Ussuri Series (8.0.0 - 8.1.x) Release Notes¶
Bifrost no longer adds ironic and ironic-inspector endpoints to the public firewalld zone, the operator has to do it explicitly if external access is expected.
Adds the explicit setting of file access permissions to get_url calls in bifrost ansible playbooks to ensure that the contents of “/httpboot” are world-readable independently of which Ansible version is in use.
Fixes fast-track deployment after inspection/discovery by providing the correct ironic API URL to the ramdisk.
Fixes deployment in a testing environment on CentOS 8 by using firewalld instead of iptables to enable access from nodes to ironic.
Automatically enables DHCP and TFTP services in firewalld on CentOS/RHEL.
Instead of modifying the
publicfirewalld zone, creates a new zone
bifrostand puts the
network_interfacein it. Set
firewalld_internal_zone=publicto revert to the previous behavior.
/var/lib/ironicand its images subdirectories readable by nginx. This is required for using the images cache.
Fixes ACL of PXE and iPXE boot files to make sure they are world-readable.
Resolves the issue with ansible versions 2.9.12 and 2.8.14 where implicit setting of file permissions on files downloaded with get_url calls results in overly restrictive permissions. This leads to access denied while attempting to read the contents of “/httpboot” and results in failed deployments.
Removing dependency on libselinux-python for Fedora OS family. This package is no longer present in Fedora 32 and was causing installation failures. It is safe to remove as it is used with python2 only.
On systems with SELinux enforcing, enables nginx to read symbolic links. Fixes network boot of instances.
Adds correct SELinux context for
Debian Buster is now supported as a base operating system.
Ubuntu Focal (20.04) is now supported as a base operating system.
Fedora 30 is now supported as a base operating system.
Explicit support for Fedora versions < 30 has been removed.
Explicit support for Debian Jessie has been removed.
All packages are now installed in a virtual environment in
/opt/stack/bifrostby default instead of system-wide.
Support for system-wide installation of packages is deprecated, untested and may be removed in a future release.
Fixes installing Keystone under CentOS 8.
Fixes failure to install on systems with a local resolved by setting
Support for Ubuntu Xenial and Debian Stretch has been officially removed (Bifrost has been broken on them since Ussuri because of the transition to Python 3.6).
The default for bifrost is to enable ironic’s fast_track mode using ironic.conf’s
[deploy]fast_trackoption which enables ironic to skip a power cycle sequence for deployments if the node power is already on and the agent is running, which is how stand-alone deployments tend to operate.
The default operating mode of bifrost now no longer powers off nodes once they have been inspected. This leaves the ironic-python-agent running and ultimately allows moving into deployment skipping a full boot sequence when following the typical use path.
This setting may be disabled and the previous behavior reverted by changing the
true. This setting maps to ironic-inspector.conf’s
The default version of Ansible becomes 2.8, replacing version 2.6 that is EOL. This version guarantees full bug fix and security patches and has a better support for Python 3.x.
Python 2.7 support has been dropped. Last release of bifrost to support Python 2.7 is OpenStack Train. The minimum version of Python now supported by bifrost is Python 3.6.
Define a default ansible version to install using DEFAULT_PIP_ANSIBLE variable, but allow override it either using a schema understood by pip using ANSIBLE_PIP_VERSION, or setting a local path or a remote url using ANSIBLE_SOURCE_PATH.
Due to the limitations of managed in-band inspection, the
inspector_extra_kernel_optionsparameter must only contain
extra_kernel_optionsto provide generic kernel options.
Uses the appropriate ironic-python-agent branch when building a deploy ramdisk instead of unconditionally using master. Set
Uses ironic-python-agent-builder instead of the deprecated and broken
ironic-agentelement to build deploy ramdisk.
The inspector iPXE template kernel command line argument
iphas been removed as it is incompatible with the
autoconfparameters with dracut. Without this change CoreOS IPA images cannot be booted. Further details can be found in story 2006700.
We have removed the CI jobs with Ubuntu Xenial and CentOS 7 in favor of CI jobs with Ubuntu Bionic and CentOS 8.
The default libvirt network interface card type has been changed from
e1000in order to support testing on Bionic. Users should not experience any issues as a result of this, however the
test_vm_niccan be used to explicitly choose
virtionetwork interface cards.