Chapter 4. Technical Notes

This chapter supplements the information contained in the text of Red Hat OpenStack Platform "Train" errata advisories released through the Content Delivery Network.

4.1. RHEA-2021:3483 — Release of components for OSP 16.2

Changes to the distribution component:

  • The python-networking-fujitsu package is not included with RHOSP 16.2. (BZ#1906028)

Changes to the openstack-cinder component:

  • Typically, when you create an encrypted volume from a snapshot of an encrypted volume, the source volume is the same size or smaller than the destination volume.

    In previous releases, if you created an encrypted volume from a snapshot of an encrypted volume, and the destination volume was close to or equal to the size of the source volume, the Block Storage service (cinder) silently truncated the data in the new destination volume.

    With this release, the Block Storage service calculates the size of the destination volume to include the current size of the encryption header, which eliminates the data truncation. (BZ#1772531)

  • Before this update, the NetApp SolidFire driver would create a duplicate volume when the API response is lost due to a connection error and the driver retries the API request. This occurred when the SolidFire back end successfully received and processed a create volume operation, but failed to deliver the response back to the driver. This update resolves the issue by:

    1. Checking if the volume name already exists in the backend before trying to create it. If a volume is found, an exception is raised and the process is aborted.
    2. Checking for volume creation right after a read timeout is detected, to prevent invalid API calls.
    3. Adding the ´sf_volume_create_timeout´ option to the SolidFire driver, to allow users to set the appropriate timeout value for their environment. (BZ#1939394)
  • The Unisphere for PowerMax REST endpoints have changed from 91 to 92. This update changes how URIs are created, to allow for full coverage of all possible Unisphere REST API endpoints. (BZ#1913671)
  • This update adds Challenge Handshake Authentication Protocol (CHAP) support to the Dell EMC PowerStore driver. PowerStore can now be used with enabled CHAP as a storage back end. (BZ#1935154)
  • Before this update, if PowerStore ports were configured for multiple purposes, such as for iSCSI or Replication, the driver reported that it could find no accessible iSCSI targets. This was because the REST filter was wrong. This update fixes the PowerStore iSCSI targets filtering. (BZ#1953749)
  • Before this update, when iSCSI or FC targets, such as ESXi, were not connected to the RHOSP host, the attach volume operation waited until it timed out. With this update, a new option to support ports filtering has been added to the Dell EMC XtremIO driver for the Block Storage service (cinder). (BZ#1956370)

Changes to the openstack-glance component:

  • Before this update, RBD performance was degraded when multiple instances were launched simultaneously. This was due to the Image service starting multiple threads to perform the same copying operation. This update resolves the issue. (BZ#1851051)
  • This update fixes an Image service (glance) configuration error that prevented users from creating a virtual machine with watchdog by setting flavor metadata. (BZ#1851797)

Changes to the openstack-ironic-python-agent component:

  • In this release, EFI bootloader assets for whole-disk images are preserved during deployment, so the shim bootloader is no longer overwritten. This ensures that Secure Boot is switched on after deployment. (BZ#1961784)

Changes to the openstack-manila component:

  • Previously, the Shared File Systems service (manila) API that brings external shares into service management did not check for duplicated export locations. An existing share brought into the service multiple times results in an inconsistent state.

    With this release, the API evaluates the export locations of known or existing shares before allowing external shares to be managed, and prevents existing shares from being erroneously brought into the Shared File Systems service again. (BZ#1849843)

  • When multiple storage backends are configured on the Shared File Systems service (manila), each storage back end might support a different storage protocol. Before this update, the Shared File Systems service scheduler did not consider the storage protocol and capability of the shared storage back ends when deciding where to place them, which caused share provisioning to fail. With this update, the Shared File Systems service scheduler now automatically considers the share type extra specs with the storage protocol, which makes it possible use the CapabilitiesFilter to compare storage back end capabilities and provision shares successfully. (BZ#1888105)

Changes to the openstack-manila-ui component:

  • Before this update, the Shared File Systems service (manila) dashboard had dynamic form elements whose names could potentially cause the forms to become unresponsive. This meant that the creation of share groups, share networks, and shares within share networks did not work.

    With this update, dynamic elements whose names could be problematic are encoded, which means that creation of share groups, share networks, and shares within share networks functions normally. (BZ#1974979)

Changes to the openstack-nova component:

  • Before this update, when you resized or migrated an instance that had a vGPU flavor you needed to rebuild the instance manually to re-allocate the vGPU resources. With this update, instances with a vGPU flavor are automatically re-allocated the vGPU resources after resize and cold migration operations. (BZ#1844372)
  • When an instance is created, the Compute service (nova) sanitizes the instance display name to generate a valid hostname when DNS integration is enabled in the Networking service (neutron).

    Before this update, the sanitization did not replace periods ('.') in instance names, for example, 'rhel-8.4'. This could result in display names being recognized as Fully Qualified Domain Names (FQDNs) which produced invalid hostnames. When instance names contained periods and DNS integration was enabled in the Networking service, the Networking service would reject the invalid hostname resulting in a failure to create the instance and a HTTP 500 server error from the Compute service.

    With this update, periods are now replaced by hyphens in instance names to prevent hostnames being parsed as FQDNs. You can continue to use free-form strings for instance display names. (BZ#1919855)

Changes to the openstack-tripleo-heat-templates component:

  • This enhancement adds support for Entrust nShield HSM deployment in high availability mode with OpenStack Key Manager (barbican). (BZ#1714772)
  • Images with null bytes take up a lot of space. With this release, you can enable sparse image upload and save space when you upload images. Sparse image upload is supported only with Ceph RBD. (BZ#1866741)
  • In prior releases, you could not delete resources with dependencies, such as snapshots. With this release, you can delete resources with dependencies. (BZ#1884322)
  • For Distributed Compute Node deployments which use storage, dcn-hci.yaml has been renamed to dcn-storage.yaml because DCN sites with storage have the option of not using HCI (Hyper-Converged Infrastructure). dcn-hci.yaml is deprecated but will remain in the environments directory for backwards compatibility. dcn-hci.yaml will be removed in Red Hat OpenStack platform 17. dcn-storage.yaml should be used in place of dcn-hci.yaml. (BZ#1868673)
  • This enhancement improves the efficiency, performance, and execution time of deployment and update tasks for environments with a large number of roles. The logging output of the deployment process has been improved to include task IDs for better tracking of specific task executions, which can occur at different times. The task IDs can now be used to correlate timing and execution when troubleshooting executions. (BZ#1897890)
  • With this enhancement, you can improve the performance of live migrations by using the following new parameters:

    • NovaLiveMigrationPermitPostCopy - When enabled, the instance is activated on the destination node before migration is complete, and an upper bound is set on the memory that needs to be transferred, which improves the live migration of larger instances. This parameter is enabled by default.
    • NovaLiveMigrationPermitAutoConverge - When enabled, if an on-going live migration is progressing slowly the instance CPU is throttled until the memory copy process is faster than the instance’s memory writes. This parameter is disabled by default. To enable NovaLiveMigrationPermitAutoConverge, add the following configuration to an environment file:

      parameter_defaults:
        ComputeParameters:
          NovaLiveMigrationPermitAutoConverge: true

      (BZ#1920229)

Changes to the openstack-tripleo-validations component:

  • This enhancement adds new validation for tripleo-latest-packages-version. This validation checks if the listed tripleo packages are up to date with repositories. (BZ#1926725)

Changes to the puppet-collectd component:

  • Before this update, the PluginInstanceFormat parameter for collectd could specify only one of the following values: 'none', 'name', 'uuid', or 'metadata'. After this update, the PluginInstanceFormat parameter for collectd can now specify more than one value, which results in more information being sent in the plugin_instance label of collectd metrics. (BZ#1938568)

Changes to the python-glance-store component:

  • Before this update, writing an image to RBD could be very slow. This update improves the process for writing an image to RBD, which improves the time it takes for images to be written to RBD. (BZ#1690726)

Changes to the python-networking-ovn component:

  • This update fixes an issue that caused Neutron agents, such as Neutron DHCP, to fail when they tried to create resources in OVN because ML2/OVN prevented RPC workers from connecting the OVN southbound database. (BZ#1972774)
  • This update fixes an issue that caused Neutron agents, such as Neutron DHCP, to fail when they tried to create resources in OVN. This was caused by residual data left in the OVN databases when QoS rules were created for floating IPs.

    This update eliminates the residual data and fixes the problem. (BZ#1978158)

Changes to the python-os-brick component:

  • Before this update, some exceptions were not being caught during connections to iSCSI portals, such as failures in iscsiadm -m session. This caused _connect_vol threads to abort unexpectedly in some failure patterns, which caused subsequent steps to hang while waiting for results from _connect_vol threads. This update ensures that any exceptions during connections to iSCSI portals are handled correctly in the _connect_vol method, to avoid unhandled exceptions during connecting to iSCSI portals, and unexpected aborts that have no updated thread results. (BZ#1923975)

Changes to the python-oslo-config component:

  • This enhancement adds the type HostDomain. HostDomain is the same as HostAddress with the added support of the underscore character - RFC1033. Systems such as DomainKeys and service records use the underscore. The Compute service can use the HostDomain type to define live_migration_inbound_addr. (BZ#1868940)

Changes to the python-tripleoclient component:

  • Before this update, the validation variable in one code path was referenced but never assigned, which resulted in an unhandled exception during validation. This has been fixed. (BZ#1959853)

Changes to the tripleo-ansible component:

  • Starting with Red Hat Enterprise Linux (RHEL) version 8.3, support for the Intel Transactional Synchronization Extensions (TSX) feature is disabled by default. Currently, this causes instance live migration to fail when migrating from hosts where the TSX kernel argument is enabled to hosts where the TSX kernel argument is disabled.

    This impact applies only to Intel hosts that support the TSX feature. For more information about the CPUs that are affected by this issue, see Affected Configurations.

    For more information, review the following Red Hat Knowledgebase solution Guidance on Intel TSX impact on OpenStack guests. (BZ#1975240)

  • In Red Hat OpenStack Platform 16.2, a technology preview is available that supports Precision Time Protocol (PTP) with Timemaster. (BZ#1825895)
  • Before this fix, grub2 tooling wrote kernel argument changes to /boot/grub2/grubenv. This file was not available to UEFI boot systems, and caused kernel argument changes not to persist across reboots on UEFI boot nodes.

    This fix changes both the /boot/grub2/grubenv file and the /boot/efi/EFI/redhat/grubenv files when you make kernel argument changes. As a result, RHOSP director now applies persistent Kernel argument changes for UEFI boot nodes. (BZ#1987092)

  • During stack update the KernelArgs could be modified or appended. A reboot of the affected nodes needs to be performed manually.

    For example, if the current deployment has the following configuration, it is possible to change hugepages=64, or add or remove arguments during the stack update:

    `KernelArgs: "default_hugepagesz=1GB hugepagesz=1G hugepages=32 intel_iommu=on iommu=pt isolcpus=1-11,13-23"

    For example:

    KernelArgs: "default_hugepagesz=1GB hugepagesz=1G hugepages=64 intel_iommu=on iommu=pt isolcpus=1-24"
    KernelArgs: "isolcpus=1-11,13-23"
    Note

    Complete removal of KernelArgs during the update is not supported. Also KernelArgs could be newly added as well to an existing overcloud node, however the reboot would be triggered in this case. (BZ#1900723)

Changes to the validations-common component:

  • Before this update, execution of the validation package check-latest-packages-version was slow. This update resolves the issue. (BZ#1942531)
  • This enhancement improves the performance and application of the check-latest-packages-version validation. (BZ#1926721)
  • Before this update, validation results were not being logged and validation artifacts were not being collected as the permissions required to access the requested logging directory were not granted. This update resolves the issue, and validation results are successfully logged and validation artifacts are collected. (BZ#1910508)
  • Before this update, Ansible redirected output to all registered non-stdout callback plug-ins by default, which resulted in VF callbacks processing information from other processes using ansible runtime. This issue has been resolved and the output of other processes is no longer stored in the validations logging directory. (BZ#1960185)