• Renovate is now used to keep the versions in the defaults of the Ansible collections and within the container images up to date.

  • OpenStack client container image in version Zed is available

  • The configuration repository can now also be accessed via PAT and HTTP proxy

  • The cookiecutter can now also be used via a container image

  • Seeding of a manager node can now also be done via a container image

  • The reduction of the sizes of the container images was continued everywhere

  • The playbooks for the manager, which were previously duplicated in each configuration repository, have been bundled into a separate Ansible collection (osism.manager @ https://github.com/osism/ansible-playbooks-manager)

  • ARA is now available in version 1.5.8 (latest image is now also available)

  • Where possible, the Python version used was updated to 3.10

  • LUKS encryption is now documented and enabled in the testbed by default

  • Network bound disk encryption (NBDE) is now usable

  • Wireguard VPN added. Makes it possible to access the Control Plane from the Manager through a secured connection. It is also enabled in the testbed by default.

  • Sosreport is now available and enabled by default in the testbed. This tool collects configuration and diagnostic informations from Linux based distributions.

  • Squid proxy is now available. Allows other services to access only allowed addresses. Therefore security is improved.

  • All Ansible roles, collections and playbooks are now checked with Ansible Lint and Yaml Lint

  • The Elasticsearch Curator is now enabled by default (soft retention period: 5 days, hard retention period: 7 days)

  • Ansible v6 is now used for all playbooks and collections maintained by OSISM.

  • Ansible playbooks and collections maintained by OSISM are additionally tested on Ubuntu 22.04.

  • OpenStack Yoga is available and the new default release of OpenStack

  • Ceph Quincy is available, the default release of Ceph is still Pacific

  • Documentation is available for all roles within the Ansible Collections maintained by OSISM

  • The SBOM now lists SHA256 checksums for the container images

  • Instead of the standalone Docker Compose CLI, the Compose v2 plugin for Docker is now used by default


  • The cleanup-elasticsearch playbook is deprecated. In the future, the elasticsearch-curator service (part of Kolla) has to be used for Elasticsearch cleanup.

  • Linux bridge support has been discontinued by kolla-ansible

  • Debian dropped hddtemp (https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1002484), therefore we will remove hddtemp in the future and replace it with drivetemp

  • The use of the Docker Compose CLI is deprecated and will no longer be supported in the future


  • The service cockpit was removed.

  • In favor of ansible.builtin.service_facts the Ansible plugin scan_services was removed.


  • Distributed Virtual Routing (DVR) is not officially supported by us, not tested and not recommended

  • Even though Ubuntu 22.04 is already being tested, it is not yet officially supported with this release

  • Regular rebuilds of kolla-ansible and kolla images for OpenStack Wallaby have been disabled.

  • Regular rebuilds of ceph-ansible and ceph images for Ceph Octopus have been disabled.


To be considered for upgrades

  • In environments/kolla/secrets.yml the parameter neutron_ssh_key must be added.


    The ssh key can be generated as follows: ssh-keygen -t rsa -b 4096 -N "" -f id_rsa.neutron -C "" -m PEM

  • In environments/configuration.yml all the docker_registry parameters must be removed. The following are examples of parameters that need to be removed. There can also be more or less of them.

    ceph_docker_registry: quay.io
    docker_registry: index.docker.io
    docker_registry_ansible: quay.io
    docker_registry_service: index.docker.io
  • In environments/manager/configuration.yml the following docker_registry parameters must be added. When using your own non-public registry, use it instead of index.docker.io and quay.io.

    # docker registries
    docker_registry: index.docker.io
    docker_registry_ansible: quay.io
    docker_registry_service: index.docker.io


Ceph Pacific release notes:

OpenStack Yoga release notes: