Connect NetHSM. This is mediated through the Barbican PKCS#11 back end plug-in.

The technology preview is provided in the following packages:
 - openstack-barbican
 - tripleo-heat-templates

BZ#1636040

With Red Hat OpenStack Platform director you can now deploy the Block Storage service (cinder) in an active-active configuration on Ceph RADOS Block Device (RBD) back ends only.

The new cinder-volume-active-active.yaml file defines the active-active cluster name by assigning a value to the CinderVolumeCluster parameter. CinderVolumeCluster is a global Block Storage parameter, and prevents you from including clustered (active-active) and non-clustered back ends in the same deployment.

The cinder-volume-active-active.yaml file causes director to use the non-Pacemaker, cinder-volume Orchestration service template, and adds the etcd service to your Red Hat OpenStack Platform deployment as a distributed lock manager (DLM).

BZ#1636179

With Red Hat OpenStack Platform director you can now configure different availability zones for Block Storage service (cinder) volume back ends. Director has a new parameter, CinderXXXAvailabilityZone, where XXX is associated with a specific back end.

BZ#1740715

Because Red Hat Ceph Storage 4 is at beta when Red Hat OpenStack Platform 15 is at GA, a new configuration option has been added to RHOSP 15 to prevent any accidental deployments of Red Hat Ceph Storage 4 Beta in a production environment.

The new Orchestration service (heat) configuration option, EnableRhcs4Beta, is set by default to "False", and therefore prevents director from deploying Red Hat Ceph Storage 4 Beta by accident.

3.1.3. Release Notes

This section outlines important details about the release, including recommended practices and notable changes to Red Hat OpenStack Platform. You must take this information into account to ensure the best possible outcomes for your deployment.

BZ#1585835

The Shared File Systems service (manila) API now runs behind the Apache HTTP Server (httpd). The Apache error and access logs from the Shared File Systems service are available in /var/log/containers/httpd/manila-api on all the nodes that run the manila API container.

The log location of the main API service (manila-api) has not changed, and continues to be written on each node in /var/log/containers/manila/.

BZ#1613038

The Block Storage service (cinder) command, "snapshot-manageable-list," now lists the snapshots on the back end for Red Hat Ceph RADOS block devices (RBD).

BZ#1689913

In Red Hat OpenStack Platform 15, the director parameter used during overcloud container preparation, deltarpm, has been renamed to, drpm.

BZ#1722036

Because Red Hat Ceph Storage 4 is at beta when Red Hat OpenStack Platform 15 is at GA, a new configuration option has been added to RHOSP 15 to prevent any accidental deployments of Red Hat Ceph Storage 4 Beta in a production environment.

The new Orchestration service (heat) configuration option, EnableRhcs4Beta, is set by default to "False", and therefore prevents director from deploying Red Hat Ceph Storage 4 Beta by accident.

BZ#1730689

There is a known issue wherein deployments will fail with the following message.

`puppet-user: Error: Parameter value failed on Vs_config[other_config:n-revalidator-threads]: Invalid external_ids 1. Requires a String, not a Integer`

This is due to tripleo parameters of type integer being expected by puppet to be of type string. To work around, include the following in deployment templates:

ComputeOvsDpdkSriovExtraConfig:
  "vswitch::dpdk::handler_cores": "1"
  "vswitch::dpdk::revalidator_cores": "1"

BZ#1743701

In Red Hat OpenStack Platform 15, director can only deploy Red Hat Ceph Storage v4. At this time, Ceph Storage v4 is still in its beta version. OpenStack Platform 15 will not support director-deployed Ceph until Ceph Storage v4 is generally available.

For testing purposes, you can deploy Ceph Storage v4 beta, but the beta version is not supported for use in production. Refer to the documentation for instructions on how to enable Ceph Storage v4 beta.

3.1.4. Known Issues

These known issues exist in Red Hat OpenStack Platform at this time:

BZ#1543414

When running Red Hat OpenStack Platform 15 on a Q35 machine, there is a maximum limit of 500 devices. This is known problem with QEMU, an open source virtualizer and machine emulator.

BZ#1697335

When running the command "openstack stack show <stack_name>" on a stack with a large amount of data (for example, the 'overcloud' stack), the output can be difficult to read because  some columns are too wide.

Red Hat recommends that you change the default output width.

Here is an example:

$ openstack stack show overcloud --max-width 100

BZ#1713329

Red Hat OpenStack Platform deployments that use the Linux bridge ML2 driver and agent are unprotected against Address Resolution Protocol (ARP) spoofing. The version of Ethernet bridge frame table administration (ebtables) that is part of Red Hat Enterprise Linux 8 is incompatible with the Linux bridge ML2 driver.

The Linux Bridge ML2 driver and agent were deprecated in Red Hat OpenStack Platform 11, and should not be used.

Red Hat recommends that you use instead the ML2 Open Virtual Network (OVN) driver and services, the default deployed by the Red Hat OpenStack Platform director.

BZ#1741244

Red Hat OpenStack Platform (RHOSP) does not yet support upgrading to version 15 from earlier RHOSP versions. Support for upgrading will be added to a future update of RHOSP 15.

BZ#1749443

The Compute services (nova) can fail to deploy because the nova_wait_for_compute_service script is unable to query the Nova API. If a remote container image registry is used outside of the undercloud, the Nova API service might not finish deploying in time.

The workaround is to rerun the deployment command, or to use a local container image registry on the undercloud.

BZ#1751942

If you use Security Group rules that span across a port range (--dst-port X:Y), an OVN bug causes traffic filtering to fail and all traffic to be dropped.

Workaround: Create one rule per port instead of using a port range.

BZ#1752950

Currently, you cannot use Orchestration (heat) templates with the director to deploy an overcloud that requires NFS as an Image service (glance) back end. There is currently no workaround for this issue.

3.1.5. Deprecated Functionality

The items in this section are either no longer supported, or will no longer be supported in a future release.

BZ#1584213

In Red Hat OpenStack Platform 15, a part of the Telemetry service, gnocchi, has been deprecated.

In a future RHOSP version, gnocchi, and the rest of the Telemetry service will be removed and replaced by the Red Hat Service Assurance Framework.

BZ#1640962

In Red Hat OpenStack Platform 15, the Alarm service (aodh) that is part of the Telemetry service, is deprecated.

In a future Red Hat OpenStack Platform version, the Alarm service will be removed.

BZ#1663449

The OpenStack EC2 API is deprecated in this release and is no longer supported.

BZ#1676951

In Red Hat OpenStack Platform 15, the monitoring agent, Sensu client service, is deprecated.

In a future Red Hat OpenStack Platform version, the Sensu client service will be removed.

BZ#1686583

In Red Hat OpenStack Platform 15, the Data Processing service (sahara) is deprecated, and will be removed in version 16. Support for the Data Processing service continues in Red Hat OpenStack Platform 15 and earlier supported versions.

BZ#1702694

In Red Hat OpenStack Platform 15, Red Hat OpenStack director (TripleO) no longer supports deploying Red Hat OpenShift Container Platform 3.11 clusters on bare metal nodes using the OpenShift installation playbooks (provided in the openshift-ansible package) and Orchestration service (heat) templates.

To deploy OpenShift 3.11 on bare metal nodes, use the OpenShift installation playbooks exclusively without Orchestration service templates. You can provision Red Hat Enterprise Linux on bare metal nodes using Red Hat OpenStack Platform with the Bare Metal service (ironic) or by performing a manual installation.

BZ#1722809

In Red Hat OpenStack Platform 15, the legacy network scripts are deprecated. In a future Red Hat OpenStack Platform version, the legacy network scripts will be removed and replaced by Red Hat Enterprise Linux NetworkManager.

BZ#1752660

In Red Hat OpenStack Platform 15, the Nova vCenter plug-in is deprecated. It will be removed in version 16.

3.2. Red Hat OpenStack Platform 15 Maintenance Release - October 3, 2019

These release notes highlight technology preview items, recommended practices, known issues, and deprecated functionality to be taken into consideration when deploying this release of Red Hat OpenStack Platform.

3.2.1. Enhancements

This release of Red Hat OpenStack Platform features the following enhancements:

BZ#1693268

The Load Balancing service (octavia) now provides the capability to refine access policies for its load balancers, by allowing you to change security group ownership to a security group associated with a user project. (The user project must be on the whitelist.)

In previous RHOSP releases, you could not restrict access to the load balancer, because octavia exclusively assigned the project ID to the security group associated with the VIP and VRRP ports on the load balancing agent (amphora).

3.2.2. Technology Preview

The items listed in this section are provided as Technology Previews. For further information on the scope of Technology Preview status, and the associated support implications, refer to https://access.redhat.com/support/offerings/techpreview/.

BZ#1504662

Neutron bulk port creation (create multiple ports in a single request) has been optimized for speed and is now significantly faster. The benefits of this improvement include faster initialization of containers via Kuryr on neutron networks.

3.2.3. Known Issues

These known issues exist in Red Hat OpenStack Platform at this time:

BZ#1776406

The internal locking model in the container infrastructure changed between podman 1.0.5 (RHEL 8.0) and 1.4.2 (RHEL 8.1). As a result, you cannot update a Red Hat OpenStack Platform (RHOSP) 15 deployment from Red Hat Enterprise Linux (RHEL) 8.0 to RHEL 8.1 without downtime.

There is currently no known workaround. Red Hat is actively working on a solution to this problem. New deployments on RHEL 8.1 with the RHEL 8.1 RHOSP 15 containers work correctly.

If you deployed RHOSP 15 on RHEL 8.0, contact Red Hat support for advisement.

BZ#1776851

Due to an incompatibility between the version of pacemaker in Red Hat Enterprise Linux (RHEL) 8.0-based containers and RHEL 8.1-based hosts, you cannot migrate from RHEL 8.0 to 8.1 for deployed Red Hat OpenStack Platform (RHOSP) 15 environments.

There is currently no known workaround. Red Hat is actively working on a solution to this problem. New deployments of RHOSP 15 on RHEL 8.1 work correctly.

If you deployed RHOSP 15 on RHEL 8.0, contact Red Hat Support for advisement.

3.3. Red Hat OpenStack Platform 15 Maintenance Release - March 4, 2020

These release notes highlight technology preview items, recommended practices, known issues, and deprecated functionality to be taken into consideration when deploying this release of Red Hat OpenStack Platform.

3.3.1. Enhancements

This release of Red Hat OpenStack Platform features the following enhancements:

BZ#1618894
In this update, Red Hat OpenStack director deploys Red Hat Ceph Storage 4.
BZ#1696658
With this update, you can configure NUMA affinity for most neutron networks. This is useful to ensure that instances are placed on the same host NUMA node as the NIC that provides external connectivity to the vSwitch. This feature is available for networks that use a 'provider:network_type' of 'flat' or 'vlan' and a 'provider:physical_network' (L2 networks) or networks that use a 'provider:network_type' of 'vxlan', 'gre' or 'geneve' (L3 networks).
BZ#1751809
With this update, the credentials that you supply in the ContainerImageRegistryCredentials parameter pass to ceph-ansible automatically if the registry name matches the registry name in the ceph_namespace parameter.
BZ#1783354
With this update, you can configure PCI NUMA affinity on an instance-level basis. This is required to configure NUMA affinity for instances with SR-IOV-based network interfaces. Previously, NUMA affinity was configurable only on a host-level basis for PCI passthrough devices.

3.3.2. Technology Preview

The items listed in this section are provided as Technology Previews. For further information on the scope of Technology Preview status, and the associated support implications, refer to https://access.redhat.com/support/offerings/techpreview/.

BZ#1466008
Director can now deploy different, isolated Ceph clusters into different Edge zones by creating an overcloud composed of multiple heat stacks. For example, director can deploy an overcloud that consists of a heat stack for the control plane (Controller nodes) and multiple additional stacks for Edge zones (Computes and Ceph Storage nodes or Compute and HCI nodes).

3.3.3. Known Issues

These known issues exist in Red Hat OpenStack Platform at this time:

BZ#1749443
The Compute services (nova) can fail to deploy because the nova_wait_for_compute_service script is unable to query the Nova API. If you use a remote container image registry outside of the undercloud, the Nova API service might not finish deploying in time.

The workaround is to rerun the deployment command, or to use a local container image registry on the undercloud.

BZ#1764025
There is a known issue that OVN load balancer does not open new connections while fetching data from members. Instead, the load balancer modifies destination address and destination port and sends request packets to the member. As a result, you cannot define IPv6 members if you use IPv4 load balancer addresses, and you cannot define IPv4 members if you use IPv5 load balancer addresses.

There is currently no workaround for this issue.