What's new in RPCO v16.0#
Rackspace Private Cloud Powered By OpenStack (RPCO) release 16.0 is based on the OpenStack-Ansible (OSA) project. For OSA release notes, see OpenStack-Ansible Pike Release Notes.
Major new releases of OpenStack such as 16.0 typically include many changes, enhancements, and new features. RPCO is a tested configuration of a subset of all available OpenStack services.
These release notes list some of the significant upstream OpenStack changes made since the Newton release and are provided for your awareness. It is not a statement of support. For more information about supported features and configurations, contact your Rackspace sales team or support specialist.
General changes and improvements#
api-workers/wsgi_threadsis capped at 16, unless specifically overridden.
- Logging within the container has been bind mounted to the hosts. This resolves issue 1588051. See https://bugs.launchpad.net/openstack-ansible/+bug/1588051.
- SSLv3 is now disabled in the
haproxydaemon configuration by default.
haproxy_backend_argumentshas been added to pass arbitrary options to HAProxy blocks, such as
- HAProxy playbook no longer loads an external variable file. Any
keepalivedconfiguration file needs to be renamed and moved into the Openstack-Ansible user space.
- The MariaDB repository is pinned to version 10.1.30 to work around a bug that breaks clustering for multi-node deployments. For more information, see https://jira.mariadb.org/browse/MDEV-15254.
- Important: Upgrading to newer versions of MariaDB might re-introduce this bug. Exercise caution when performing upgrades.
Block Storage service (cinder)#
- Prior version (Ocata) project release notes: https://docs.openstack.org/releasenotes/cinder/ocata.html
- Project release notes: https://docs.openstack.org/releasenotes/cinder/pike.html
- Cinder allows the expiration of unused reservations to be set.
reservation_clean_intervalto the desired number of seconds. The default value is
- Cinder API v1, v2, and v3 are available in this release.
- For a complete list of Cinder API changes in this release, see this list of all changes made between Cinder REST API version 3.15 and version 3.43: https://docs.openstack.org/cinder/latest/contributor/api_microversion_history.html#maximum-in-newton
Compute service (nova)#
- Prior version (Ocata) project release notes: https://docs.openstack.org/releasenotes/nova/ocata.html
- Project release notes: https://docs.openstack.org/releasenotes/nova/pike.html
- A nova-compute worker can automatically disable itself if it has a certain number of consecutive build failures.
- In the
[compute]subsection of the configuration file, use
consecutive_build_service_disable_threshold. The default value is
- This can be set in OSA via
config_template, but no variable exists yet.
- Nova can hide the hypervisor ID from a virtual machine, if needed.
- Set the
img_hide_hypervisor_id=trueproperty on a glance image.
- This setting is helpful when doing Single Root Input/Output Virtualization (SRIOV) with Nvidia cards. The Nvidia driver checks for the presence of a hypervisor, and when this property is set to
False, the driver fails.
- CPUs can be set aside for use by the hypervisor and the scheduler will mark them as reserved.
config_overrideto set the
reserved_host_cpusvariable. The default value is
- OSA patch proposed: https://review.openstack.org/523529
- Live migration timeout checking is now disabled by default to work around a bug that caused migrations to fail even if the migration was progressing normally.
[libvirt]/live_migration_progress_timeoutis now set to
0by default, which disables progress checking.
- Nova developers recommend using
- Note: None of these variables are set in the OSA Pike release.
- Nova can force quota rechecks to avoid exceeding a quota during a period of heavy build requests
- In the
[quota]subsection of the configuration file, use
recheck_quota. The default value is
- Important: This setting can increase load on the system. Set the value to
Falseto return to the behavior of the previous release. Note that a setting of
Falseallows quotas to be exceeded.
nova-cellsAPI (Admin-only API)
- Multiple cells are not available in this release. This capability will be added in a future release.
nova-placementAPI (Not a public API)
- For a complete list of Nova API changes in this release, see all changes made between Nova REST API version 2.38 and version 2.5: https://docs.openstack.org/nova/pike/reference/api-microversion-history.html#maximum-in-newton
- Prior version (Ocata) project release notes: https://docs.openstack.org/releasenotes/horizon/ocata.html
- Project release notes: https://docs.openstack.org/releasenotes/horizon/pike.html
Identity service (keystone)#
- Prior version (Ocata) project release notes: https://docs.openstack.org/releasenotes/keystone/ocata.html
- Project release notes: https://docs.openstack.org/releasenotes/keystone/pike.html
- Keystone rolling upgrade status checks are available.
- Keystone supports multiple password hashing algorithms. bcrypt is the default.
- In the
[identity]subsection of the configuration file, use
password_hash_algorithm. (Note that this variable is not set in the OSA Pike release.)
[identity] password_hash_roundsis also available. The default value is
- Keystone endpoints now have version-less URLs.
Image service (glance)#
- Prior version (Ocata) project release notes: https://docs.openstack.org/releasenotes/glance/ocata.html
- Project release notes: https://docs.openstack.org/releasenotes/glance/pike.html
- Glance API v1 and v2 are available in this release.
- Note: Glance API v1 is deprecated and will be removed in the next major release (Queens).
Networking service (neutron)#
- Prior version (Ocata) project release notes: https://docs.openstack.org/releasenotes/neutron/ocata.html
- Project release notes: https://docs.openstack.org/releasenotes/neutron/pike.html
- A neutron port can now have its own
dns_domainsetting. This overrides the default
dns_domainset in the Neutron configuration.
send_arp_for_haoption is removed from Neutron in this release. Neutron automatically sends three ARP requests for each address assigned to a port.
- Removal proposed: https://review.openstack.org/523930
- The Linux bridge L2 agent now supports bandwidth limiting for both ingress and egress traffic.
- Neutron now uses the defaults for
oslo.dbto be consistent with other services.
net.bridge.bridge-nf-call-*kernel parameters were set to
0in previous releases to improve performance and Neutron was responsible for adjusting these parameters when security groups are applied. This could create situations where bridge traffic was not sent through
iptables, rendering security groups ineffective and allowing unexpected ingress and egress traffic within the cloud. These kernel parameters are now set to
1on all hosts by the
openstack_hostsrole, which ensures that bridge traffic is always sent through
- Neutron CLI has been deprecated in this release. OpenStack CLI is the preferred method. See https://docs.openstack.org/python-neutronclient/latest/contributor/transition_to_osc.html.
Object Storage (swift)#
- Prior version (Ocata) project release notes: https://docs.openstack.org/releasenotes/swift/ocata.html
- Project change log: https://github.com/openstack/swift/blob/master/CHANGELOG
- Swift3 API is not available in this release.
- Prior version (Ocata) project release notes: https://docs.openstack.org/releasenotes/heat/ocata.html
- Project release notes: https://docs.openstack.org/releasenotes/heat/pike.html