Ussuri Series (8.0.0 - 8.1.x) Release Notes

8.1.0-16

Upgrade Notes

  • Bifrost no longer adds ironic and ironic-inspector endpoints to the public firewalld zone, the operator has to do it explicitly if external access is expected.

  • Adds the explicit setting of file access permissions to get_url calls in bifrost ansible playbooks to ensure that the contents of “/httpboot” are world-readable independently of which Ansible version is in use.

Bug Fixes

  • Fixes fast-track deployment after inspection/discovery by providing the correct ironic API URL to the ramdisk.

  • Fixes deployment in a testing environment on CentOS 8 by using firewalld instead of iptables to enable access from nodes to ironic.

  • Automatically enables DHCP and TFTP services in firewalld on CentOS/RHEL.

  • Instead of modifying the public firewalld zone, creates a new zone bifrost and puts the network_interface in it. Set firewalld_internal_zone=public to revert to the previous behavior.

  • Makes /var/lib/ironic and its images subdirectories readable by nginx. This is required for using the images cache.

  • Fixes ACL of PXE and iPXE boot files to make sure they are world-readable.

  • Resolves the issue with ansible versions 2.9.12 and 2.8.14 where implicit setting of file permissions on files downloaded with get_url calls results in overly restrictive permissions. This leads to access denied while attempting to read the contents of “/httpboot” and results in failed deployments.

  • Removing dependency on libselinux-python for Fedora OS family. This package is no longer present in Fedora 32 and was causing installation failures. It is safe to remove as it is used with python2 only.

  • On systems with SELinux enforcing, enables nginx to read symbolic links. Fixes network boot of instances.

  • Adds correct SELinux context for /tftpboot.

8.1.0

New Features

  • Debian Buster is now supported as a base operating system.

  • Ubuntu Focal (20.04) is now supported as a base operating system.

  • Fedora 30 is now supported as a base operating system.

Upgrade Notes

  • Explicit support for Fedora versions < 30 has been removed.

  • Explicit support for Debian Jessie has been removed.

  • All packages are now installed in a virtual environment in /opt/stack/bifrost by default instead of system-wide.

Deprecation Notes

  • Support for system-wide installation of packages is deprecated, untested and may be removed in a future release.

Bug Fixes

  • Fixes installing Keystone under CentOS 8.

  • Fixes failure to install on systems with a local resolved by setting disable_dnsmasq_dns to True by default.

Other Notes

  • Support for Ubuntu Xenial and Debian Stretch has been officially removed (Bifrost has been broken on them since Ussuri because of the transition to Python 3.6).

8.0.0

New Features

  • The default for bifrost is to enable ironic’s fast_track mode using ironic.conf’s [deploy]fast_track option which enables ironic to skip a power cycle sequence for deployments if the node power is already on and the agent is running, which is how stand-alone deployments tend to operate.

  • The default operating mode of bifrost now no longer powers off nodes once they have been inspected. This leaves the ironic-python-agent running and ultimately allows moving into deployment skipping a full boot sequence when following the typical use path.

    This setting may be disabled and the previous behavior reverted by changing the power_off_after_inspection setting to true. This setting maps to ironic-inspector.conf’s [processing]power_off and ironic.conf’s [inspector]power_off settings.

Upgrade Notes

  • The default version of Ansible becomes 2.8, replacing version 2.6 that is EOL. This version guarantees full bug fix and security patches and has a better support for Python 3.x.

  • Python 2.7 support has been dropped. Last release of bifrost to support Python 2.7 is OpenStack Train. The minimum version of Python now supported by bifrost is Python 3.6.

  • Define a default ansible version to install using DEFAULT_PIP_ANSIBLE variable, but allow override it either using a schema understood by pip using ANSIBLE_PIP_VERSION, or setting a local path or a remote url using ANSIBLE_SOURCE_PATH.

  • Due to the limitations of managed in-band inspection, the inspector_extra_kernel_options parameter must only contain key=value pairs. Use extra_kernel_options to provide generic kernel options.

Bug Fixes

  • Uses the appropriate ironic-python-agent branch when building a deploy ramdisk instead of unconditionally using master. Set ipa_git_branch to override.

  • The inspector iPXE template kernel command line argument ip has been removed as it is incompatible with the BOOTIF and missing autoconf parameters with dracut. Without this change CoreOS IPA images cannot be booted. Further details can be found in story 2006700.

Other Notes

  • We have removed the CI jobs with Ubuntu Xenial and CentOS 7 in favor of CI jobs with Ubuntu Bionic and CentOS 8.

  • The default libvirt network interface card type has been changed from virtio to e1000 in order to support testing on Bionic. Users should not experience any issues as a result of this, however the bifrost-create-vm-nodes setting test_vm_nic can be used to explicitly choose virtio network interface cards.