Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

New and Changed Features From Previous Contrail Cloud Releases


This section contains the new or changed features for the specified Contrail Cloud Release.

New and Changed Features in Contrail Cloud 13.3

The features listed in this section are new as of Contrail Cloud Release 13.3. A brief description of each feature is included.

Product Components

  • Contrail Networking Release 1912.L1

  • AppFormix Release 3.1.17

    • AppFormix Release Notes are available as part of the software download package.

  • Red Hat OpenStack 13 (z10)–OpenStack Queens Version (Red Hat CDN sync 25-Feb-2020)

  • RHEL 7.7–Linux 3.10.0-1062.12.1.el7 kernel (Red Hat CDN sync 25-Feb-2020)

  • Red Hat Ceph Storage 3.3 (Red Hat CDN sync 25-Feb-2020)

Contrail Networking

OpenStack Compute

  • Host Aggregate configurations.

    Host Aggregate provides an extra level of abstraction to map different workloads to different groups of compute nodes. Compute deployment can be separated into logical groups based on like hardware or software flavors, or other user defined identifiers. Actions can target certain roles or groups using the metadata from the aggregates, as opposed to actions targeting host-by-host, one-by-one. Aggregates and Availability Zone filters can be used simultaneously for scheduling VMs. Availability Zones are created automatically when the metadata is defined. Aggregate management happens during the post-deployment stage, and allows for easy assignment of additional hosts.

    Host Aggregates can also be used to map different groups of hosts to different Availability Zones. Do note though that a host can be in multiple Aggregates but only reside in one Availability Zone.

    For more information, see Managing Host Aggregates.

OpenStack Storage

  • Expanded disk labeling.

    Additional disk label configurations allow a disk device to be referenced by its alias and can be used in other configurations. This allows for reliable and predictive naming of disk devices. This is important because during a reboot the OS can rename a disk and break the current disk mapping.


  • IdM support.

    An integrated Identity and Authentication solution for Linux and UNIX networked environments. IdM provides centralized authentication, authorization, and account information by storing data about users, groups, hosts, and other objects necessary to manage the security of a network of hosts. Within Contrail Cloud all overcloud nodes and undercloud VM will be joined to the IdM. All certificates for OpenStack and Contrail will be created and managed by IdM. A one time password (OTP) mechanism is used to join the undercloud to IdM.

    For more information, see:

  • Contrail Cloud Satellite helper scripts have been changed to use the full activation key.

    • scripts/ and scripts/ commands now expect the full activation key name to be provided with the --user option.

In-place Upgrade Improvements

  • Overall improvements to speedup the upgrade process and reduce overall time required to complete an upgrade.

  • The state of the update is maintained to ensure that steps are not repeated for each role. A lockfile is created in the /home/stack/contrail_cloud_update directory, on the undercloud VM for this purpose.

  • Parallel update is used in the step2 script during the overcloud nodes update.

  • Parallel update for compute roles is defined by a serial mechanism.

  • Roles can be updated in parallel and nodes within each role are updated sequentially.

  • Increased the parameter DockerPuppetProcessCount from 3 to 8 to speed up Docker Puppet steps.

  • Contrail TripleO Heat Template fix for unexpected reboot of computes in Step 3 of the in-place upgrade.

  • Computes can be restarted in step2 of the upgrade process, after a successful update. Update reboot behavior is configured in config/site.yml.

New and Changed Features in Contrail Cloud 13.2.1 Maintenance Release

The focus of the maintenance release replaces Contrail containers to address security vulnerabilities (CVE-2019-17267 JTAC case: 2020-0116-0248) and CVE-2019-19919 (JTAC Case: 2020-0116-0087)). RHEL and RHOSP components remain the same for this maintenance release. The in-place upgrade procedure remains the same when upgrading from Contrail Cloud 13.2 to Contrail Cloud 13.2.1.

Contrail Cloud 13.2.1 product components:

  • Contrail Networking R1912 containers.

    For more information, see Contrail Networking Release R1912.

  • AppFormix Release 3.1.6

  • Red Hat OpenStack 13 (z8)–OpenStack Queens Version (Red Hat CDN sync 1-October-2019)

  • RHEL 7.7–Linux Kernel Version 3.10.0-1062.1.2.el7.x86_64 (Red Hat CDN sync 1-October-2019)

  • Red Hat Ceph Storage 3.2 (Red Hat CDN sync 1-October-2019)

The Contrail Cloud 13.2.1 Release includes the following changes:

  • Contrail TripleO Heat Templates.

    • Fix for computes rebooting when using /scripts/ in the in-place upgrade procedure.

      Computes are rebooted only when arguments to the kernel are changed in the templates.

  • Contrail Cloud Automation.

    • Data collection fix for

      hostname was changed to use -s, and files are now created in the /tmp/ directory as contrail user, not root.

    • All needed proxy settings are exported by default at the beginning of the post-deploy script run for satellite registration.

    • Fixes for organization and service user in Ansible when running a fresh install of Contrail Cloud.

New and Changed Features in Contrail Cloud Release 13.2

The features listed in this section are new as of Contrail Cloud Release 13.2. A brief description of each feature is included.

Product Components

  • Contrail Networking Release 1910

  • AppFormix Release 3.1.6

  • Red Hat OpenStack 13 (z9)–OpenStack Queens Version (Red Hat CDN sync 1-October-2019)

  • RHEL 7.7–Linux Kernel Version 3.10.0-1062.1.2.el7.x86_64 (Red Hat CDN sync 1-October-2019)

  • Red Hat Ceph Storage 3.2 (Red Hat CDN sync 1-October-2019)


  • Enhancements to The script will now verify configuration file syntax and schema. For more information, see Contrail Cloud Deployment Guide.

  • AppFormix cleanup no longer requires an overcloud redeploy to provision the AppFormix controller VMs.

  • The default memory size has been increased from 24 GB to 32 GB ram for the control, contrail-controller and contrail-analytics-database VMs on the control hosts.

New and Changed Features in Contrail Cloud Release 13.1

The features listed in this section are new as of Contrail Cloud Release 13.1. A brief description of each feature is included.

Product Components

  • Contrail Networking Release 1908

  • AppFormix Release 3.1.0

  • Red Hat OpenStack 13—OpenStack Queens Version (Red Hat CDN sync 5-August-2019)

  • RHEL7.6—Linux Kernel Version 3.10.0-957.27.2 (Red Hat CDN sync 5-August-2019)

  • Red Hat Ceph Storage 3.2 (Red Hat CDN sync 5-August-2019)

OpenStack Compute

  • Multiple compute and storage roles allowed for different physical resources.

    A profile is a homogenous group. A role can use multiple profiles as sub-roles to allow heterogeneous hardware to use the same overcloud role.

Ceph Storage

  • Ceph Storage 3.2 support with full support for BlueStore Ceph backend.

    For more information, see BlueStore: Improved performance with Red Hat Ceph Storage 3.2

  • Encrypted disk contents for Ceph OSD storage.

  • Ceph journal device configuration for legacy filestore.

  • RGW for Object Store (Swift/S3) backend.

  • Allow pools to be disabled.

    Ceph pools for OpenStack services that are not used can be disabled. As an example in Contrail Cloud, Gnocchi and Ceilometer services are disabled by default.

  • External Ceph cluster support.

    Contrail Cloud allows for integration of pre-existing Ceph clusters as opposed to creating a new Ceph cluster for deployment.

OpenStack Networking

  • IPv6 supported in the overcloud networks.

    The supported networks are:

    • External

    • Storage

    • StorageMgmt

    • Management

    Networks that do not support IPv6 in the overcloud:

    • ControlPlane

    • InternalAPI

    • Tenant

    For more information, see IPV6 NETWORKING FOR THE OVERCLOUD.

  • Multiple subnet support for compute and storage.

    This aligns with Red Hat terminology for a Spine/Leaf Architecture. For more information, see SPINE LEAF NETWORKING.

  • Changed the default subnet used for the provisioning and controlplane activities from 192.0.2* to 192.168.213*.

    • Changed subnet default decreases the probability of an IP address already being used.

    • The default can be overridden by the user if necessary.

  • Sample configs use Linux bond for OVS bridging in the underlay (as opposed to OVS bond in previous Contrail Cloud releases).

Contrail Networking

  • TLS encryption certificate management for Sandesh and XMPP Contrail protocols.

  • SR-IOV (coexists with either kernel or DPDK vRouter) support using the new role ComputeSriov.

  • TSN support.

    A new ContrailTsn role was added. TSN is a container running in a separate VM added to the Control Host.

  • Custom container settings.

    Custom container settings allows passthrough values to set environment properties for Contrail containers

    For more information, see the sample files in the samples/features/extra-config/ directory.

  • Contrail Command UI Integration.

    Only the UI portion of Contrail Command is added in this release. Other capabilities of Contrail Command will be considered in future releases.

  • SDN gateway config with FIPs.

    Using the site.yml file, the user can provision SDN gateway configurations.

    For more information, see the sample files in the samples/features/provision-sdn-gateway/ directory.


  • Sensitive information at-rest encryption.

    • Supports Ansible Vault for secure storage of sensitive information. All passwords, keys, and other sensitive information are move to an encrypted vault config file.

    • Root password can be changed.

    • SSH keys can have a passphrase.

    • Certificate CA can be imported.

  • Automated deployment of compute and storage in small batches.

    In the event of large deployments, updating the entire set of compute and storage nodes can take a very long time. This can potentially lead to timeout errors and a failed deployment. The user can now configure how many nodes are to be deployed/updated in a single batch. The process will cycle through all the batches until the complete set of compute and storage nodes have been deployed.

  • Support for custom post-deploy actions.

    Typical actions include system tuning (CPU performance mode, file system tuning), blacking listing module, and more.

    These actions can be defined in the site.yml file. Examples are provided in the samples/features/extra-action/ directory

  • UEFI boot support.

    Contrail Cloud 13.1 added support for UEFI. Previous versions only supported legacy PXEboot

  • LLDP support on the jump host, control host, and all overcloud roles.

    This allows the user to discover server networking info from the switch or from the server. This information makes troubleshooting initial fabric connectivity easier.

  • Root disk specification.

    This can be configured in the site.yml file. For more information, see Appendix A of the Contrail Cloud Deployment Guide.

  • Node configuration validation tools.

    This is a configuration tool to check that physical resources correctly match roles intended for the nodes. The validation tool allows the user to query properties of nodes and compare the differences between nodes.

    For more information, see the Contrail Cloud Deployment Guide.

  • TripleO templates are validated before deployment start.

    An error in a TripleO file can take significant time to be found during deployment. This tool checks generated Heat templates for the most common errors before deployment starts. This is intended to save a significant amount of time should error detection occur.

OpenStack Deployment Enhancements

  • Admin password can be configured.

  • OpenStack CLI bash autocomplete on the undercloud.

  • Post deployment validation with Tempest.

    For more information, see the Contrail Cloud Deployment Guide.

  • Undercloud/Overcloud RabbitMQ tuning.

    Contrail Cloud applies best practice values to optimize RabbitMQ configuration. RabbitMQ tuning parameters are exposed in the site.yml file.

  • LDAP integration for Keystone

    LDAP integration for keystone example configuration can be seen in the site.yml file in the samples/features/ldap-backend-for-keystone-domains/ directory.


  • AppFormix.

    For more information, see AppFormix Documentation.

    • AppFormix is now set as an overcloud role.

    • Enable network topology view.

    • Allow virtual IP for the InternalAPI network.

    • Automation the addition of Contrail Config and Analytics REST API endpoints.

    • AppFormix plugin for HEAT overcloud service.

    • Custom plugin support.

New and Changed Features in Contrail Cloud Release 13.0.2

The features listed in this section are new as of Contrail Cloud Release 13.0.2.

  • Contrail Networking 5.0.2 is now distributed with Contrail Cloud 13.0.2. Contrail Networking 5.0.2 provides many fixes for issues (especially around DPDK). See the Contrail Networking Release Notes.

  • Contrail Cloud is delivered through the Contrail Cloud Repository Satellite. The Contrail Cloud Installer script, activation key, satellite DNS name, and satellite organization information is provided through a request to

New and Changed Features in Contrail Cloud Release 13.0

The features listed in this section are new as of Contrail Cloud Release 13.0.

  • Support for Red Hat OpenShift Platform 13 based on OpenStack Queens with container-based deployment.

  • Support for containerized Contrail Networking Release 5.0.1.

  • Support for AppFormix Release 2.16.6.

  • Support for Red Hat Enterprise Linux 7.5.

  • Single master script “” can be used to launch the 8 playbooks needed for Contrail Cloud deployment.

  • Networking layout is simplified and unified by using the os-net-config syntax and utility.

  • Disk layout on control-hosts is simplified and fully configuration driven.

  • Configuration has a tree structure which provides better logical organization and allows fine-grained overrides of default values.

  • Virtual machine(VM) networking layout is now configured in control-host-nodes.yaml.

  • Virtual machine (VM) data traffic was moved from the “InternalAPI” network to the “Tenant” network by default.

  • Service user is changed to “contrail” on control-hosts, appformix-nodes, and jumphost.

  • MAC addresses are no longer needed in inventory file.

  • Support for predictable node placement for control plane VMs.

  • Controller fencing support is automatically enabled on HA environments without user intervention.

  • Single root input/output virtualization (SR-IOV) supported as a Beta feature.