| Updated on 22 FEB 2018 VMware Integrated OpenStack 5.0 | 03 JUL 2018 | Build 8909572 Check for additions and updates to these release notes. |
What's in the Release Notes
The release notes cover the following topics:- About VMware Integrated OpenStack
- What's New
- Compatibility
- Upgrading to Version 5.0
- Deprecation Notices
- Internationalization
- Open Source Components for VMware Integrated OpenStack
- Known Issues
About VMware Integrated OpenStack
VMware Integrated OpenStack greatly simplifies deploying an OpenStack cloud infrastructure by streamlining the integration process. VMware Integrated OpenStack delivers out-of-the-box OpenStack functionality and an easy configuration workflow through a deployment manager vApp that runs directly in vCenter Server.
What's New
This release is based on OpenStack Queens and provides the following new features and enhancements:
VMware Integrated OpenStack
- Support for the latest versions of VMware products: VMware Integrated OpenStack 5.0 supports and is fully compatible with VMware vSphere 6.7, NSX for vSphere 6.4.1, NSX-T 2.2, vSAN 6.7, vRealize Log Insight 4.6.0 and vRealize Operations Manager 6.7.
- Increased scale validation: VMware Integrated OpenStack has been fully validated with 500 physical nodes and 15,000 virtual machines per region, with tests indicating support for even larger scale.
- Keystone federation: Identity can now be federated across multiple OpenStack regions, enabling unified identities across large-scale deployments..
- DNS as a service: Inclusion of the Designate projects allows self-service DNS and simplified records management for tenants.
- vGPU enablement: Workloads can now benefit from hardware acceleration by using GPU-enabled instances, increasing performance for HPC, machine learning, graphics processing, and streaming.
- Accelerated data plane: Workloads running on VMware Integrated OpenStack can now take full advantage of the new enhanced mode of the NSX-managed virtual distributed switch (N-VDS), introduced in vSphere 6.7 and NSX-T 2.2.
- Encryption enabled on HA deployments by default: In order to further secure in-flight data and protect sensitive information, VMware Integrated OpenStack can now configure encrypted control plane endpoints.
- Telemetry improvements: The time series database Gnocchi has been added alongside Panko and Aodh to improve OpenStack telemetry performance.
- Attached volume snapshots: Cinder now supports taking snapshots of attached volumes.
VMware Integrated OpenStack with Kubernetes
A container orchestration platform built on Kubernetes is included with VMware Integrated OpenStack, enabling the provisioning of full infrastructure stacks for application developers. The platform provides the following new features:
- Updated Kubernetes release: VMware Integrated OpenStack 5.0 includes and fully supports Kubernetes version 1.9.8.
- Heterogeneous clusters: Kubernetes clusters can now be created with a heterogeneous node composition, allowing pods to be deployed to and take advantage of specialized hardware or resources.
- N-VDS enhanced mode support for Kubernetes. The accelerated data plane networking introduced in VMware Integrated OpenStack 5.0 is also made available to workloads deployed as containers using the Multus plugin.
Compatibility
See the VMware Product Interoperability Matrices for details about the compatibility of VMware Integrated OpenStack with other VMware products, including vSphere components.
VMware Integrated OpenStack is compatible with the vSphere Client (Flex or HTML5) of the following vCenter Server versions:
| Version | Build | Date |
|---|---|---|
| 6.5 | 4602587 | November 15, 2016 |
| 6.5 Update 1 | 5973321 | July 27, 2017 |
| 6.5.0.0f | 7119070 | November 14, 2017 |
| 6.5.0.u1c | 7119157 | November 14, 2017 |
| 6.5.0.u1d | 7312210 | December 19, 2017 |
| 6.5.0.u1e | 7515524 | January 9, 2018 |
| 6.5.0.u1g | 8024368 | March 20, 2018 |
| 6.7 | 8217866 | April 17, 2018 |
Upgrading to Version 5.0
Upgrading VMware Integrated OpenStack
You can upgrade directly to VMware Integrated OpenStack 5.0 from VMware Integrated OpenStack 4.0 or 4.1. See Upgrade VMware Integrated OpenStack.
If you are running VMware Integrated OpenStack 4.1.1 or 4.1.2, upgrade directly to version 5.1 or later. If you are running version 4.1.2.1, upgrade directly to version 5.1.0.1 or later.
If you are running VMware Integrated OpenStack 3.1 or an earlier version, first upgrade to version 4.1 and then upgrade to version 5.0.
Upgrading VMware Integrated OpenStack with Kubernetes
To upgrade from VMware Integrated OpenStack with Kubernetes 4.1 to VMware Integrated OpenStack with Kubernetes 5.0, see Upgrade VMware Integrated OpenStack with Kubernetes.
If you are running VMware Integrated OpenStack with Kubernetes 4.0, first upgrade to version 4.1 and then upgrade to version 5.0.
Deprecation Notices
Some OpenStack Management Server lifecycle management APIs available in VMware Integrated OpenStack 4.1 and 5.0 will be changed or deprecated in a future major release of VMware Integrated OpenStack.
The SDDC provider in VMware Integrated OpenStack with Kubernetes, intended for deployments without VMware Integrated OpenStack, will be deprecated in a future major release. For new VMware Integrated OpenStack with Kubernetes deployments, use the OpenStack provider.
Internationalization
VMware Integrated OpenStack 5.0 is available in English and seven additional languages: Simplified Chinese, Traditional Chinese, Japanese, Korean, French, German, and Spanish.
The following items must contain only ASCII characters:
- Names of OpenStack resources (such as projects, users, and images)
- Names of infrastructure components (such as ESXi hosts, port groups, data centers, and datastores)
- LDAP and Active Directory attributes
VMware Integrated OpenStack with Kubernetes is available in English only.
Open Source Components for VMware Integrated OpenStack
The copyright statements and licenses applicable to the open source software components distributed in VMware Integrated OpenStack 5.0 are available on the Open Source tab of the product download page. You can also download the disclosure packages for the components of VMware Integrated OpenStack that are governed by the GPL, LGPL, or other similar licenses that require the source code or modifications to source code to be made available.
Known Issues
The known issues are grouped as follows.
VMware Integrated OpenStack- Local storage may be incorrectly calculated on the VMware Integrated OpenStack dashboard.
If multiple compute nodes use the same datastore, the Hypervisors page on the VMware Integrated OpenStack dashboard will incorrectly display that the total disk space available is the size of the single datastore multiplied by the number of compute nodes using it. In addition, the entry in the Local Storage (used) column for each compute node will display the total used space on the datastore, not the used space for a single compute node.
Workaround: None.
- For deployments using a remote vCenter Server, the viopatch command fails to take snapshots.
In a deployment where all control virtual machines are deployed in a management vCenter Server instance and use a Nova compute node deployed in a remote vCenter Server instance, the
viopatch snapshot takecommand cannot obtain information about the management vCenter Server instance. The command fails with the error "AttributeError: 'NoneType' object has no attribute 'snapshot'."Workaround: On the OpenStack Management Server virtual machine, manually set the IP address, username, and password of the management vCenter Server by running the following commands:
export VCENTER_HOSTNAME = mgmt-vc-ip-address export VCENTER_USERNAME = mgmt-vc-username export VCENTER_PASSWORD = mgmt-vc-password
- VMware Integrated OpenStack cannot connect to NSX-T after the NSX-T password is changed.
If you change the NSX-T password while the Neutron server is running, VMware Integrated OpenStack might fail to connect to NSX-T.
Workaround: Before changing the NSX-T password, log in to the active controller node and run the
systemctl stop neutron-servercommand to stop the Neutron server service. The service will be restarted after you update the NSX-T password in VMware Integrated OpenStack. - You cannot re-add a deleted compute node with tenant virtual data centers.
After you delete a compute node with a tenant virtual data center, attempting to re-add it fails with a "Failed to create resource provider" error in
/var/log/nova/nova-compute.log.Workaround: Perform the following steps to remove the Nova compute node from the database:
- Find the MOID of the deleted compute node.
- Log in to the active database node and open the nova_api database:
mysql
use nova_api - In the "resource_providers" table, remove the resource_provider record with the MOID of the deleted compute node and remove all children of that record.
- The prefix length for load balancer static routes cannot be configured.
Static route rules configured through the GUI can only use a 24-bit prefix.
Workaround: None.
- The Nova compute service fails to start after an upgrading to VMware Integrated OpenStack 5.0.
If a Nova compute node was deleted in version 4.x and a new Nova compute node using the same vCenter Server and same cluster was added later, the Nova compute service will fail to start after you upgrade to version 5.x. "ERROR nova ResourceProviderCreationFailed" is written to
/var/log/nova/nova-compute.log.Workaround: Perform the following steps to remove the Nova compute node from the database:
- Find the MOID of the deleted compute node.
- Log in to the active database node and open the nova_api database:
mysql
use nova_api - In the "resource_providers" table, remove the resource_provider record with the MOID of the deleted compute node.
- In the "host_mappings" table, remove the host record for the deleted compute node.
- Resizing a volume may cause the volume to be migrated to another host.
When you resize a volume, it may be moved to a different host in the cluster even when
always_resize_on_same_hostis set to true.Workaround: None.
- An error occurs when you delete compute nodes out of order and then attempt to add a compute node.
If you do not delete compute nodes in descending order, adding a node later will generate an error.
Workaround: Delete nodes in order from largest to smallest node number. For example, with three compute nodes VIO-Compute-0, VIO-Compute-1, and VIO-Compute-2, you must delete VIO-Compute-2 first, then VIO-Compute-1, and finally VIO-Compute-0.
- A datastore failure might render the OpenStack deployment inaccessible.
If all nodes in an HA deployment use the same datastore, the failure of that datastore will cause the entire deployment to be inaccessible.
Workaround: Try to fix the failed datastore and recover its data. After the virtual machine for each node is shown in vCenter Server, restart the OpenStack deployment. If the datastore is not recoverable, use the
viocli recovercommand to restore the failed nodes. - The Keystone endpoint is in the error state.
After the internal endpoint in-flight encryption setting is changed, the Keystone endpoint fails to reconnect. This issue occurs when you set the
internal_api_protocolparameter tohttpfor an HA deployment orhttpsfor a compact or tiny deployment.Workaround: Modify the Keystone endpoint URL.
- In the vSphere Web Client, select Administration > OpenStack.
- Select the KEYSTONE endpoint and click the Edit (pencil) icon.
- In the Update Endpoint section displayed, change the URL to begin with
httporhttpsdepending on your configuration. - Enter the administrator password and click Update.
- The VMware Integrated OpenStack OVA cannot be deployed in the HTML5 vSphere Client in vCenter Server 6.7.
After you deploy the VMware Integrated OpenStack OVA using the HTML5 vSphere Client in vCenter Server 6.7, the VMware Integrated OpenStack vApp fails to power on and the UI displays the error: "The virtual machine has a required vService dependency 'vCenter Extension Installation' which is not bound to a provider."
Workaround: Deploy the VMware Integrated OpenStack OVA using the Flex-based vSphere Web Client or using the OVF Tool.
For more information, see the vSphere 6.7 Release Notes and KB 55027.
- Instances fail to launch with the error "ResourceProviderAggregateRetrievalFailed: Failed to get aggregates for resource provider".
You cannot launch instances on a compute node where an existing tenant virtual data center was deleted. Specifically, this issue will occur when you attempt to launch an instance on a compute node on which a tenant virtual data center existed before the Nova compute service started and was deleted after the Nova compute service started.
Workaround: On the compute node, restart the Nova compute service.
- Host names that start with a number cause a "java.io.IOException" error.
The OpenStack Management Server does not support host names that start with a number. The error "java.io.IOException: DNSName components must begin with a letter" appears if the host name starts with a number.
Workaround: Use a host name that does not start with a number. For more information, see the JDK upstream issue: https://bugs.openjdk.java.net/browse/JDK-8054380
- East-west traffic does not travel between virtual machines booted on a virtual wire provider network.
If you create a provider network using virtual wire and do not create a SpoofGuard policy, east-west traffic will not travel between the virtual machines booted on this provider network.
Workaround: Create a SpoofGuard policy and add virtual wire to the policy before creating the virtual wire provider network.
- Certificate verification may fail on the OpenStack Management Server.
When you use the
vioclicommand-line utility, the following error may occur:ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)
Workaround: On the OpenStack Management Server, disable verification of the vCenter Server certificate by running the following commands:
sudo su - export VCENTER_INSECURE=True
- Deleting a router interface times out.
When concurrent Heat stacks are deployed with shared NSX routers, router interface deletion can time out. The following might be displayed:
neutron_client_socket_timeout,haproxy_neutron_client_timeout, orhaproxy_neutron_server_timeout.Workaround: Do not use shared routers in environments where network resources frequently change. If NAT or floating IP addresses are required, use an exclusive router. Otherwise, use a distributed router.
- A cluster in the ERROR state cannot be deleted.
If the infrastructure is out of resources, cluster creation, healing, and scaling will fail and the cluster will enter the ERROR state.
Workaround: Perform the following steps:
- Log in to the toolbox container.
- Use the OpenStack client to delete hosts in the ERROR state.
- Run the
vkube cluster deletecommand again to delete the cluster.
- If a username or domain contains a backslash (\), authentication fails.
The Keystone authentication plugin uses the backslash character as a separator to encode the domain name and username in a single string. If there is an additional backslash in either the domain name or username, the Keystone authentication plugin will not decode the domain name and username correctly.
Workaround: Use domain names or usernames that do not include the backslash character.
