第3章 リリースの情報
本リリースノートには主に、今回リリースされた Red Hat OpenStack Platform のデプロイメント時に考慮すべきテクノロジープレビューの項目、推奨事項、既知の問題、非推奨になった機能について記載します。Red Hat OpenStack Platform の本リリースのサポートライフサイクル中にリリースされる更新についての情報は、各更新に対応したアドバイザリーの説明に記載されます。
3.1. Red Hat OpenStack Platform 15 GA
本リリースノートには主に、今回リリースされた Red Hat OpenStack Platform のデプロイメント時に考慮すべきテクノロジープレビューの項目、推奨事項、既知の問題、非推奨になった機能について記載します。
3.1.1. 機能拡張
Red Hat OpenStack Platform の今回のリリースでは、以下の機能拡張が提供されています。
BZ#1240852
In Red Hat OpenStack Platform 15, you can specify MTU (maximum transmission unit) settings for each network, and RHOSP will automatically write those settings to the network interface configuration templates. MTU values should be set in the network_data.yaml file. This enhancement alleviates the step of manually updating the network templates for each role, and reduces the likelihood of manual entry errors.
BZ#1484601
The Shared File Systems service (manila) API now supports Transport Layer Security (TLS) endpoints on the internal API network, through SSL/TLS certificates. The Shared File Systems service is automatically secured when you opt to secure Red Hat OpenStack Platform during deployment.
BZ#1535066
In Red Hat OpenStack Platform 15, which depends on Red Hat Enterprise Linux 8, there is a new default Time service, chrony. With this switch, Red Hat highly recommends that you use multiple Network Time Protocol (NTP) servers for both the undercloud and overcloud deployments.
BZ#1547728
In Red Hat Open Stack Platform 15, the Data Processing service (sahara) plug-ins have been decoupled and are now installed as libraries. To obtain newer versions of Data Processing service plug-ins, you no longer have to upgrade RHOSP. Instead, install the newest version of the desired plug-in.
BZ#1585012
You can now configure automatic restart of VM instances on a Compute node if the compute node reboots without first migrating the instances. With the following two new parameters, you can configure the Red Hat OpenStack Platform Compute service (nova) and the libvirt-guests agent to shut down VM instances gracefully and start them when the Compute node reboots: - NovaResumeGuestsStateOnHostBoot (True or False) - NovaResumeGuestsShutdownTimeout (default, 300s)
BZ#1619762
In Red Hat OpenStack Platform 15, director uses version 5.5 of Puppet.
BZ#1626139
In Red Hat OpenStack Platform 15, a new role and environment file have been added to enable the undercloud to deploy an all-in-one overcloud node that contains both the controller services and compute services. The new role and the new environment file are named, respectively, roles/Standalone.yaml and environments/standalone/standalone-overcloud.yaml. Because this new architecture does not yet support high availability, Red Hat cannot guarantee zero down time during RHOSP 15 updates and upgrades. For this reason, Red Hat highly recommends that you properly back up your system.
BZ#1633146
Red Hat OpenStack Platform director now has the ability to control Block Storage service (cinder) snapshots on NFS back ends. A new director parameter, CinderNfsSnapshotSupport, has a default value of True.
BZ#1635862
Using the Red Hat OpenStack Platform director, you can now configure the Image service (glance) to have an optional local image cache. You turn on the image cache, by setting the “GlanceCacheEnabled” property to True. A typical use case for the image cache is edge computing. Because the Image service resides at central site, you can deploy and enable the image cache at remote sites and save bandwidth and reduce the Image service’s boot time.
BZ#1647057
With Paunch you can now manage container memory consumption using three new attributes: mem_limit, memswap_limit, and mem_swappiness.
BZ#1661022
In Red Hat OpenStack Platform 15, if the back end driver supports it, you can now simultaneously attach a volume to multiple machines for both the Block Storage service (cinder) and the Compute service (nova). This feature addresses the use case for clustered application workloads that typically requires active/active or active/standby scenarios.
BZ#1666529
In Red Hat OpenStack Platform 15, the Image service (glance) is automatically configured for any glance-import execution to convert imported images into RAW format when Red Hat Ceph Storage is used as the back end for the Image service.
BZ#1693268
The Load Balancing service (octavia) now provides the capability to refine access policies for its load balancers, by allowing you to change security group ownership to a security group associated with a user project. (The user project must be on the whitelist.) In previous RHOSP releases, you could not restrict access to the load balancer, because octavia exclusively assigned the project ID to the security group associated with the VIP and VRRP ports on the load balancing agent (amphora).
3.1.2. テクノロジープレビュー
本セクションに記載する項目は、テクノロジープレビューとして提供しています。テクノロジープレビューステータスのスコープに関する詳細情報およびそれに伴うサポートへの影響については、https://access.redhat.com/support/offerings/techpreview/ を参照してください。
BZ#1466008
The director can now deploy different, isolated Ceph clusters into different Edge zones by creating an overcloud composed of multiple Heat stacks. For example, the director can deploy an overcloud consisting of a Heat stack for the control plane (Controller nodes) and multiple additional stacks for Edge zones (Computes and Ceph Storage nodes or Compute and HCI nodes).
BZ#1504662
Neutron bulk port creation (create multiple ports in a single request) has been optimized for speed and is now significantly faster. The benefits of this improvement include faster initialization of containers via Kuryr on neutron networks.
BZ#1526109
A new Red Hat OpenStack Platform Bare Metal service (ironic) driver for XClarity managed Lenovo devices is available. The xclarity driver provides more reliable operation on Lenovo devices managed with XClarity, and opportunities for additional vendor-specific features in the future.
BZ#1593758
Red Hat OpenStack Platform Bare Metal service (ironic) now has a BIOS management interface, with which you can inspect and modify a device’s BIOS configuration. In Red Hat OpenStack Platform 15, the Bare Metal service supports BIOS management capabilities for data center devices that are Redfish API compliant. The Bare Metal service implements Redfish calls through the Python library, Sushy.
BZ#1601576
Red Hat OpenStack Platform undercloud networks are now layer 3 (L3) capable. This enhancement enables all segments to use one network, and alleviates the need for service net map overrides. This enhancement is important for Red Hat OpenStack Platform edge computing sites that deploy roles in different sites and make service net map overrides unwieldy.
BZ#1624486
As a technology preview in Red Hat OpenStack Platform 15, the novajoin service tech uses the new, versioned format of notifications sent by the Compute service (nova). To enable the new format, set the value of the new configuration setting, configuration_format, to "versioned." The default value for configuration_format is "unversioned". In a future version of RHOSP, unversioned notifications will be deprecated.
BZ#1624488
As a technology preview in Red Hat OpenStack Platform 15, the novajoin service uses the Python 3 runtime.
BZ#1624490
With this technology preview, it is possible to configure Barbican through Director to store secrets using the ATOS Trustway Proteccio NetHSM. This is mediated through the Barbican PKCS#11 back-end plugin. The technology preview is provided in the following packages: - openstack-barbican - tripleo-heat-templates
BZ#1624491
With this technology preview, it is possible to configure Barbican through director to store secrets using the nCipher NetShield Connect NetHSM. This is mediated through the Barbican PKCS#11 back end plug-in. The technology preview is provided in the following packages: - openstack-barbican - tripleo-heat-templates
BZ#1636040
With Red Hat OpenStack Platform director you can now deploy the Block Storage service (cinder) in an active-active configuration on Ceph RADOS Block Device (RBD) back ends only. The new cinder-volume-active-active.yaml file defines the active-active cluster name by assigning a value to the CinderVolumeCluster parameter. CinderVolumeCluster is a global Block Storage parameter, and prevents you from including clustered (active-active) and non-clustered back ends in the same deployment. The cinder-volume-active-active.yaml file causes director to use the non-Pacemaker, cinder-volume Orchestration service template, and adds the etcd service to your Red Hat OpenStack Platform deployment as a distributed lock manager (DLM).
BZ#1636179
With Red Hat OpenStack Platform director you can now configure different availability zones for Block Storage service (cinder) volume back ends. Director has a new parameter, CinderXXXAvailabilityZone, where XXX is associated with a specific back end.
BZ#1740715
Because Red Hat Ceph Storage 4 is at beta when Red Hat OpenStack Platform 15 is at GA, a new configuration option has been added to RHOSP 15 to prevent any accidental deployments of Red Hat Ceph Storage 4 Beta in a production environment. The new Orchestration service (heat) configuration option, EnableRhcs4Beta, is set by default to "False", and therefore prevents director from deploying Red Hat Ceph Storage 4 Beta by accident.
3.1.3. リリースノート
本項では、Red Hat OpenStack Platform の注目すべき変更点や推奨プラクティスなど、今回のリリースに関する重要な情報を記載しています。お使いのデプロイメントに最大限の効果をもたらすために、以下の情報を考慮する必要があります。
BZ#1585835
The Shared File Systems service (manila) API now runs behind the Apache HTTP Server (httpd). The Apache error and access logs from the Shared File Systems service are available in /var/log/containers/httpd/manila-api on all the nodes that run the manila API container. The log location of the main API service (manila-api) has not changed, and continues to be written on each node in /var/log/containers/manila/.
BZ#1613038
The Block Storage service (cinder) command, "snapshot-manageable-list," now lists the snapshots on the back end for Red Hat Ceph RADOS block devices (RBD).
BZ#1689913
In Red Hat OpenStack Platform 15, the director parameter used during overcloud container preparation, deltarpm, has been renamed to, drpm.
BZ#1722036
Because Red Hat Ceph Storage 4 is at beta when Red Hat OpenStack Platform 15 is at GA, a new configuration option has been added to RHOSP 15 to prevent any accidental deployments of Red Hat Ceph Storage 4 Beta in a production environment. The new Orchestration service (heat) configuration option, EnableRhcs4Beta, is set by default to "False", and therefore prevents director from deploying Red Hat Ceph Storage 4 Beta by accident.
BZ#1730689
There is a known issue wherein deployments will fail with the following message. `puppet-user: Error: Parameter value failed on Vs_config[other_config:n-revalidator-threads]: Invalid external_ids 1. Requires a String, not a Integer` This is due to tripleo parameters of type integer being expected by puppet to be of type string. To work around, include the following in deployment templates: ComputeOvsDpdkSriovExtraConfig: "vswitch::dpdk::handler_cores": "1" "vswitch::dpdk::revalidator_cores": "1"
BZ#1743701
In Red Hat OpenStack Platform 15, director can only deploy Red Hat Ceph Storage v4. At this time, Ceph Storage v4 is still in its beta version. OpenStack Platform 15 will not support director-deployed Ceph until Ceph Storage v4 is generally available. For testing purposes, you can deploy Ceph Storage v4 beta, but the beta version is not supported for use in production. Refer to the documentation for instructions on how to enable Ceph Storage v4 beta.
3.1.4. 既知の問題
現時点における Red Hat OpenStack Platform の既知の問題は以下のとおりです。
BZ#1543414
When running Red Hat OpenStack Platform 15 on a Q35 machine, there is a maximum limit of 500 devices. This is known problem with QEMU, an open source virtualizer and machine emulator.
BZ#1697335
When running the command "openstack stack show <stack_name>" on a stack with a large amount of data (for example, the 'overcloud' stack), the output can be difficult to read because some columns are too wide. Red Hat recommends that you change the default output width. Here is an example: $ openstack stack show overcloud --max-width 100
BZ#1713329
Red Hat OpenStack Platform deployments that use the Linux bridge ML2 driver and agent are unprotected against Address Resolution Protocol (ARP) spoofing. The version of Ethernet bridge frame table administration (ebtables) that is part of Red Hat Enterprise Linux 8 is incompatible with the Linux bridge ML2 driver. The Linux Bridge ML2 driver and agent were deprecated in Red Hat OpenStack Platform 11, and should not be used. Red Hat recommends that you use instead the ML2 Open Virtual Network (OVN) driver and services, the default deployed by the Red Hat OpenStack Platform director.
BZ#1741244
Red Hat OpenStack Platform (RHOSP) does not yet support upgrading to version 15 from earlier RHOSP versions. Support for upgrading will be added to a future update of RHOSP 15.
BZ#1749443
The Compute services (nova) can fail to deploy because the nova_wait_for_compute_service script is unable to query the Nova API. If a remote container image registry is used outside of the undercloud, the Nova API service might not finish deploying in time. The workaround is to rerun the deployment command, or to use a local container image registry on the undercloud.
BZ#1751942
If you use Security Group rules that span across a port range (--dst-port X:Y), an OVN bug causes traffic filtering to fail and all traffic to be dropped. Workaround: Create one rule per port instead of using a port range.
BZ#1752950
Currently, you cannot use Orchestration (heat) templates with the director to deploy an overcloud that requires NFS as an Image service (glance) back end. There is currently no workaround for this issue.
3.1.5. 非推奨の機能
本項には、サポートされなくなった機能、または今後のリリースでサポートされなくなる予定の機能について記載します。
BZ#1584213
In Red Hat OpenStack Platform 15, a part of the Telemetry service, gnocchi, has been deprecated. In a future RHOSP version, gnocchi, and the rest of the Telemetry service will be removed and replaced by the Red Hat Service Assurance Framework.
BZ#1640962
In Red Hat OpenStack Platform 15, the Alarm service (aodh) that is part of the Telemetry service, is deprecated. In a future Red Hat OpenStack Platform version, the Alarm service will be removed.
BZ#1663449
The OpenStack EC2 API is deprecated in this release and is no longer supported.
BZ#1676951
In Red Hat OpenStack Platform 15, the monitoring agent, Sensu client service, is deprecated. In a future Red Hat OpenStack Platform version, the Sensu client service will be removed.
BZ#1686583
In Red Hat OpenStack Platform 15, the Data Processing service (sahara) is deprecated, and will be removed in version 16. Support for the Data Processing service continues in Red Hat OpenStack Platform 15 and earlier supported versions.
BZ#1702694
In Red Hat OpenStack Platform 15, Red Hat OpenStack director (TripleO) no longer supports deploying Red Hat OpenShift Container Platform 3.11 clusters on bare metal nodes using the OpenShift installation playbooks (provided in the openshift-ansible package) and Orchestration service (heat) templates. To deploy OpenShift 3.11 on bare metal nodes, use the OpenShift installation playbooks exclusively without Orchestration service templates. You can provision Red Hat Enterprise Linux on bare metal nodes using Red Hat OpenStack Platform with the Bare Metal service (ironic) or by performing a manual installation.
BZ#1722809
In Red Hat OpenStack Platform 15, the legacy network scripts are deprecated. In a future Red Hat OpenStack Platform version, the legacy network scripts will be removed and replaced by Red Hat Enterprise Linux NetworkManager.
BZ#1752660
In Red Hat OpenStack Platform 15, the Nova vCenter plug-in is deprecated. It will be removed in version 16.