Chapter 3. Release information
These release notes highlight technology preview items, recommended practices, known issues, and deprecated functionality that you should consider when you deploy this release of Red Hat OpenStack Platform.
Notes for updates released during the support lifecycle of this Red Hat OpenStack Platform release appear in the advisory text associated with each update.
3.1. Red Hat OpenStack Platform 17.0 GA - September 21, 2022
These release notes highlight technology preview items, recommended practices, known issues, and deprecated functionality to be taken into consideration when deploying this release of Red Hat OpenStack Platform.
3.1.1. Advisory list
This release includes the following advisories:
- RHEA-2022:6543
- Release of components for Red Hat OpenStack Platform 17.0 (Wallaby)
- RHEA-2022:6544
- Release of containers for Red Hat OpenStack Platform 17.0 (Wallaby)
- RHEA-2022:6545
- Red Hat OpenStack Platform 17.0 RHEL 9 deployment images (qcow2 tarballs)
- RHEA-2022:6546
- Red Hat OpenStack Platform 17.0 (Wallaby) RHEL 9 deployment images (RPMs)
3.1.2. Bug Fix
These bugs were fixed in this release of Red Hat OpenStack Platform:
- BZ#1374002
- Before this update, a misconfiguration of communication parameters between the DNS service (designate) worker and deployed BIND instances caused Red Hat OpenStack Platform (RHOSP) 17.0 Beta deployments that have more than one Controller node to fail. With this update, this issue has been resolved, and you can now use the DNS service in a deployment with more than one Controller node.
- BZ#1801931
-
Before this update, the help text for the
max_disk_devices_to_attach
parameter did not state that0
is an invalid value. Also, when themax_disk_devices_to_attach
parameter was set to0
, thenova-compute
service started when it should have failed. With this update, themax_disk_devices_to_attach
parameter help option text states that a value of0
is invalid, and ifmax_disk_devices_to_attach
is set to0
, thenova-compute
service will now log an error and fail to start. - BZ#1883326
- Before this update, an issue existed with PowerFlex storage-assisted volume migration when volume migration was performed without conversion of volume type in cases where it should have been converted to thin from thick provisioned. With this update, this issue is fixed.
- BZ#1888069
- Before this update, Supermicro servers in UEFI mode would reboot from the network instead of from the local hard disk, causing a failed boot. With this update, Ironic sends the correct raw IPMI commands that request UEFI "boot from hard disk." Booting Supermicro nodes in UEFI mode with IPMI now works as expected.
- BZ#1944586
- This update fixes a bug that incorrectly redirected registered non-stdout callback output from various Ansible processes to the validations logging directory. Output of other processes is no longer stored in validations logging directory. VF callbacks no longer receive information about plays, unless requested.
- BZ#1984556
- The collectd smart plugin requires the CAP_SYS_RAWIO capability. CAP_SYS_RAWIO is not present by default in the configuration, and before this update, you could not add it. With this update, you can use the CollectdContainerAdditionalCapAdd parameter to add CAP_SYS_RAWIO. Enter the following parameter value assignment in an environment file.
Example
parameter_defaults: CollectdExtraPlugins: - smart CollectdContainerAdditionalCapAdd: "CAP_SYS_RAWIO"
- BZ#1991657
Before this update, baremetal node introspection failed with an error and did not retry, when the node had a transient lock on it.
With this update, you can perform introspection even when the node has a lock.
- BZ#2050773
-
Before this update, if an operator defined a custom value for the
volume:accept_transfer
policy that referred to the project_id of the user making the volume transfer accept request, the request would fail. This update removes a duplicate policy check that incorrectly compared the project_id of the requestor to the project_id associated with the volume before transfer. The check done at the Block Storage API layer will now function as expected. - BZ#2064019
-
Before this update, network interruptions caused a bare metal node’s power state to become
None
, and enter themaintenance
state. This is due to Ironic’s connection cache of Redfish node sessions entering a stale state and not being retried. This state cannot be recovered without restarting the Ironic service. With this update, the underlying REST client has been enhanced to return specific error messages. These error messages are used by Ironic to invalidate cached sessions. - BZ#2101937
- With this fix, traffic is distributed on VLAN provider networks in ML2/OVN deployments. Previously, traffic on VLAN provider networks was centralized even with the Distributed Virtual Router (DVR) feature enabled.
- BZ#2121098
Before this update in Red Hat OpenStack Platform (RHOSP) 17.0 Beta, Networking service (neutron) requests could fail with a
504 Gateway Time-out
if they occurred when the Networking service reconnected toovsdb-server
. These reconnections could happen during failovers or throughovsdb-server
leader transfers during database compaction.If neutron debugging was enabled, the Networking service rapidly logged a large number of OVSDB transaction returned TRY_AGAIN" DEBUG messages, until the transaction timed out with an exception.
With this update, the reconnection behavior is fixed to handle this condition, with a single retry of the transaction until a successful reconnection.
3.1.3. Enhancements
This release of Red Hat OpenStack Platform features the following enhancements:
- BZ#1689706
- This enhancement includes OpenStack CLI (OSC) support for Block Storage service (cinder) API 3.42. This allows OSC to extend an online volume.
- BZ#1699454
- With this update, you can restore snapshots with the CephFS Native and CephFS with NFS backends of the Shared File Systems service (manila) by creating a new share from a snapshot.
- BZ#1752776
In Red Hat OpenStack Platform (RHOSP) 17.0 GA, non-admin users have access to new parameters when they run the
openstack server list
command:- --availability-zone <az_name>
- --config-drive
- --key-name <key_name>
- --power-state <state>
- --task-state <state>
- --vm-state <state>
- --progress <percent_value>
--user <name_or_ID>
For more information, see server list.
- BZ#1758161
-
With this update, Red Hat OpenStack Platform director deployed Ceph includes the RGW daemon, replacing the Object Storage service (swift) for object storage. To keep the Object Storage service, use the
cephadm-rbd-only.yaml
file instead ofcephadm.yaml
. - BZ#1813560
- With this update, the Red Hat OpenStack Platform (RHOSP) 17 Octavia amphora image now includes HAProxy 2.4.x as distributed in Red Hat Enterprise Linux (RHEL) 9. This improves the performance of Octavia load balancers; including load balancers using flavors with more than one vCPU core.
- BZ#1839169
-
With this update,
cephadm
andorchestrator
replace ceph-ansible. You can use director with cephadm to deploy the ceph cluster and additional daemons, and use a new `tripleo-ansible`role to configure and enable the Ceph backend. - BZ#1848153
- With this update, you can now use Red Hat OpenStack Platform director to configure the etcd service to use TLS endpoints when deploying TLS-everywhere.
- BZ#1903610
- This enhancement adds the MemcachedMaxConnections parameter. You can use MemcachedMaxConnections to control the maximum number of memcache connections.
- BZ#1904086
- With this enhancement, you can view a volume Encryption Key ID using the cinder client command 'cinder --os-volume-api-version 3.64 volume show <volume_name>'. You must specify microversion 3.64 to view the value.
- BZ#1944872
- This enhancement adds the '--limit' argument to the 'openstack tripleo validator show history' command. You can use this argument to show only a specified number of the most recent validations.
- BZ#1946956
-
This enhancement changes the default machine type for each host architecture to Q35 (
pc-q35-rhel9.0.0
) for new Red Hat OpenStack Platform 17.0 deployments. The Q35 machine type provides several benefits and improvements, including live migration of instances between different RHEL 9.x minor releases, and the native PCIe hotplug that is faster than the ACPI hotplug used by thei440fx
machine type. - BZ#1946978
With this update, the default machine type is RHEL9.0-based Q35
pc-q35-rhel9.0.0
, with the following enhancements:- Live migration across RHEL minor releases.
- Native PCIe hotplug. This is also ACPI-based like the previous i440fx machine type.
- Intel input–output memory management unit (IOMMU) emulation helps protect guest memory from untrusted devices that are directly assigned to the guest.
- Faster SATA emulation.
- Secure boot.
- BZ#1954103
- With this enhancement you can use the PluginInstanceFormat parameter for collectd to specify more than one value.
- BZ#1954274
- This enhancement improves the operating performance of the Bare Metal Provisioning service (ironic) to optimize the performance of large workloads.
- BZ#1959707
In Red Hat OpenStack Platform (RHOSP) 17.0 GA, the
openstack tripleo validator show
command has a new parameter,--limit <number>
, that enables you to limit the number of validations that TripleO displays. The default value is to display the last 15 validations.For more information, see tripleo validator show history.
- BZ#1971607
With this update, the Validation Framework provides a configuration file in which you can set parameters for particular use. You can find an example of this file at the root of the code source or in the default location:
/etc/validation.cfg
.You can use the default file in
/etc/
or use your own file and provide it to the CLI with the argument--config
.When you use a configuration file there is an order for the variables precedence. The following order is the order of variable precedence:
- User’s CLI arguments
- Configuration file
- Default interval values
- BZ#1973356
-
This security enhancement reduces the user privilege level required by the OpenStack Shared File System service (manila). You no longer need permissions to create and manipulate Ceph users, because the Shared File Systems service now uses the APIs exposed by the
Ceph Manager
service for this purpose. - BZ#2041429
-
You can now pre-provision bare metal nodes in your application by using the
overcloud node [un]provision
command.
3.1.4. Technology Preview
The items listed in this section are provided as Technology Previews. For further information on the scope of Technology Preview status, and the associated support implications, refer to https://access.redhat.com/support/offerings/techpreview/.
- BZ#1884782
- In Red Hat OpenStack Platform (RHOSP) 17.0 GA, a technology preview is available for integration between the RHOSP Networking service (neutron) ML2/OVN and the RHOSP DNS service (designate). As a result, the DNS service does not automatically add DNS entries for newly created VMs.
- BZ#1896551
- In Red Hat OpenStack Platform (RHOSP) 17.0, a technology preview is available for Border Gateway Protocol (BGP) to route the control plane, floating IPs, and workloads in provider networks. By using BGP advertisements, you do not need to configure static routes in the fabric, and RHOSP can be deployed in a pure Layer 3 data center. RHOSP uses Free Range Routing (FRR) as the dynamic routing solution to advertise and withdraw routes to control plane endpoints as well as to VMs in provider networks and Floating IPs.
- BZ#1901686
- In Red Hat OpenStack Platform 17.0, secure role-based access control (RBAC) is available for the Load-balancing service (octavia) as a technology preview.
- BZ#1901687
- In Red Hat OpenStack Platform 17.0, Secure RBAC is available for the DNS service (designate) as a technology preview.
- BZ#2008274
- In Red Hat OpenStack Platform 17.0, a technology preview is available for integrating the DNS service (designate) with a pre-existing DNS infrastructure that uses BIND 9. For more information, see Deploying the DNS service with pre-existing BIND 9 servers
- BZ#2120392
- In Red Hat OpenStack Platform 17.0, a technology preview is available for creating single NUMA node instances that have both pinned and floating CPUs.
- BZ#2120407
- In Red Hat OpenStack Platform 17.0, a technology preview is available for live migrating, unshelving and evacuating an instance that uses a port that has resource requests, such as a guaranteed minimum bandwidth QoS policy.
- BZ#2120410
- In Red Hat OpenStack Platform 17.0, a technology preview is available for Compute service scheduling based on routed networks. Network segments are reported to the Placement service as host aggregates. The Compute service includes the network segment information in the Placement service query to ensure that the selected host is connected to the correct network segment. This feature enables more accurate scheduling through better tracking of IP availability and locality, and more accurate instance migration, resizing, or unshelving through awareness of the routed network IP subnets.
- BZ#2120743
- In Red Hat OpenStack Platform 17.0, a technology preview is available for rescuing an instance booted from a volume.
- BZ#2120746
-
In Red Hat OpenStack Platform 17.0, a technology preview is available to define custom inventories and traits in a declarative
provider.yaml
configuration file. Cloud operators can model the availability of physical host features by using custom traits, such asCUSTOM_DIESEL_BACKUP_POWER
,CUSTOM_FIPS_COMPLIANT
, andCUSTOM_HPC_OPTIMIZED
. They can also model the availability of consumable resources by using resource class inventories, such asCUSTOM_DISK_IOPS
, andCUSTOM_POWER_WATTS
. Cloud operators can use the ability to report specific host information to define custom flavors that optimize instance scheduling, particularly when used in collaboration with reserving hosts by using isolated aggregates. Defining a custom inventory prevents oversubscription of Power IOPS and other custom resources that an instance consumes. - BZ#2120756
In Red Hat OpenStack Platform 17.0, a technology preview is available to configure counting of quota usage of cores and ram by querying placement for resource usage and instances from instance mappings in the API database, instead of counting resources from separate cell databases. This makes quota usage counting resilient to temporary cell outages or poor cell performance in a multi-cell environment.
Set the following configuration option to count quota usage from placement:
parameter_defaults: ControllerExtraConfig: nova::config::nova_config: quota/count_usage_from_placement: value: 'True'
- BZ#2120757
- In Red Hat OpenStack Platform 17.0, a technology preview is available for requesting that images are pre-cached on Compute nodes in a host aggregate, when using microversion 2.81. To reduce boot time, you can request that a group of hosts within an aggregate fetch and cache a list of images.
- BZ#2120761
- In Red Hat OpenStack Platform 17.0, a technology preview is available to use traits and the Placement service to prefilter hosts by using the supported device model traits declared by the virt drivers.
- BZ#2128042
- In Red Hat OpenStack Platform 17.0, a technology preview is available for Compute node support of multiple NVIDIA vGPU types for each physical GPU.
- BZ#2128056
In Red Hat OpenStack Platform 17.0, a technology preview is available for cold migrating and resizing instances that have vGPUs.
For a known issue affecting the vGPU Technology Preview, see https://bugzilla.redhat.com/show_bug.cgi?id=2116979.
- BZ#2128070
- In Red Hat OpenStack Platform 17.0, a technology preview is available for creating an instance with a VirtIO data path acceleration (VDPA) interface.
3.1.5. Release Notes
This section outlines important details about the release, including recommended practices and notable changes to Red Hat OpenStack Platform. You must take this information into account to ensure the best possible outcomes for your deployment.
- BZ#1767084
- With this update, the CephFS drivers in the OpenStack Shared File Systems service (manila) are updated so that you can manage provisioning and storage lifecycle operations by using the Ceph Manager API. When you create new file shares, the shares are created in a new format that is quicker for creating, deleting and operations. This transition does not affect pre-existing file shares.
- BZ#1813573
- This enhancement includes Octavia support for object tags. This allows users to add metadata to load balancer resources and filter query results based on tags.
- BZ#2013120
-
With this update, you can supply a new argument
--skiplist
to thevalidation run
command. Use this command with ayaml
file containing services to skip when running validations. - BZ#2090813
- The data collection service (Ceilometer) is supported for collection of Red Hat OpenStack Platform (RHOSP) telemetry and events. Ceilometer is also supported for the transport of those data points to the metrics storage service (gnocchi) for the purposes of autoscaling, and delivery of metrics and events to Service Telemetry Framework (STF) for RHOSP monitoring.
- BZ#2111015
In an ML2/OVS deployment, Open vSwitch (OVS) does not support offloading OpenFlow rules that have the
skb_priority
,skb_mark
, or output queue fields set. Those fields are needed to provide quality-of-service (QoS) support for virtio ports.If you set a minimum bandwidth rule for a virtio port, the Neutron Open vSwitch agent marks the traffic of this port with a Packet Mark Field. As a result, this traffic cannot be offloaded, and it affects the traffic in other ports. If you set a bandwidth limit rule, all traffic is marked with the default 0 queue, which means no traffic can be offloaded.
As a workaround, if your environment includes OVS hardware offload ports, disable the packet marking in the nodes that require hardware offloading. After you disable the packet marking, it will not be possible to set rate limiting rules for virtio ports. However, differentiated services code point (DSCP) marking rules will still be available.
In the configuration file, set the
disable_packet_marking
flag totrue
. After you edit the configuration file, you must restart theneutron_ovs_agent
container. For example:$ cat `/var/lib/config-data/puppet-generated/neutron/etc/neutron/plugins/ml2/openvswitch_agent.ini` [ovs] disable_packet_marking=True
- BZ#2111527
- In RHOSP 17.0 you must use Ceph containers based on RHCSv5.2 GA content.
- BZ#2117229
-
Previously, the
collectd
processes plugin was enabled by default, without a list of processes to watch. This would cause messages in collectd logs like "procs_running not found". With this update, thecollectd
processes plugin is removed from the list of collectd plugins that are installed and enabled by default. You can enable the plugin by adding it to the configuration.
3.1.6. Known Issues
These known issues exist in Red Hat OpenStack Platform at this time:
- BZ#2126476
- NFV is not supported in RHOSP 17.0. Do not deploy NFV use cases in RHOSP 17.0.
- BZ#1966157
-
There is a limitation when using ML2/OVN with
provider:network_type geneve
with a Mellanox adapter on a Compute node that has more than one instance on the geneve network. The floating IP of only one of the instances will be reachable. You can track the progress of the resolution on this Bugzilla ticket. - BZ#2085583
There is currently a known issue wherein long-running operations can cause the
ovsdb
connection to time out causing reconnects. These time outs can then cause thenova-compute
agent to become unresponsive. Workaround: You can use the command-line client instead of the default native python bindings. Use the following parameters in your heat templates to use the command-line client:parameter_defaults: ComputeExtraConfig: nova:os_vif_ovs:ovsdb_interface => 'vsctl'
- BZ#2091076
- Before this update, the health check status script failed because it relied on the podman log content that was no longer available. Now the health check script uses the podman socket instead of the podman log.
- BZ#2105291
- There is currently a known issue where 'undercloud-heat-purge-deleted' validation fails. This is because it is not compatible with Red Hat OpenStack Platform 17. Workaround: Skip 'undercloud-heat-purge-deleted' with '--skip-list' to skip this validation.
- BZ#2104979
A known issue in RHOSP 17.0 prevents the default mechanism for selecting the hypervisor fully qualified domain name (FQDN) from being set properly if the
resource_provider_hypervisors
heat parameter is not set. This causes the SRIOV or OVS agent to fail to start.Workaround: Specify the hypervisor FQDN explicitly in the heat template. The following is an example of setting this parameter for the SRIOV agent:
ExtraConfig: neutron::agents::ml2::sriov::resource_provider_hypervisors: "enp7s0f3:%{hiera('fqdn_canonical')},enp5s0f0:%{hiera('fqdn_canonical')}".
- BZ#2107896
There is currently a known issue that causes tuned kernel configurations to not be applied after initial provisioning.
Workaround: You can use the following custom playbook to ensure that the tuned kernel command line arguments are applied. Save the following playbook as
/usr/share/ansible/tripleo-playbooks/cli-overcloud-node-reset-blscfg.yaml
on the undercloud node:- name: Reset BLSCFG of compute node(s) meant for NFV deployments hosts: allovercloud any_errors_fatal: true gather_facts: true pre_tasks: - name: Wait for provisioned nodes to boot wait_for_connection: timeout: 600 delay: 10 tasks: - name: Reset BLSCFG flag in grub file, if it is enabled become: true lineinfile: path: /etc/default/grub line: "GRUB_ENABLE_BLSCFG=false" regexp: "^GRUB_ENABLE_BLSCFG=.*" insertafter: '^GRUB_DISABLE_RECOVERY.*'
Configure the role in the node definition file,
overcloud-baremetal-deploy.yaml
, to run thecli-overcloud-node-reset-blscfg.yaml
playbook before the playbook that sets thekernelargs
:- name: ComputeOvsDpdkSriov count: 2 hostname_format: computeovsdpdksriov-%index% defaults: networks: - network: internal_api subnet: internal_api_subnet - network: tenant subnet: tenant_subnet - network: storage subnet: storage_subnet network_config: template: /home/stack/osp17_ref/nic-configs/computeovsdpdksriov.j2 config_drive: cloud_config: ssh_pwauth: true disable_root: false chpasswd: list: |- root:12345678 expire: False ansible_playbooks: - playbook: /usr/share/ansible/tripleo-playbooks/cli-overcloud-node-reset-blscfg.yaml - playbook: /usr/share/ansible/tripleo-playbooks/cli-overcloud-node-kernelargs.yaml extra_vars: reboot_wait_timeout: 600 kernel_args: 'default_hugepagesz=1GB hugepagesz=1G hugepages=32 iommu=pt intel_iommu=on isolcpus=1-11,13-23' tuned_profile: 'cpu-partitioning' tuned_isolated_cores: '1-11,13-23' - playbook: /usr/share/ansible/tripleo-playbooks/cli-overcloud-openvswitch-dpdk.yaml extra_vars: memory_channels: '4' lcore: '0,12' pmd: '1,13,2,14,3,15' socket_mem: '4096' disable_emc: false enable_tso: false revalidator: '' handler: '' pmd_auto_lb: false pmd_load_threshold: '' pmd_improvement_threshold: '' pmd_rebal_interval: '' nova_postcopy: true
- BZ#2109597
- There is a hardware (HW) limitation with CX-5. Every network traffic flow has a direction in HW, either transmit (TX) or receive (RX). If the source port of the flow is a virtual function (VF), then it is also TX flow in HW. CX-5 cannot pop VLAN on TX path, which prevents offloading the flow with pop_vlan to the HW.
- BZ#2112988
There is currently a known issue where the Swift API does not work and returns a 401 error when multiple Controller nodes are deployed and Ceph is enabled.
A workaround is available at https://access.redhat.com/solutions/6970061.
- BZ#2116529
Live migration fails when executing the QEMU command
migrate-set-capabilities
. This is because the post-copy feature that is enabled by default is not supported.Choose one of the following workaround options:
Workaround Option 1: Set
vm.unprivileged_userfaultfd = 1
on Compute nodes to enable post-copy on the containerized libvirt:-
Make a new file:
$ touch /etc/sysctl.d/50-userfault.conf
. -
Add
vm.unprivileged_userfaultfd = 1
to/etc/sysctl.d/50-userfault.conf
. -
Load the file:
$ sysctl -p /etc/sysctl.d/50-userfault.conf
.
-
Make a new file:
-
Workaround Option 2: Set the
sysctl
flag through director, by setting theExtraSysctlSettings
parameter. -
Workaround Option 3: Disable the post-copy feature completely, by setting the
NovaLiveMigrationPermitPostCopy
parameter tofalse
.
- BZ#2116979
-
When using the Technology Preview vGPU support features, a known issue prevents
mdev
devices from being freed when stopping, moving, or deleting vGPU instances in RHOSP 17. Eventually, allmdev
devices become consumed, and additional instances with vGPUs cannot be created on the compute host. - BZ#2116980
- If you launch a vGPU instance in RHOSP 17 you cannot delete it, stop it, or move it. When an instance with a vGPU is deleted, migrated off its compute host, or stopped, the vGPU’s underlying mdev device is not cleaned up. If this happens to enough instances, all available mdev devices will be consumed, and no further instances with vGPUs can be created on that compute host.
- BZ#2120383
- There is currently a known issue when creating instances that have an emulated Trusted Platform Module (TPM) device. Workaround: Disable Security-Enhanced Linux (SELinux).
- BZ#2120398
- There is currently a known issue with deploying multi-cell and multi-stack overclouds on RHOSP 17. This is a regression with no workaround, therefore the multi-cell and multi-stack overcloud features are not available in RHOSP 17.0.
- BZ#2120766
-
There is currently a known issue with the RHEL firmware definition file missing from some machine types, which causes the booting of instances with an image firmware of UEFI to fail with a UEFINotSupported exception. This issue is being addressed by https://bugzilla.redhat.com/show_bug.cgi?id=2109644. There is also a known issue when
mem_encryption=on
in the kernel args of an AMD SEV Compute node, that results in the Compute node kernel hanging after a reboot and not restarting. There is no workaround for these issues, therefore the AMD SEV feature is not available in RHOSP 17.0. - BZ#2120773
- There is currently a known issue with shutting down and restarting instances after a Compute node reboot on RHOSP 17. When a Compute node is rebooted, the automated process for gracefully shutting down the instance fails, which causes the instance to have less time to shut down before the system forces them to stop. The results of the forced stop may vary. Ensure you have fresh backups for all critical workloads before rebooting Compute nodes.
- BZ#2121752
-
Because of a performance issue with the new socket NUMA affinity policy for PCI passthrough devices and SR-IOV interfaces, the
socket
NUMA affinity policy is not supported in RHOSP 17.0. - BZ#2124294
Sensubility does not have permission to access
/run/podman/podman.sock
, which causes the container health check to fail to send the service container status data to Service Telemetry Framework (STF).Workaround: Run the following command on all overcloud nodes after deployment:
sudo podman exec -it collectd setfacl -R -m u:collectd:rwx /run/podman
Result: User collectd gets access to /run/podman path recursively allowing sensubility to connect to podman.
- BZ#2125159
In Red Hat OpenStack Platform (RHOSP) 17.0 GA, there is a known issue where ML2/OVN deployments fail to automatically create DNS records with the RHOSP DNS service (designate). The cause for this problem is that the required Networking service (neutron) extension,
dns_domain_ports
, is not present.Workaround: currently there is no workaround, but the fix has been targeted for a future RHOSP release.
- BZ#2126810
In Red Hat OpenStack Platform (RHOSP) 17.0, the DNS service (designate) and the Load-balancing service (octavia) are misconfigured for high availability. The RHOSP Orchestration service (heat) templates for these services use the non-Pacemaker version of the Redis template.
Workaround: include
environments/ha-redis.yaml
in theovercloud deploy
command after theenable-designate.yaml
andoctavia.yaml
environment files.- BZ#2127965
In Red Hat OpenStack Platform (RHOSP) 17.0 GA, there is a known issue where the Free Range Router (FRR) container does not start after the host on which it resides is rebooted. This issue is caused by a missing file in the BGP configuration.
Workaround: create the file,
/etc/tmpfiles.d/run-frr.conf
, and add the following line:d /run/frr 0750 root root - -
After you make this change,
tmpfiles
recreates/run/frr
after each reboot and the FRR container can start.- BZ#2128928
- Integration with Red Hat Satellite is not supported in RHOSP 17.0. Only Red Hat CDN is supported as a package repository and container registry. Satellite support will resume in a future release.
- BZ#2120377
- You cannot use the UEFI Secure Boot feature because there is currently a known issue with UEFI boot for instances. This is due to an underlying RHEL issue.
- BZ#2120384
- You cannot create Windows Server 2022 instances on RHOSP because they require vTPM support, which is not currently available.
- BZ#2152218
- There is currently a known issue when attaching a volume to an instance, or detaching a volume from an instance, when the instance is in the process of booting up or shutting down. You must wait until the instance is fully operational, or fully stopped, before attaching or detaching a volume.
- BZ#2153815
-
There is currently a known issue with creating instances when the instance flavor includes resource usage extra specs,
quota:cpu_*
. On RHOSP 17.0, attempts to create an instance with a flavor that limits the CPU quotas encounter the following error: "Requested CPU control policy not supported by host". This error is raised on RHOSP 17.0 on RHEL 9 because the Compute service assumes that the host is runningcgroups
instead ofcgroups-v2
, therefore it incorrectly detects that the host does not support resource usage extra specs. - BZ#2162242
-
There is currently a known issue with CPU pinning on RHEL 9 kernels older than
kernel-5.14.0-70.43.1.el9_0
that causes soft and hard CPU affinity on all existingcgroups
to be reset when a newcgroup
is created. This issue is being addressed in https://bugzilla.redhat.com/show_bug.cgi?id=2143767. To use CPU pinning, update your kernel tokernel-5.14.0-70.43.1.el9_0
or newer and reboot the host.
3.1.7. Deprecated Functionality
The items in this section are either no longer supported, or will no longer be supported in a future release.
- BZ#1874778
-
In Red Hat OpenStack Platform 17.0, the
iscsi
deployment interface has been deprecated. The default deployment interface is nowdirect
. Bug fixes and support are provided while the feature is deprecated but Red Hat will not implement new feature enhancements. In a future release, the interface will be removed. - BZ#1946898
-
In Red Hat OpenStack Platform 17.0, the QEMU
i440fx
machine type has been deprecated. The default machine type is now Q35,pc-q35-rhel9.0.0
. While thepc-i440fx-*
machine types are still available, do not use these machine types for new workloads. Ensure that you convert all workloads that use the QEMUi440fx
machine type to the Q35 machine type before you upgrade to RHOSP 18.0, which requires VM downtime. Bug fixes and support are provided while the feature is deprecated, but Red Hat will not implement new feature enhancements. - BZ#2084206
- The use of the QPID Dispatch Router (QDR) for transport of RHOSP telemetry towards Service Telemetry Framework (STF) is deprecated in RHOSP 17.0.
- BZ#2090811
- The metrics data storage service (gnocchi) has been deprecated since RHOSP 15. Gnocchi is fully supported for storage of metrics when used with the autoscaling use case. For a supported monitoring solution for RHOSP, see Service Telemetry Framework (STF). Use of gnocchi for telemetry storage as a general monitoring solution is not supported.
- BZ#2090812
- The Alarming service (aodh) has been deprecated since Red Hat OpenStack Platform(RHOSP) 15. The Alarming service is fully supported for delivery of alarms when you use it with the autoscaling use case. For delivery of metrics-based alarms for RHOSP, see Service Telemetry Framework (STF). Use of the Alarming service as part of a general monitoring solution is not supported.
- BZ#2100222
- The snmp service was introduced to allow the data collection service (Ceilometer) on the undercloud to gather metrics via the snmpd daemon deployed to the overcloud nodes. Telemetry services were previously removed from the undercloud, so the snmp service is no longer necessary or usable in the current state.
- BZ#2103869
The Derived Parameters feature is deprecated. It will be removed in a future release. The Derived Parameters feature is configured using the --plan-environment-file option of the openstack overcloud deploy command.
Workaround / Migration Instructions
HCI overclouds require system tuning. There are many different options for system tuning. The Derived Parameters functionality tuned systems with director by using hardware inspection data and set tuning parameters using the --plan-environment-file option of the openstack overcloud deploy command. The Derived Parameters functionality is deprecated in Release 17.0 and is removed in 17.1.
The following parameters were tuned by this functionality:
- IsolCpusList
- KernelArgs
- NeutronPhysnetNUMANodesMapping
- NeutronTunnelNUMANodes
- NovaCPUAllocationRatio
- NovaComputeCpuDedicatedSet
- NovaComputeCpuSharedSet
- NovaReservedHostMemory
- OvsDpdkCoreList
- OvsDpdkSocketMemory
OvsPmdCoreList
To set and tune these parameters starting in 17.0, observe their values using the available command line tools and set them using a standard heat template.
- BZ#2128697
The ML2/OVS mechanism driver is deprecated in RHOSP 17.0.
Over several releases, Red Hat is replacing ML2/OVS with ML2/OVN. For instance, starting with RHOSP 15, ML2/OVN became the default mechanism driver.
Support is available for the deprecated ML2/OVS mechanism driver through the RHOSP 17 releases. During this time, the ML2/OVS driver remains in maintenance mode, receiving bug fixes and normal support, and most new feature development happens in the ML2/OVN mechanism driver.
In RHOSP 18.0, Red Hat plans to completely remove the ML2/OVS mechanism driver and stop supporting it.
If your existing Red Hat OpenStack Platform (RHOSP) deployment uses the ML2/OVS mechanism driver, start now to evaluate a plan to migrate to the mechanism driver. Migration is supported in RHOSP 16.2 and will be supported in RHOSP 17.1. Migration tools are available in RHOSP 17.0 for test purposes only.
Red Hat requires that you file a proactive support case before attempting a migration from ML2/OVS to ML2/OVN. Red Hat does not support migrations without the proactive support case. See How to submit a Proactive Case.
3.1.8. Removed Functionality
- BZ#1918403
Technology preview support was added in RHOSP 16.1 for configuring NVDIMM Compute nodes to provide persistent memory for instances. Red Hat has removed support for persistent memory from RHOSP 17.0 and future releases in response to the announcement by the Intel Corporation on July 28, 2022 that they are discontinuing investment in their Intel® Optane™ business:
Cloud operators must ensure that no instances use the vPMEM feature before upgrading to 17.1.
- BZ#1966898
- In Red Hat OpenStack Platform 17.0, panko and its API were removed from the distribution.
- BZ#1984889
- In this release, Block Storage service (cinder) backup support for Google Cloud Services (GCS) has been removed due to a reliance on libraries that are not FIPS compliant.
- BZ#2022714
- In Red Hat OpenStack Platform 17.0, the collectd-write_redis plugin was removed.
- BZ#2023893
-
In Red Hat OpenStack Platform 17.0, a dependency has been removed from the distribution so that the subpackage
collectd-memcachec
cannot be built anymore. The collectd-memcached
plugin provides similar functionality to that ofcollectd-memcachec
. - BZ#2065540
- In Red Hat OpenStack Platform 17.0, the ability to deliver metrics from collectd to gnocchi was removed.
- BZ#2094409
-
In Red Hat OpenStack Platform 17.0, the deprecated
dbi
andnotify_email
collectd plugins were removed. - BZ#2101948
- In Red Hat OpenStack Platform 17.0, the collectd processes plugin has been removed from the default list of plugins. Loading the collectd processes plugin can cause logs to flood with messages, such as "procs_running not found".
- BZ#2127184
- In Red Hat OpenStack Platform 17.0, support for POWER (ppc64le) architectures has been removed. Only the x86_64 architecture is supported.
3.2. Red Hat OpenStack Platform 17.0.1 Maintenance Release - January 25, 2023
These release notes highlight technology preview items, recommended practices, known issues, and deprecated functionality to be taken into consideration when deploying this release of Red Hat OpenStack Platform.
3.2.1. Advisory list
This release includes the following advisories:
- RHBA-2023:0271
- Red Hat OpenStack Platform 17.0.1 bug fix and enhancement advisory
- RHBA-2023:0277
- Red Hat OpenStack Platform 17.0.1 director images
- RHBA-2023:0278
- Red Hat OpenStack Platform 17.0.1 director image RPMs
- RHBA-2023:0279
- Updated Red Hat OpenStack Platform 17.0.1 container images
- RHSA-2023:0274
- Moderate: Red Hat OpenStack Platform 17.0 (python-XStatic-Angular) security update
- RHSA-2023:0275
- Moderate: Red Hat OpenStack Platform 17.0 (openstack-neutron) security update
- RHSA-2023:0276
- Moderate: Red Hat OpenStack Platform 17.0 (python-scciclient) security update
3.2.2. Bug Fix
These bugs were fixed in this release of Red Hat OpenStack Platform:
- BZ#2085583
-
Before this update,
ovsdb
connection time-outs caused thenova-compute
agent to become unresponsive. With this update, the issue has been fixed. - BZ#2091076
- Before this update, unavailability of the Podman log content caused the health check status script to fail. With this update, an update to the health check status script resolves the issue by using the Podman socket instead of the Podman log. As a result, API health checks, provided through sensubility for Service Telemetry Framework, are now operational.
- BZ#2106763
- Before this update, an underlying RHEL issue caused a known issue with UEFI boot for instances. With this update, the underlying RHEL issue has now been fixed and the UEFI Secure Boot feature for instances is now available.
- BZ#2121098
Before this update, in Red Hat OpenStack Platform (RHOSP) 17.0, Networking service (neutron) requests sometimes failed with a
504 Gateway Time-out
if the request was made when the Networking service reconnected toovsdb-server
. These reconnections sometimes happened during failovers or throughovsdb-server
leader transfers during database compaction.If neutron debugging was enabled, the Networking service rapidly logged a large number of OVSDB transaction-returned "TRY_AGAIN" DEBUG messages, until the transaction timed out with an exception.
With this update, the reconnection behavior is fixed to handle this condition, with a single retry of the transaction until a successful reconnection.
- BZ#2121634
- Before this update, the Red Hat OpenStack Platform (RHOSP) DNS service (designate) was unable to start its central process when TLS-everywhere was enabled. This was caused by an inability to connect to Redis over TLS. With this update in RHOSP 17.0.1, this issue has been resolved.
- BZ#2122926
-
Before this update, adding a member without subnet information when the subnet of the member is different than the subnet of the load balancer Virtual IP (VIP) caused the ovn-octavia provider to wrongly use the VIP subnet for the
subnet_id
, which resulted in no error but no connectivity to the member. With this update, a check that the actual IP of the member belongs to the same CIDR that the VIP belongs to when there is no subnet information resolves the issue. If the two IP addresses do not match, the action is rejected, asking for thesubnet_id
. - BZ#2133029
- Before this update, the Alarming service (aodh) used a deprecated gnocchi API to aggregate metrics. This resulted in incorrect metric measures of CPU use in the gnocchi results. With this update, use of dynamic aggregation in gnocchi, which supports the ability to make reaggregations of existing metrics and the ability to make and transform metrics as required, resolves the issue. CPU use in gnocchi is computed correctly.
- BZ#2135549
- Before this update, deploying RHEL 8.6 images in UEFI mode caused a failure when using the ironic-python-agent service because the ironic-python-agent service did not understand the RHEL 8.6 UEFI boot loader hint file. With this update, you can now deploy RHEL 8.6 in UEFI mode.
- BZ#2138046
-
Before this update, when you used the whole disk image
overcloud-hardened-uefi-full
to boot overcloud nodes, nodes that used the Legacy BIOS boot mode failed to boot because thelvmid
of the root volume was different to thelvmid
referenced ingrub.cfg
. With this update, thevirt-sysprep
task to reset thelvmid
has been disabled, and nodes with Legacy BIOS boot mode can now be booted with the whole disk image. - BZ#2140881
-
Before this update, the
network_config
schema in the bare-metal provisioning definition did not allow setting thenum_dpdk_interface_rx_queues
parameter, which caused a schema validation error that blocked the bare-metal node provisioning process. With this update, the schema validation error no longer occurs when the 'num_dpdk_interface_rx_queues' parameter is used.
3.2.3. Known Issues
These known issues exist in Red Hat OpenStack Platform at this time:
- BZ#2058518
-
There is currently a known issue when the Object Storage service (swift) client blocks a Telemetry service (ceilometer) user from fetching object details under the condition of the Telemetry service user having inadequate privileges to poll objects from the Object Storage service. Workaround: Associate the
ResellerAdmin
role with the Telemetry service user by using the commandopenstack role add --user ceilometer --project service ResellerAdmin
. - BZ#2104979
A known issue in RHOSP 17.0 prevents the default mechanism for selecting the hypervisor fully qualified domain name (FQDN) from being set properly if the
resource_provider_hypervisors
heat parameter is not set. This causes the single root I/O virtualization (SR-IOV) or Open vSwitch (OVS) agent to fail to start.Workaround: Specify the hypervisor FQDN explicitly in the heat template. The following is an example of setting this parameter for the SRIOV agent:
ExtraConfig: neutron::agents::ml2::sriov::resource_provider_hypervisors: "enp7s0f3:%{hiera('fqdn_canonical')},enp5s0f0:%{hiera('fqdn_canonical')}".
- BZ#2105312
There is currently a known issue where the
ovn/ovsdb_probe_interval
value is not configured in the fileml2_conf.ini
with the value specified byOVNOvsdbProbeInterval
because a patch required to configure the neutron server based onOVNOvsdbProbeInterval
is not included in 17.0.1.Workaround: Deployments that use
OVNOvsdbProbeInterval
must useExtraConfig
hooks in the following manner to configure the neutron server:parameter_defaults: OVNOvsdbProbeInterval: <probe interval in milliseconds> ControllerExtraConfig: neutron::config::plugin_ml2_config: ovn/ovsdb_probe_interval: value: <probe interval in milliseconds>
- BZ#2107896
There is currently a known issue that causes tuned kernel configurations to not be applied after initial provisioning.
Workaround: You can use the following custom playbook to ensure that the tuned kernel command line arguments are applied. Save the following playbook as
/usr/share/ansible/tripleo-playbooks/cli-overcloud-node-reset-blscfg.yaml
on the undercloud node:- name: Reset BLSCFG of compute node(s) meant for NFV deployments hosts: allovercloud any_errors_fatal: true gather_facts: true pre_tasks: - name: Wait for provisioned nodes to boot wait_for_connection: timeout: 600 delay: 10 tasks: - name: Reset BLSCFG flag in grub file, if it is enabled become: true lineinfile: path: /etc/default/grub line: "GRUB_ENABLE_BLSCFG=false" regexp: "^GRUB_ENABLE_BLSCFG=.*" insertafter: '^GRUB_DISABLE_RECOVERY.*'
Configure the role in the node definition file,
overcloud-baremetal-deploy.yaml
, to run thecli-overcloud-node-reset-blscfg.yaml
playbook before the playbook that sets thekernelargs
:- name: ComputeOvsDpdkSriov count: 2 hostname_format: computeovsdpdksriov-%index% defaults: networks: - network: internal_api subnet: internal_api_subnet - network: tenant subnet: tenant_subnet - network: storage subnet: storage_subnet network_config: template: /home/stack/osp17_ref/nic-configs/computeovsdpdksriov.j2 config_drive: cloud_config: ssh_pwauth: true disable_root: false chpasswd: list: |- root:12345678 expire: False ansible_playbooks: - playbook: /usr/share/ansible/tripleo-playbooks/cli-overcloud-node-reset-blscfg.yaml - playbook: /usr/share/ansible/tripleo-playbooks/cli-overcloud-node-kernelargs.yaml extra_vars: reboot_wait_timeout: 600 kernel_args: 'default_hugepagesz=1GB hugepagesz=1G hugepages=32 iommu=pt intel_iommu=on isolcpus=1-11,13-23' tuned_profile: 'cpu-partitioning' tuned_isolated_cores: '1-11,13-23' - playbook: /usr/share/ansible/tripleo-playbooks/cli-overcloud-openvswitch-dpdk.yaml extra_vars: memory_channels: '4' lcore: '0,12' pmd: '1,13,2,14,3,15' socket_mem: '4096' disable_emc: false enable_tso: false revalidator: '' handler: '' pmd_auto_lb: false pmd_load_threshold: '' pmd_improvement_threshold: '' pmd_rebal_interval: '' nova_postcopy: true
- BZ#2125159
-
There is currently a known issue in RHOSP 17.0 where ML2/OVN deployments fail to automatically create DNS records with the RHOSP DNS service (designate) because the required Networking service (neutron) extension,
dns_domain_ports
, is not present. There is currently no workaround. A fix is planned for a future RHOSP release. - BZ#2127965
There is currently a known issue in RHOSP 17.0 where the Free Range Router (FRR) container does not start after the host on which it resides is rebooted. This issue is caused by a missing file in the BGP configuration. Workaround: Create the file,
/etc/tmpfiles.d/run-frr.conf
, and add the following line:d /run/frr 0750 root root - -
After you make this change,
tmpfiles
recreates/run/frr
after each reboot and the FRR container can start.