Core Updates
Kolla-Ansible
haproxy – enable self-signed TLS (HTTPS) for all external endpoints by default
- This generates a self-signed CA and certificate using Kolla-Ansible’s built-in certificate generation
- Allows accessing Horizon and all public API endpoints securely via HTTPS instead of HTTP, without needing to use a custom certificate or domain
nova, cinder, neutron, magnum – Set default project quotas to unlimited
- Enables quick testing on new clouds without needing to modify quotas first
nova – NUMA optimizations and PCPU allocations now available
- Required when using VMs with
PCPU(pinned CPU core) resource
nova/nova-scheduler – enable shuffle_best_same_weighed_hosts and set host_subset_size to 3
- Allows for better instance resource balancing when loading a cluster up from empty by picking a set of hosts at random
nova/nova-compute – explicitly set volume_clear option to zero
- While
zerois the current default, this was added to the configuration explcitly to allow easier changes by users. Thezerooption overwrites deleted disks with all zeros, which can take a very long time on larger disks. However, using thenoneoption can result in left over filesystem and LVM signatures that cause other issues. See: Nova documentation
octavia – set client TLS certificate expiration to 10 years
- Fixes issue with needing to regenerate client certificates every year
errata – /etc/kolla/admin-openrc.sh is now populated on all deployed nodes
- Allows easier access to the OpenstackCLI for administration and troubleshooting
Heat-Ansible
nova/flavors – new numa.huge flavor with pinned cores (PCPUs) is now available on multi-CPU machines with NUMA enabled
- Can unlock higher performance for large VMs on multi-CPU hosts
Packer-Ironic
all – sysstat is now installed and enabled on all base images by default
- Easier troubleshooting of historic load and memory issues via
sar