Ocata Series (3.0.0 - 3.0.x) Release Notes¶
During the Ocata cycle, a number of improvements have been made to bifrost to improve the managability and longevity of a bifrost installation. Coupled with a number of fixes, and improvements, users upgrading should take the time to read the entire release notes. A few highlights are below:
- Bifrost now installs and utilizes Ansible 2.1 by default from PyPI.
- Ironic’s default of modifying a pre-existing ironic.conf upon the installation being re-executed, has been changed to a utilize a template file.
- Bifrost supports generating and reading from a os-client-config
clouds.yamlfile for obtaining credentials.
- Bifrost can now leverage authentiation, as well as install and configure keystone if requested by the installer.
- As a number of in-tree drivers in ironic were removed this past cycle, due to lack of third-party CI, support has been added to enable installation of the staging drivers repository.
- Allow user to insert private SSH key for ironic user. This is useful for ansible deploy driver and another ssh based drivers. The private key can be specified as path to local file in
ssh_private_key_pathvariable, or as string in
- Allow install Ironic on remote server. Added group ‘target’ to inventory, which is same as localhost by default. For install ironic remotely, address and ssh credentials should be configured in playbooks/inventory/target file.
- Bifrost has been updated to utilize Ansible 2.1’s stable branch for the version of ansible installed.
Bifrost now prefers to use a system with Ansible already installed. When this is the case, execution of the
env-setup.shscript is not required as it is geared for development and testing use of bifrost.
In order to use the playbooks on a system with Ansible already installed, the library requirements must be installed prior to playbook execution:
pip install -r requirements.txt
Administrative privileges may be required if the packages must be installed system wide.
The environment setup script will now attempt to install bifrost from PyPI instead of using a stable branch. This is to address stability issues with Ansible stable branches.
If not requested to be installed into virtualenv, Ansible will be installed into user’s
~/.localdirectory to not clobber possibly existing system installation. To use such installed Ansible, modifications of
$PATHenvironment variable might be required to include
Some backwards compatibility is provided via the use of the
ANSIBLE_GIT_BRANCHvariable, where a user can define
stable-X.Yand the latest available version in that series will be installed. To install the Ansible 2.1 series as part of the env-setup script, execute
env ANSIBLE_GIT_BRANCH="stable-2.1" scripts/env-setup.
ANSIBLE_PIP_VERSIONcan be utilized to specify the exact version, or range of version desired. Example:
- Allows to choose to leverage authentication with roles that interact with ironic services via ansible modules. This is limited to sessions that obtain authentication information via os-client-config. The role defaults ultimately remain unchanged and default to noauth mode. More information on os-client-config can be found at http://docs.openstack.org/developer/os-client-config/
- Bifrost now has a role that can create a clouds.yaml file for os-client-config based client auto-configuration.
- The functionality to create a service account and default user account to bifrost has been added. This is controlled by the
enable_keystoneparameter as well a
ironicdata structure that contains all required parameters. Please consult the bifrost-ironic-install/defaults/main.yml file for more details.
- Previously bifrost deployments on RedHat/Suse systems had to be performed with selinux at least in permissive mode. This patch adds the necessary policies to allow the components to operate with selinux in enforcing mode.
- bifrost now supports
dnfas package manager on RedHat-based distros. It tries to use it by default and falls back to
dnfis not available.
- Discovery of nodes via the ironic-inspector is now enabled by default. If you wish to disable this, set
falseand re-execute the installation playbook.
- Inspector is now installed and enabled by default. This changes default value for the
- Functionality to configure the ironic-inspector to utilize keystone, utilizing the base
- An ansible role enabling the installation of keystone has been added in preparation for the addition of keystone support to bifrost.
bifrost-keystone-client-configrole can now write a
clouds.yamlfile with several clouds settings. It starts to accept a single compound variable
cloudsthat must contain a dictionary describing key:value pairs in the format of
<cloud-name>:<dict-of-cloud-settings>. The previous way of passing
config_*vars to the role is supported for backward compatibility but is deprecated and should be expected to be removed in Pike.
In addition to previous
bifrostcloud, the default
install.yamlplaybook now also writes
bifrost-admincloud settings that contain Keystone admin credentials so that when installed, the Keystone service is fully usable right away (users/projects etc can be managed).
- The capability for Bifrost to read directly from the os-client-config data has been added. While shade can do this for us to a degree, bifrost also allows a user to directly choose the server which they are connecting to via the
ironic_urlparameter. Instead of duplicate code and retool, if no global
authparameter is detected, the authentication parameters from the
os_client_configmodule is utilized to set the parameters.
- An optional parameter has been added to the roles that interact with ironic that defines a
cloud_name. This cloud name is utilized by the roles to determine the entry from os-client-config to utilize.
- Add support of remote logging. This feature allows to send logs from local syslog server and not collects logs from services on baremetal nodes. To collect from the actual running nodes requires configuration injected into each deployed host. Syslog server address and port can be specified in options
- Ironic-Staging-Drivers can now be installed. These are drivers that are not included in the ironic repo, and provide additional hardware support for ironic. More information about the drivers can be found at Ironic-Staging-Drivers To install the staging drivers set staging_drivers_include to true. The default value is false.
- Ironic.conf is templated and only sets required options now, as opposed to editing the sample configuration of Ironic.
- If installing bifrost in a virtualenv (venv) and running playbooks against localhost, you must install the basic python requirements on a system-wide level due to the operating behavior of Ansible.
- Users wishing to utilize authentication without leveraging os-client-config, will need to manually update the playbooks in order to set the appropriate module settings.
- Bifrost now has a role that can create a clouds.yaml file for os-client-config based client auto-configuration. This file overwrites the default file for the user executing bifrost, located at
~/.config/openstack/clouds.yaml. It is recommended that users execute bifrost’s installation via a service account.
- The addition of support for os-client-config does not allow a user to choose their
clouddirectly. Only the first entry returned is utilized.
- Log entries where authentication data is read and stored have been masked with the
no_logparameter. Troubleshooting non-standard authentication configurations may require modifying the playbooks so users can debug their input OR pass data directly in a different way.
- Bifrost has been changed to utilize Ansible 2.1 by default. Should a deployment encounter issues with Ansible, they may wish to check/update their version of Ansible, or re-execute the env-setup.sh script.
- Bifrost no longer supports installing ironic AMT drivers when PXE drivers are enabled (which is the default) due to AMT drivers having been removed from ironic in Ocata release.
- Upon installation, bifrost will replace the installed ironic.conf file with a template generated file. Custom setting changes to that file, which were previously retained, will now be lost upon re-installation.
ANSIBLE_INSTALL_ROOTvariable has been deprecated and is used only to raise a warning for third party scripts.
ANSIBLE_FROM_PYPIvariable no longer has any effect, as Ansible is always installed from PyPI now.
node_network_infoparameter has been deperecated in favor of the
node_network_dataparameter as the related configuration drive
network_info.jsonfile was misnamed originally, and should have been named
network_data.json. Support for the node_network_info, and the continued write-out of the network_info.json file in configuration drives will be removed in the Queens cycle.
ironic_auth_strategysetting is deprecated and will be removed in Pike. The setting has no effect if the
enable_keystonesetting is present and set to
inspector_authsetting is deprecated and will be removed in Pike. The setting has no effect if the
enable_keystonesetting is present and set to
config_*variables defining credentials for
bifrostcloud to the
bifrost-keystone-client-configrole has been deprecated, and will be removed in the Pike cycle. Instead a single compound variable named
cloudsdefining sets of settings to be written to
clouds.yamlshould be passed to that role.
- Due to breaking change in the stable branch tags utilized with Ansible, bifrost now utilizes installation of Ansible from PyPI.
- When support for passing configuration drive data to the nodes was originally created, the file was accidently named incorrectly as
network_info.json. The correct filename is
network_data.json. Both files will now be written until support for writing
network_info.jsonis removed in the Queens cycle.
- Added dhcp configuration tasks to inspection role. In case when inventory_dhcp is enabled and node is not deployed yet, inspection is not working because dnsmasq ignores requests from unknown address. This fix introduces tasks which configures dhcp before inspection.
- Some users have encountered issues with introspection periodically timing out for systems. As a result, we have added a new parameter
inspection_wait_timeoutthat is now defaulted to
- By default, the installation process now downloads iPXE binaries from ipxe.org upon re-installation. Previously, the download was not set to be forced, and thus would be skipped if the file was already present.
- In the past, the sample config in Ironic may have set some boilerplate that Bifrost took advantage of. But now that config is entirely made up of comments, and so this change does not change much except stripping out all of those comments and leaving just the required content in ironic.conf to use Ironic with Bifrost.