Victoria Series (8.2.0 - 9.0.x) Release Notes¶
9.1.0-4¶
Deprecation Notes¶
- Support for Fedora is no longer tested in the CI and will be removed from the code in the near future. 
9.1.0¶
Upgrade Notes¶
- Following an announcement by the CentOS project, Bifrost has switched to CentOS Stream for testing. Regular CentOS is no longer tested in the CI, meaning that both it and RHEL will only be tested indirectly and supported on the best effort basis. 
- Moves installation of package dependencies for Diskimage Builder (DIB) from the - bifrost-create-dib-imagerole to the- bifrost-install-ironicrole. This provides a cleaner separation between installation and image creation.
Bug Fixes¶
- Fixes an issue with the Bifrost inventory plugin when used with - BIFROST_INVENTORY_SOURCE=ironic. All node fields are now returned as facts, as in Ussuri and earlier releases. See story 2008394 for details.
- Fixes fast-track after inspection: the - fast_trackand- power_off_after_inspectionoptions are now correctly handled.
- Fixes passing parameters with spaces to - bifrost-cli.
- Fixes a failure when building an Ubuntu image due to a missing - squashfs-toolspackage.
9.0.1¶
Deprecation Notes¶
- Fedora 30 has reached end-of-life and is no longer explicitly tested. Its support will be removed in one of the future releases. 
- openSUSE Leap 15.1 is reaching end-of-life and is no longer explicitly tested. Its support will be removed in one of the future releases. 
Bug Fixes¶
- Unsets the - OS_CLOUDvariable in the generated- openrc.
- OS_AUTH_TYPEis now always set in the generated- openrc.
- FirewallD is now used on Fedora 32 and newer to fix firewall issues. 
- Copies ironic-lib rootwrap.d filters to the correct location. 
- Correctly copies rootwrap.d filters on upgrade. 
- Explicitly opens ports 68 and 69 in firewall on systems not using firewalld (e.g. Ubuntu). 
- Fixes - PATHto always include the virtual environment when running validations.
Other Notes¶
- Fedora 32 and openSUSE Leap 15.2 have been added to the supported OS list. 
9.0.0¶
New Features¶
- Adds support to install the Ironic Prometheus Exporter. It can be done through the - bifrost-cliusing- --enable-prometheus-exporteroption, or when setting enable_prometheus_expoter=True when deploying.
- The first IPv4 address of the - network_interfaceis now used for ironic and ironic-inspector API URLs in- clouds.yamlin- openrcinstead of- localhost. Use- ironic_api_urland- ironic_inspector_api_urlto override.
- The - bifrost-keystone-client-configrole now validates that CLI access actually works with the generated configuration, use- skip_validation=falseto disable.
- Supports TLS configuration by setting - enable_tls=trueand, optionally,- generate_tls=true. The corresponding- bifrost-cliargument is- --enable-tls(auto-generated certificates only).
- The - bifrost-ironic-installrole now validates that the services have been started successfully, use- skip_validationto disable.
Known Issues¶
- Because of Ansible dependencies Bifrost only works on virtual environments created with - --system-site-packages.
- When using Keystone for authentication, it may not be possible to disable TLS after enabling it if the certificate is in a non-standard location. 
- Due to upgrade limitations, it may not be possible to enable TLS on upgrading from a previous version. Do an upgrade first, then enable TLS in a separate installation step. 
Upgrade Notes¶
- The - use_public_urlsparameter is no longer supported, just provide- public_ipinstead.
- Bifrost no longer adds ironic and ironic-inspector endpoints to the public firewalld zone, the operator has to do it explicitly if external access is expected. 
- Support for the legacy CSV inventory format has been removed, only JSON and YAML are supported now. 
- Support for installing and using RabbitMQ has been removed. 
- Support for storing introspection data in nginx has been removed. It was useful before ironic-inspector started supporting storing data in the database, which is the default nowadays. 
- Support for the OpenStack MetaData version 2012-08-10 has been removed from the - bifrost-configdrives-dynamicrole. The newest supported metadata version is now 2015-10-15.
- The deprecated parameter - node_network_infohas been removed, use- node_network_datainstead.
- Adds the explicit setting of file access permissions to get_url calls in bifrost ansible playbooks to ensure that the contents of “/httpboot” are world-readable independently of which Ansible version is in use. 
- Packaged iPXE ROMs are now used by default on openSUSE, set - download_ipxe=trueto override.
- Bifrost will no longer kill all running dnsmasq processes for you. If you have dnsmasq processes that are not managed by systemd, you have to stop them yourself. 
- No longer supports installation outside of a virtual environment. The parameter - enable_venvhas been removed.
Bug Fixes¶
- Fixes an issue where the bifrost-create-dib-image role overrides any existing ELEMENTS_PATH environment variable value. This fix appends any existing ELEMENTS_PATH value to the path set in the role. 
- Changes to keystone endpoint configuration are now automatically reflected on existing endpoints. 
- Correctly updates repositories copied with - copy_from_local_path.
- When copying repositories using - copy_from_local_path, make sure they are consistently owned by the local user. Previously some repositories could end up owned by- root.
- Correctly updates IPA images checksums on a major upgrade. 
- Automatically enables DHCP and TFTP services in firewalld on CentOS/RHEL. 
- Instead of modifying the - publicfirewalld zone, creates a new zone- bifrostand puts the- network_interfacein it. Set- firewalld_internal_zone=publicto revert to the previous behavior.
- Makes - /var/lib/ironicand its images subdirectories readable by nginx. This is required for using the images cache.
- Fixes ACL of PXE and iPXE boot files to make sure they are world-readable. 
- Resolves the issue with ansible versions 2.9.12 and 2.8.14 where implicit setting of file permissions on files downloaded with get_url calls results in overly restrictive permissions. This leads to access denied while attempting to read the contents of “/httpboot” and results in failed deployments. 
- Ensures that repositories are consistently owned by the calling user. 
- Removes the - test_vm_network_enable_dhcpoption and disables DHCP on the libvirt network instead of unconditionally killing all dnsmasq processes on the machine.
- Adds correct SELinux context for - /tftpboot.
Other Notes¶
- The file - env-varshas been removed. It contains variables that only work for no-auth mode and only for ironic itself (not inspector). Use the generated- clouds.yamlor- openrcin the home directory.
- The primary supported version of Ubuntu is now 20.04 (Focal). Ubuntu 18.04 (Bionic) is still supported, but may be removed in a future release. 
- Ironic JSON RPC is now always authenticated, even in no-auth mode. 
- Removes the no longer used - transform_boot_imagevariable.
