Release Notes
SUSE OpenStack Cloud 9
This document provides guidance and an overview to high-level general features and updates for SUSE OpenStack Cloud 9. It also describes capabilities and limitations of SUSE OpenStack Cloud 9.
These release notes are generic for all SUSE OpenStack Cloud 9 components. Some parts may not apply to a particular component.
These release notes are updated periodically. The latest version of these
release notes is always available at https://www.suse.com/releasenotes. General documentation can be
found at https://www.suse.com/documentation/cloud. Documentation can be found in the docu directories on
the media. Within an installed system, documentation is available below the
/usr/share/doc/ directory.
1 About SUSE OpenStack Cloud #
Powered by OpenStack, SUSE OpenStack Cloud is an open-source enterprise cloud computing platform that enables easy deployment and seamless management of an Infrastructure-as-a-Service (IaaS) private cloud. As an open-source computing platform, SUSE OpenStack Cloud consists only of source code and binaries built from open-source code.
2 Support Statement for SUSE OpenStack Cloud #
To receive support, you need an appropriate subscription with SUSE. For more information, see https://www.suse.com/support/?id=SUSE_OpenStack_Cloud.
The following definitions apply:
- L1
Problem determination, which means technical support designed to provide compatibility information, usage support, ongoing maintenance, information gathering and basic troubleshooting using available documentation.
- L2
Problem isolation, which means technical support designed to analyze data, reproduce customer problems, isolate problem area and provide a resolution for problems not resolved by Level 1 or prepare for Level 3.
- L3
Problem resolution, which means technical support designed to resolve problems by engaging engineering to resolve product defects which have been identified by Level 2 Support.
For contracted customers and partners, SUSE OpenStack Cloud is delivered with L3 support for all packages, except for the following:
Technology Previews
Sound, graphics, fonts and artwork
Packages that require an additional customer contract
SUSE will only support the usage of original packages. That is, packages that are unchanged and not recompiled.
3 Major Changes #
SUSE OpenStack Cloud 9 is a major update to SUSE OpenStack Cloud and comes with many new features, improvements and bug fixes. OpenStack has been updated to the OpenStack Rocky release, and the deployment framework has been updated accordingly to support new features. For information which features were added since SUSE OpenStack Cloud 8, see https://releases.openstack.org/queens/ and https://releases.openstack.org/rocky/.
Support for SUSE OpenStack Cloud Monitoring is now included in the SUSE OpenStack Cloud 9 support subscription.
SUSE OpenStack Cloud 9 can be delivered with either Cloud Lifecycle Manager or Crowbar.
3.1 Cloud Lifecycle Manager Changes #
The Cloud Lifecycle Manager Install UI now runs on port 9085 instead of port 3000.
The Cloud Lifecycle Manager now has the CLM admin console which facilitates Day 2 operations, such as viewing the topology of the cloud, modifying service configurations, adding new Compute resources, and performing basic monitoring.
Important
At the end of the replace compute or delete compute procedures in the Day 2
UI, the monasca-deploy playbook run is supposed to remove the ping entry of
the deleted compute node in /etc/monasca/agent/conf.d/host_alive.yaml on
each controller. However due to a bug, it fails. Use the following example
instructions to manually remove the ping entry on each controller:
Log in to each controller and update the
host_alive.yamlfile:ardana@ardana-cp1-c1-m1-mgmt:~> sudo vim /etc/monasca/agent/conf.d/host_alive.yamlRemove the deleted compute node. If you removed
ardana-cp1-comp0002-mgmt, remove the following:- alive_test: ping built_by: HostAlive dimensions: service: compute host_name: ardana-cp1-comp0002-mgmt name: ardana-cp1-comp0002-mgmt ping target_hostname: ardana-cp1-comp0002-mgmtRestart the monasca-agent:
ardana@ardana-cp1-c1-m1-mgmt:~/scratch/ansible/next/ardana/ansible> ansible-playbook -i hosts/verb_hosts monasca-agent-restart.yml
All
virtualenvpackages now track the versions of the underlying OpenStack packages.ardana-designateswitched from thedesignate-pool-manageranddesignate-zone-managerservices to the newdesignate-workeranddesignate-producerservices. This service was deprecated in the OpenStack Newton release: https://docs.openstack.org/releasenotes/designate/newton.html#prelude) but has not been fully removed.ardana-designateuses pdns4 instead ofpowerdnsnow.Default log level changed from DEBUG to INFO for most services.
Ironic has switched from classic drivers to favor hardware types. Classic drivers were previously deprecated in Queens. See https://docs.openstack.org/releasenotes/ironic/queens.html#prelude
Support WebSSO with OpenID Connect.
Support for deploying CaaS Platform v4 via Terraform has been validated. Documentation for this feature can be found at: https://documentation.suse.com/soc/9/single-html/suse-openstack-cloud-deployment/#install-caasp-terraform
3.2 Crowbar Changes #
osprofilersupport has been added for the Identity, Images, Block Storage, Networking, and Compute services.Full support for the deployment of Monasca is now implemented in native Crowbar. The usage of the Ansible-based
monasca-installerhas been retired.Support for Octavia is now implemented in Crowbar.
Support for Designate is now implemented in Crowbar.
A new Crowbar UI menu option extends the Glance and Cinder barclamps to consume SUSE Enterprise Storage.
The Ceilometer barclamp has been modified to use Monasca as a metrics storage back-end.
The Neutron barclamp now uses VXLAN drivers by default.
The Crowbar Compute service (nova) no longer supports the Xen hypervisor. The role for Xen compute nodes has been removed.
Support for legacy Neutron LBaaSv2 is still present in the Neutron barclamp but it has been deprecated upstream. See https://docs.openstack.org/releasenotes/neutron-lbaas/rocky.html#prelude The alternative is the Octavia load balancer. See https://docs.openstack.org/octavia/rocky/ for more information.
Ironic has switched from classic drivers to favor hardware types. Classic drivers were previously deprecated in Queens. See https://docs.openstack.org/releasenotes/ironic/queens.html#prelude
MariaDB additions and improvements:
TLS support
New configurable parameters:
Slow query logging
innodb_buffer_pool_sizemax_connectionstmp_table_sizemax_heap_table_sizeexpire_logs_days
use_sessetting that enables Glance and Cinder to use SUSE Enterprise Storagefloating_dns_domainsetting in Neutron makes the DNS domain for floating IP addresses configurableNew capabilities:
enable or disable L3 HA in Neutron
configure default log levels in Neutron
configure the VNC keymap in Nova
configure default log levels in Nova
configure the heartbeat timeout in RabbitMQ
toggle notifications in RabbitMQ
toggle queue mirroring in RabbitMQ
support WebSSO with OpenID Connect
Support for deploying CaaS Platform v4 via Terraform has been validated. Documentation for this feature can be found at: https://documentation.suse.com/soc/9/single-html/suse-openstack-cloud-crowbar-deployment/#install-caasp-terraform
3.3 Documentation Changes #
3.3.1 SUSE OpenStack Cloud Crowbar #
The Deployment Guide has been renamed to Deployment Guide using Crowbar.
The Monitoring Service Operator’s Guide has been renamed to Operations Guide Crowbar.
The new Operations Guide Crowbar contains the combined monitoring content from the Monitoring Service Operator’s Guide, Monitoring Overview, and the OpenStack Operator’s Guide.
The Administration Guide and User Guide are now generated directly from the OpenStack project repositories. At this time, not all content is applicable to Cloud Lifecycle Manager or Crowbar and should be followed under the condition that SUSE does not fully validate correctness of that documentation.
3.3.2 SUSE OpenStack Cloud CLM #
The Deployment Guide has been renamed to Deployment Guide using Cloud Lifecycle Manager.
The Operations Guide has been renamed to Operations Guide using Cloud Lifecycle Manager.
The operational content from the User Guide has been migrated into the Operations Guide.
The Ops Console Guide for Cloud Lifecycle Manager has been removed and its content has been integrated into the Operations Guide Cloud Lifecycle Manager.
The Planning an Installation with Cloud Lifecycle Manager and Installing with Cloud Lifecycle Manager have been merged and renamed to the Deployment Guide using Cloud Lifecycle Manager.
The User Guide (Cloud Admin) has been removed.
4 Technology Previews #
Technology previews are packages, stacks, or features delivered by SUSE. These features are not supported. They may be functionally incomplete, unstable or in other ways not suitable for production use. They are mainly included for customer convenience and give customers a chance to test new technologies within an enterprise environment.
Whether a technology preview will be moved to a fully supported package later, depends on customer and market feedback. A technology preview does not automatically result in support at a later point in time. Technology previews could be dropped at any time and SUSE is not committed to provide a technology preview later in the product cycle.
Please, give your SUSE representative feedback, including your experience and use case.
SUSE OpenStack Cloud Crowbar 9 ships with the following technology previews:
OpenStack Data Processing Module (Sahara), and the respective Crowbar barclamp for deploying it.
EqualLogic driver for Cinder.
5 Deprecated and Removed Features #
5.1 Removed Features #
The following features have been removed in SUSE OpenStack Cloud 9:
The Aodh barclamp has been removed. The alternative is now Monasca Alarms.
The Ceilometer API service has been removed upstream and deprecated in the OpenStack Ocata release. See https://docs.openstack.org/releasenotes/ceilometer/ocata.html#deprecation-notes. Use the Monasca API to access the metrics collected via
monasca-ceilometer.The Heat Cloudwatch API service that has been deprecated since the Havana release has been removed upstream. See https://docs.openstack.org/releasenotes/heat/queens.html#upgrade-notes.
Support for the Backup, Restore and Disaster Recovery service (Freezer) has been removed. Documentation has been added to document the correct way to protect the Cloud Lifecycle Manager-based control plane.
The Glance Registry Service has been removed in the OpenStack Queens release and replaced with Glance v2. See https://docs.openstack.org/releasenotes/glance/queens.html#deprecation-notes and https://specs.openstack.org/openstack/glance-specs/specs/newton/approved/glance/deprecate-registry.html.
The
nova-consoleauthserver daemon that serves the Nova Console Auth service has been removed from SUSE OpenStack Cloud Crowbar. It was never shipped in the Cloud Lifecycle Manager-based product and has also been deprecated upstream with the OpenStack Rocky release. See also https://docs.openstack.org/nova/rocky/cli/nova-consoleauth.html#description.Identity API v2 has been removed in the OpenStack Queens. See https://docs.openstack.org/releasenotes/keystone/queens.html#other-notes
6 Upgrading #
Support for upgrading is now available as a maintenance update. The upgrade is only possible between installations based on the same deployment framework (Crowbar to Crowbar, CLM to CLM). Converting from one lifecycle manager to another requires a new installation.
SUSE supports upgrades from version 8, which requires the latest updates to be applied. If you are running an earlier version, upgrade to version 8 first.
The upgrade process is documented in the Operations Guide for the corresponding lifecycle manager, which can be found online at https://www.suse.com/documentation/cloud.
6.1 Cloud Lifecycle Manager Upgrade #
The upgrade will be online and minimally disruptive; the OpenStack service APIs should remain up, though there may be brief interruptions as the underlying services are upgraded within the cloud, and the collection of some monitoring updates may be delayed until the monitoring services have been upgraded.
While the OpenStack services will remain up, it is strongly recommend not to perform any operations that add or modify existing workloads for the duration of the upgrade.
If the CLM deployer node is co-located with the DB or RabbitMQ services, once the deployer is migrated to SLE 12 SP4 & SOC 9 CLM, the DB & RabbitMQ HA services may be running in a degraded fashion until the ardana-upgrade.yml has completed upgrading those services within the cloud, rest.
Any LBaaSV2 load balancers will be automatically migrated to being Octavia Amphora based during the upgrade. However any load balancer failovers that are triggered during the upgrade, before the SOC 9 Octavia Amphora image is uploaded, may fail and need to be re-triggered, as outlined in the CLM upgrade documentation.
6.2 Crowbar Upgrade #
The upgrade will be non-disruptive for running workloads if all prerequisites are met: high availability setup, enough compute resources, etc. This means that the instances running in OpenStack will keep running, will still have network connectivity and access to OpenStack resources such as volumes during the whole upgrade process. However, the OpenStack APIs and the OpenStack Dashboard will be turned off during the upgrade process, which may impact end users of the cloud.
If a non-disruptive upgrade is not possible due to unmet prerequisites, you can use the disruptive process. In this mode, the whole OpenStack infrastructure will be turned off for the upgrade. You must suspend all running instances during the upgrade. However, it is not necessary to do so at the beginning of the upgrade procedure, as this step can be postponed until after the Administration Server has been upgraded to SUSE OpenStack Cloud 9, to keep the downtime as short as possible.
The upgrade for Crowbar can be performed via a Web interface guiding you through the process. The process will generate a backup of the Administration Server as well as a dump of the OpenStack database. It is highly recommended to save this data to allow recovery should the upgrade process go wrong.
7 Limitations #
SUSE OpenStack Cloud 9 has the following known limitations:
Support for SUSE Enterprise Storage is limited to major versions 5, 6, and 7.0. SUSE OpenStack Cloud 9 will not be tested with newer versions of SUSE Enterprise Storage as they are released.
Neutron-LBaaS (LBaaSv2) is deprecated for Cloud Lifecycle Manager-based SUSE OpenStack Cloud. Cloud Lifecycle Manager-based SUSE OpenStack Cloud defaults to Octavia for Load Balancing.
When using Cloud Lifecycle Manager OVSvApp deployment, all security group rules (
security-group-rules) need to be created before creating any VMs, or the rules do not apply.Manila audit logging is not available for Cloud Lifecycle Manager-based SUSE OpenStack Cloud. No log entries are available in the
manila-audit.logfile even when the Manila service audit logging is enabled incloudConfig.yml.Relying on an OVS bridge that has a mapping in neutron’s
bridge_mappingsto provide management network access is unsupported and can result in management network connectivity being interrupted. Because neutron is in control of setting up the forwarding policy on any bridges that have a bridge mapping, the configuration processor emits warnings when using theprovider-physical-networktag in a network group. This ensures the user is alerted to potential issues with input models that may interrupt their management network connectivity. These warnings can be safely ignored on network groups that do not provide connectivity to services such asrabbitmqandmariadb. For network groups that do provide connectivity to these services, these warnings should not be ignored and the input model should be adjusted to ensure that the network group does not end up providing connectivity over a bridge that exists in the neutron bridge mappings.MANAGEMENTis a special network group. Its name cannot be changed and must be upper case. Every instance of SUSE OpenStack Cloud must have a network group calledMANAGEMENTto be valid.OpenStack services run as unprivileged users on the system and execute commands as
rootto perform cloud operations. When evaluating the security of the product, the different service users should not be considered a security boundary. We recommend studying the details that are documented in the SUSE OpenStack Cloud 9 Security Guide. This guide can be found on the product media or online at https://www.suse.com/documentation/cloud.SUSE Linux Enterprise Server 12 SP4 nodes that are deployed through SUSE OpenStack Cloud are not compatible with the Public Cloud Module for SUSE Linux Enterprise Server 12 SP4. This is because SUSE OpenStack Cloud provides more recent versions of the OpenStack client tools.
The x86_64 architecture is the only supported architecture for the administration server of SUSE OpenStack Cloud and its nodes.
The use of Chef, Ansible, and Galera is only supported by SUSE as part of, and in combination with, SUSE OpenStack Cloud.
If the Crowbar admin node is configured with SSL, backup and restore of the admin node will not work correctly. To back up and restore the admin node, first disable HTTPS for the admin node. It can be re-enabled once the restore is complete.
Controllers may be unreachable after a reboot if Open vSwitch is deployed to manage the management network (that is, br-fixed) and the management network interface is also in Neutron’s
bridge_mappings. This is due to a race condition in network startup. To resolve the problem, obtain console access to the controllers and restart thenetworkservice (usingsystemctl restart network).For the Cloud Lifecycle Manager-based SUSE OpenStack Cloud, after running the
ardana-reconfigure.yml,network_interface-reconfigure.yml, orneutron-reconfigure.ymlplaybooks there is a chance that Neutron services (such as theneutron-openvswitch-agent) enter an infinite restart loop. Generally, this will not be detected by status-checking playbooks, such asneutron-status.yml, unless that playbook runs in the brief window between death and restart of the service. In such cases, manually checking how long the service has been running usingsystemctlwill show that it has been up for less than 1 or 2 minutes. Checking again soon after will show it has been restarted again. Once you have confirmed that the service is stuck in an infinite restart loop, stop it manually usingsystemctland check the associated logs for the service to determine what is causing the service to fail. If a resolution for the fundamental problem cannot be easily identified and applied, create a support ticket via https://www.suse.com/support/?id=SUSE_OpenStack_Cloud for the underlying problem. Make sure to include any relevant logs, a supportconfig tarball, the associated input model, and any customised configuration files for this Cloud Lifecycle Manager deployment.Ironic RAID Configuration does not work due to missing HPE Smart Storage Administrator CLI (HPE SSACLI) in the default deploy ramdisk.
Ironic
inspectorinspect interface is not supported.For the Cloud Lifecycle Manager-based SUSE OpenStack Cloud, certain fields containing networking addresses only support IPv4 addresses:
subnetandnetmaskin thebaremetalsection ofservers.ymladdressesin thenetworkssection ofnetworks.ymlThe corresponding fields in the installer user interface only accept IPv4 addresses. These are accessible via theManage cloud settingsandManage network rangebuttons on step 4 of the installer.
8 Known Issues #
The following issues are known and may be fixed with future maintenance updates:
With Crowbar, the removal of barclamps from a node does not necessarily shut down associated services or remove associated packages. This means that you may well run into problems if moving barclamp roles from one node to another. Manual remediation may be required in these cases.
With Crowbar, using High Availability with multicast transport on Neutron L3 nodes is causing issues in some cases due to conflicts with the networking configuration required by Neutron.
This can lead, in the worst case, to breakage of the High Availability cluster. It is advised to use the unicast transport (which is the default) for High Availability to avoid this.
With Cloud Lifecycle Manager, the workflows to update or upgrade an installation could still be subject to change. Prior executing any update or upgrade, we urge to refer to the most latest documentation prior executing any steps.
With Cloud Lifecycle Manager, the Bare Metal Service (Ironic) has a known issue with the
agent_ilodriver. If the user image takes up more space than what’s left on the ramdisk’s root partition, the user image needs to be remastered and the ramdisk size increased.
Configuring SUSE Enterprise Storage for Cloud Lifecycle Manager currently requires that Swift is deployed. This requirement will be removed in a future update.
Note: The following workaround is available
1) Source the keystone rc file to have the correct permissions to create the swift service and endpoints
. ~/keystone.osrc
2) Create the swift service
openstack service create --name swift object-store --enable
3) Read the radosGW url from the ses_config.yml file. For example:
grep http ~/ses/ses_config.yml
https://ses-osd3:8080/swift/v1
4) Create the 3 swift endpoints.
openstack endpoint create --enable --region region1 swift admin https://ses-osd3:8080/swift/v1
openstack endpoint create --enable --region region1 swift public https://ses-osd3:8080/swift/v1
openstack endpoint create --enable --region region1 swift internal https://ses-osd3:8080/swift/v1
5) Verify they appear in the endpoint list
openstack endpoint list | grep object
5313b81dbefd40b88e6bfc66d3e9412f | region1 | swift | object-store | True | public | |
83faf98f155f4a71bc105d99f01eb602 | region1 | swift | object-store | True | internal | |
dc69832361484937a1a8ceb216715b8c | region1 | swift | object-store | True | admin |
NSX-T support for Cloud Lifecycle Manager is not supported.
Updates to the shim package may result in the following error:
Loading kernel ... "error: /images/sles12sp4-x86_64/linux has invalid signature"
Note: Any one of the following options will workaround this issue:
Disable UEFI secure boot
Install the previous "shim" package on the deployer node
Remove or set to "not installed" existing siginatures in the bios of the node where the error occurred
Keystone for Cloud Lifecycle Manager uses BCyrpt as the default hash algorithm. BCrypt has a limitation of 72 characters. The default secret for Keystone is 86 characters, meaning 14 characters of the secret are not verified by default. The Operations Guide CLM has been updated at https://www.suse.com/documentation/cloud with instructions to change the configured hash algorithm for keystone, see the section "Managing Identity" for details.
9 Product Update History #
SUSE OpenStack Cloud 9 uses the agile development methodology to continuously provide fixes and new functionality. Note that the below list of maintenance updates is not exhaustive, reproduced only for convenience, and contains only major feature updates only.
To view the full list of SUSE OpenStack Cloud 9 maintenance updates, see:
Patch Finder: https://download.suse.com/patch/finder/#bu=suse&familyId=47364
Update Advisories: https://www.suse.com/support/update
2019-04-29: Initial release
2021-09-08: Support for SES7.0 validated and added to documentation
10 Documentation and Other Information #
Read the READMEs on the media.
Get the detailed changelog information about a particular package from the RPM (with filename <FILENAME>):
rpm --changelog -qp FILENAME.rpm
Check the
ChangeLogfile in the top level of product medium 1 for a chronological log of all changes made to the updated packages.Find more information in the
docudirectory of product medium 1 of SUSE OpenStack Cloud 9. This directory includes PDF versions of the SUSE OpenStack Cloud documentation.https://www.suse.com/documentation/cloud contains additional or updated documentation for SUSE OpenStack Cloud.
Visit https://www.suse.com/products for the latest product news from SUSE
11 Obtaining Source Code #
This SUSE product includes materials licensed to SUSE under the GNU General Public License (GPL). The GPL requires SUSE to provide the source code that corresponds to the GPL-licensed material. The source code is available for download at https://www.suse.com/download-linux/source-code.html. Also, for up to three years after distribution of the SUSE product, upon request, SUSE will mail a copy of the source code. Requests should be sent by e-mail to sle_source_request@suse.com or as otherwise instructed at https://www.suse.com/download-linux/source-code.html. SUSE may charge a reasonable fee to recover distribution costs.
12 Legal Notices #
SUSE makes no representations or warranties with regard to the contents or use of this documentation, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, SUSE reserves the right to revise this publication and to make changes to its content, at any time, without the obligation to notify any person or entity of such revisions or changes.
Further, SUSE makes no representations or warranties with regard to any software, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, SUSE reserves the right to make changes to any and all parts of SUSE software, at any time, without any obligation to notify any person or entity of such changes.
Any products or technical information provided under this Agreement may be subject to U.S. export controls and the trade laws of other countries. You agree to comply with all export control regulations and to obtain any required licenses or classifications to export, re-export, or import deliverables. You agree not to export or re-export to entities on the current U.S. export exclusion lists or to any embargoed or terrorist countries as specified in U.S. export laws. You agree to not use deliverables for prohibited nuclear, missile, or chemical/biological weaponry end uses. Refer to https://www.suse.com/company/legal/ for more information on exporting SUSE software. SUSE assumes no responsibility for your failure to obtain any necessary export approvals.
Copyright © 2010-2019 SUSE LLC.
This release notes document is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License (CC-BY-SA-4.0). You should have received a copy of the license along with this document. If not, see https://creativecommons.org/licenses/by-nd/4.0/.
SUSE has intellectual property rights relating to technology embodied in the product that is described in this document. In particular, and without limitation, these intellectual property rights may include one or more of the U.S. patents listed at https://www.suse.com/company/legal/ and one or more additional patents or pending patent applications in the U.S. and other countries.
For SUSE trademarks, see SUSE Trademark and Service Mark list (https://www.suse.com/company/legal/). All third-party trademarks are the property of their respective owners.