Wallaby Series (10.0.0 - 10.2.x) Release Notes

10.2.1

Upgrade Notes

  • Moves installation of package dependencies for Diskimage Builder (DIB) from the bifrost-create-dib-image role to the bifrost-install-ironic role. This provides a cleaner separation between installation and image creation.

Bug Fixes

  • Password files (htpasswd) are no longer world-readable.

  • Works around the libvirt module is not importable error by installing libvirt-python from source install of a wheel.

  • Fixes a failure when building an Ubuntu image due to a missing squashfs-tools package.

  • Fixes the iptables rule for PXE on systems not using firewalld (use port UDP/67 and UDP/69 instead of TCP/68 and TCP/69).

10.2.0

New Features

  • Adds the --disable-dhcp argument to ./bifrost-cli install to disable the integrated dhcp configuration.

  • The dynamic DHCP inventory hostsdir is now created and enabled by default, even when inventory_dhcp is false.

Upgrade Notes

  • An additional DNS hosts directory is no longer created by default in /etc/dnsmasq.d/bifrost.hosts.d when inventory_dhcp is true. Set the new variable dnsmasq_additional_hostsdir to keep the previous behavior (you’ll need dnsmasq_enable_dns=true to actually use it).

Deprecation Notes

  • The parameter disable_dnsmasq_dns has been deprecated in favor of the new parameter dnsmasq_enable_dns.

Other Notes

  • No longer passes --no-cache-dir to pip by default.

10.1.0

New Features

  • Adds a new command bifrost-cli enroll to simplify enrolling nodes.

  • The ramdisk deploy interface is now enabled by default.

  • Supports automatically configuring required hardware interfaces for the idrac hardware type. The Redfish implementations are used.

Upgrade Notes

  • The deprecated iscsi deploy interface is no longer enabled by default, use enabled_deploy_interfaces to override.

  • Discovery of nodes via the ironic-inspector is now disabled by default. If you wish to enable this, set enable_inspector_discovery to true and re-execute the installation playbook.

  • Debug logging is now enabled in ironic by default, set the new ironic_debug parameter to false to override.

Bug Fixes

  • Fixes fast-track after inspection: the fast_track and power_off_after_inspection options are now correctly handled.

  • Fixes passing parameters with spaces to bifrost-cli.

10.0.0

New Features

  • Set the new boolean parameter ipa_add_ssh_key to True to configure an ability to log into ramdisk with the current user’s SSH key. Only works for DIB-based ramdisks built with the dynamic-login element.

  • Ansible 2.10 is now supported and used by default (2.9 is still supported).

  • Adds the --uefi argument to ./bifrost-cli testenv to make testing VMs boot in the UEFI mode.

  • Adds the --uefi argument to ./bifrost-cli install to make ironic use UEFI by default.

  • Enables support for redfish-virtual-media in legacy (BIOS) boot mode.

  • Adds support for testing bifrost with UEFI secure boot enabled in VMs. Requires an IPA ramdisk with kernel signed by a key recognized by GRUB2 on the host machine.

  • Adds support for emulating UEFI bare metal machines in the testing environment. Pass default_boot_mode=uefi to enable.

  • Adds support for Redfish virtual media in UEFI mode.

Known Issues

  • UEFI testing with network boot does not work on Ubuntu Focal because of TFTP issues.

Upgrade Notes

  • Following an announcement by the CentOS project, Bifrost has switched to CentOS Stream for testing. Regular CentOS is no longer tested in the CI, meaning that both it and RHEL will only be tested indirectly and supported on the best effort basis.

  • The role bifrost-create-bootable-image, marked as legacy since 2015, has been removed. Please use diskimage-builder or other external tools to build your images.

  • Bifrost now uses HTTP basic authentication by default. The generated credentials will be stored in ~/.config/openstack/clouds.yaml. Use noauth_mode=true with enable_keystone=false to disable authentication.

Deprecation Notes

  • Fedora 30 has reached end-of-life and is no longer explicitly tested. Its support will be removed in one of the future releases.

  • openSUSE Leap 15.1 is reaching end-of-life and is no longer explicitly tested. Its support will be removed in one of the future releases.

Bug Fixes

  • Unsets the OS_CLOUD variable in the generated openrc.

  • OS_AUTH_TYPE is now always set in the generated openrc.

  • FirewallD is now used on Fedora 32 and newer to fix firewall issues.

  • Fixes an issue with the Bifrost inventory plugin when used with BIFROST_INVENTORY_SOURCE=ironic. All node fields are now returned as facts, as in Ussuri and earlier releases. See story 2008394 for details.

  • Copies ironic-lib rootwrap.d filters to the correct location.

  • Correctly copies rootwrap.d filters on upgrade.

  • Fixes SELinux context not being applied to /httpboot and /tftpboot. This renders the ironic_policy module unnecessary, and it has been removed.

  • Ensures that the checksums file has the correct ownership.

  • Explicitly opens ports 68 and 69 in firewall on systems not using firewalld (e.g. Ubuntu).

  • Fixes PATH to always include the virtual environment when running validations.

Other Notes

  • Fedora 32 and openSUSE Leap 15.2 have been added to the supported OS list.