Better handling of usage enforcement exceptions, to prevent leases from going into error state when updates are denied by policy.

Support for specifying a custom CA bundle, which can be used for compatibility with internal TLS deployments.

Drivers with inactive CI were marked unsupported including Windows iSCSI Driver, Windows SMB Driver, Dell SC Series Storage Driver (iSCSI, FC), Dell VNX Storage Driver (FC, iSCSI) and Dell XtremeIO Storage Driver (iSCSI, FC).

New driver features were added, notably, Fujitsu ETERNUS DX extend volume on RAID group, Pure Storage synchronous replication, NetApp iSCSI LUN space allocation, Dell PowerFlex Active-Active support, Dell PowerMax configurable SRDF snapshots.

Along with many bug fixes, some major ones are: series of fixes to make the NVMe connector more robust, fixing partial scanning issue in fibre channel connector, addressed volumes preserving sparseness when reimaging, RBD now able to delete volumes with volume/snapshot dependencies.

Removal of Monasca fetcher and collector.

Add OpenSearch as a v2 storage backend.

Add description option to a rating metric definition.

Support to SQL Alchemy 2.0.

Add support to InfluxDB v2 as storage backend.

Add groupby options by different timeframes.

Optimize CloudKitty reprocessing process.

Patch for use_all_resource_revisions option.

Designate now supports Catalog Zones (RFC 9432). This can improve the scalability of Designate pools managing a large number of zones and significantly reduce the provisioning time when adding additional DNS servers to a Designate pool.

From Caracal, users now by default can use Central Database for caching.

Sqlite cache driver has been deprecated and new centralized_db cache driver is introduced.

glance-cache-manage command has been deprecated in favor of the new Cache API.

The glance scrubber utility and its associated configuration options have been deprecated.

location_strategy option has been deprecated since in Bobcat, a new weighing mechanism has been introduced, which makes the location strategy obsolete.

Horizon and all horizon plugins now support the nodejs20 version of nodejs.

Horizon now uses Django 4.2 as default and dropped Django 3.2 support.

Ironic has enabled RBAC support by default by changing the default values of [oslo_policy]enforce_scope and [oslo_policy]enforce_new_defaults to True. Additionally, we added [DEFAULT]rbac_service_project_name to define a project where users in that project are treated as having a service role. Please see Ironic release notes for full details.

Ironic has added the ability to drain active tasks from a conductor before shutdown. Sending a SIGUSR2 signal to an ironic-conductor will now attempt to complete running tasks with a timeout of [DEFAULT]drain_shutdown_timeout. No new tasks will be started on the conductor while it’s draining.

Ironic now has basic testing for OVN-based deployments, using the OVN DHCP service. This includes lightly tested support for OVN VTEP switches. Operators considering use of this support should read Ironic OVN documentation for more information and details on limitations.

Several Ironic drivers have been deprecated in favor of more modern, redfish-based drivers. The ibmc, xclarity, and idrac-wsman drivers will be removed during a future development cycle. Operators utilizing these drivers are encouraged to use the redfish hardware type instead. Additionally, users of the ilo hardware type on newer ILO6-based hardware will now be prompted to use redfish instead.

Ironic now supports UEFI HTTP mode booting. The http boot interface is based upon the pxe interface, and http-ipxe is based upon ipxe.

Ironic now supports in-band inspection and node auto-discovery without an additional ironic-inspector service. An online data migration was added which migrates inspection interface on idle nodes to agent if inspector-based inspection is disabled, and agent-based inspection is enabled.

Ironic will now reserve a small number of worker threads for user-interactive API usage. Previously, an overloaded Ironic cluster could fail API calls if many nodes performed provisioning actions at the same time.

Ironic now supports pulling down images from a web server authenticated using basic auth. This permits standalone Ironic users to secure their external image repositories.

Consistent and secure RBAC (Phase 1) has merged.

Keystone now honors domain attribute mapping rules.

Application Credential validation speed has been improved.

Added support for environment specific hooks as an extension to the multiple environments feature.

Added support for using OS package repositories that require authentication.

Enabled elevated access for project-scoped service roles in Ironic, aligning with new policy. Added the service role to Ironic service users.

Introduced Fluentd Plugin Systemd for log reading from /var/log/journal, configurable via enable_fluentd_systemd in /etc/kolla/globals.yml.

Added log retention feature in OpenSearch, replacing Elasticsearch Curator, with customizable retention periods.

New neutron_dns_integration and neutron_dns_domain variables for DNS integration settings in neutron.

Horizon role updated to preferred local_settings.d configuration model.

Add possibility to override Prometheus, Lets Encrypt and etcd versions and checksums in kolla-build.conf.

Build summaries exportable as JSON, specified by summary_json_file option.

Integrated HAProxy Prometheus metrics; deprecated standalone exporter.

RBAC: API policies new defaults and scope are enabled by default.

Support for Kubernetes v1.27 has been added.

Multiple drivers offering the same functionality (e.g. vm, ubuntu, kubernetes) can now be installed and selected by Cluster Template instead of a single driver suppressing the other.

Magnum will now no longer keep image tag labels (e.g. cloud_provider_tag, flannel_tag) static. Please specify explicitly all image tags for the images your Cluster Templates will be using, to prevent a future change breaking your Cluster Templates. Refer to the documentation under Supported Labels for a list of labels Magnum is tested with.

Project gating for Heat driver cluster creation and testing has been added.

Deprecated drivers k8s_coreos_v1, k8s_fedora_atomic_v1, k8s_fedora_ironic_v1 and Docker Swarm have been removed.

Cilium Kubernetes network driver has been added to supported CNI list. No in-tree drivers deploy Cilium this cycle, but out-of-tree drivers may now implement this CNI.

Creating share networks with Manila’s UI Dashboard will now follow a two-step workflow, as part of a change to support multiple share network subnets.

Users can specify a custom export location for their shares, making mount paths predictable. A prefix should be configured by the administrators, else Manila will use the project ID as a prefix to the custom mount point name.

While disabling a service, you can now specify a reason for it. When the service is enabled again, the reason will be automatically removed.

Administrators are now able to configure metadata options that can only be manipulated by more privileged users through a new config option.

Shares created using the CEPHFS protocol will now feature the backing filesystem name in the share metadata, making it easier to mount shares.

A new driver-advantaged share backup implementation has been added with NetApp ONTAP storage systems.

Administrators can now enable a deferred approach for share and share snapshot deletions. With this approach, user quotas are immediately released while deletions are processed within back-end storage systems in periodic intervals.

Support was added for the external-gateway-multihoming API extension. The L3 service plugins supporting it can now create multiple gateway ports per router. It is currently limited to the L3 OVN plugin.

Bidirectional Forwarding Detection (BFD) and Equal-Cost Multi-Path (ECMP) configuration options are now supported on default routes. Both configuration options have a default value of ‘False’ and are only supported with the OVN driver.

Metadata over IPv6 is now supported in the OVN driver.

The L3 OVN scheduler was updated to better distribute gateways over chassis in different eligible Availability Zones (AZs), making it more resilient to failure.

The Ironic driver [ironic]/peer_list configuration option has been deprecated. The Ironic driver now more closely models other Nova drivers by having a single compute have exclusive control over assigned nodes. If high availability of a single compute service is required, operators should use active/passive failover. Now, Ironic nova-compute services can target a specific shard of ironic nodes by setting the [ironic]/shard configuration option and a new nova-manage db ironic_compute_node_move command can help the operators when upgrading their computes and telling which shard they could use.

Instances using vGPUs can now be correctly live-migrated if both of the compute nodes support libvirt-8.6.0 and QEMU-8.1.0, as the source mediated device will migrate the GPU memory to another target mediated device automatically. In order to do this, [libvirt/live_migration_downtime config option needs to be modified according to the aforementioned documentation.

As of the new 2.96 microversion, when asking the API for a server show or a server list, it returns a new parameter called pinned_availability_zone that indicates whether the instance is confined to a specific AZ or if it can be migrated to another one.

Instances using virtio-net will see an increase in performance between 10% and 20% if their image uses a new hw:virtio_packed_ring=true property or their flavor contains hw_virtio_packed_ring=true extra spec, provided libvirt version is >= 6.3 and QEMU >= 4.2.

As a security mechanism, a new [consoleauth]/enforce_session_timeout configuration option provides the ability to automatically close a server console session when the token expires.

Users can boot instances with large RAM by specifying either through flavor extra specs hw:maxphysaddr_mode=emulate and hw:maxphysaddr_bits or by image properties hw_maxphysaddr_mode and hw_maxphysaddr_bits.

The Hyper-V virt driver has been removed. It was deprecated in the Nova 27.2.0 (Antelope) release. This driver was untested and has no maintainers. In addition, it had a dependency on the OpenStack Winstacker project that also has been retired.

A couple of other improvements target reducing the number of bugs we have : one automatically detecting the maximum number of instances with memory encryption which can run concurrently, another one allowing to specific an IP address or hostname for incoming move operations (by setting [libvirt]/migration_inbound_addr) and yet another one defining aliases for libvirt disks as a defined identifier to look at.

Octavia Amphora based load balancers now support using SR-IOV Virtual Functions (VF) for the load balancer VIP ports. This can significantly reduce latency for traffic flowing through the load balancer.

Added support for VPNaaS setup with ml2.ovn neutron_plugin_driver.

Added support for OVN BGP Agent installation.

Added support for OVN driver for Octavia.

Added experimental way for deploying Magnum with Vexxhost Cluster API driver.

Implemented openstack.osa.openstack_resources role for creation and management of common resources inside OpenStack

Introduce a sample of management driver for deploying Cilium.

Update tacker-horizon for supporting NFV Orchestration API V2.0 operations.

Drop legacy APIs introduced before ETSI NFV SOL standards support.

Revise documentation for fixing lack of usecases or usages of support tools, dropping descriptions of legacy features such as VNFFG, and improving structure of the docs for maintaenance.

Several bug fixes including Terraform infra-driver, invalid behavior of placementConstraints or so.

Terminate huge amount of useless logs in test results on zuul.

Implementation of the secure role-based access control (sRBAC) in NFV Orchestration API V1.0.

Trove now supports the network isolation between the management network and the business network by implementing a simple docker network driver in Guest agent.