Xena Series (11.0.0 - 11.2.x) Release Notes¶
Password files (
htpasswd) are no longer world-readable.
Fixes the Bifrost inventory plugin to not set the
network_interfacevariable since it conflicts with the Bifrost’s variable with a different meaning.
Ironic Prometheus Exporter is now run as the
ironicuser, not as root.
uuidis not set in the inventory file.
Fixed an outdated grub and shim efi binaries path for Red Hat to to be under
Fixes the iptables rule for PXE on systems not using firewalld (use port UDP/67 and UDP/69 instead of TCP/68 and TCP/69).
Adds support for using dnsmasq as a DHCP relay target via the new
enabled_raid_interfacesbased on the
Adds support for manually specified enabled raid interfaces via the new
Supports customizing the TFTP directory via the new parameter
Adds a new role
bifrost-uwsgi-installencapsulating uWSGI configuration logic.
Virtual media images are now protected by TLS when TLS support is enabled.
Fedora 34 cryptography settings may prevent it from logging into CirrOS via SSH. CirrOS images should not be used in production. If this problem affects your development environment, temporary lower the cryptography profile:
sudo update-crypto-policies --set LEGACY
Fedora 34 is now tested in the CI. Fedora 32 and newer should work, but are not tested any more.
adminKeystone endpoint will be upgraded from using port 35357 (a separate admin API) to use port 5000 (the default Identity API).
Switches TFTP handling from Xinetd to dnsmasq, which must be enabled for TFTP boot to work.
Keystone services are now run as separate systemd services
uwsgi@keystone-admin. The standalone
uwsgiservice is no longer used and is disabled on upgrade.
true, virtual media images for Redfish, iDRAC-Redfish and iLO are now served via TLS using the Ironic’s TLS certificate. If this is not desired, set the new option
The new server’s port can be configured via the new
The separate Keystone admin API (served at port 35357) is deprecated and will be removed in a future release. Please update your applications to refer to port 5000 only for Keystone operations.
copy_from_local_pathis used, destination path is removed on upgrade before copying.
Fixes Fedora 34 support by switching from the removed Xinetd to dnsmasq for TFTP boot.
Fixes support for TLS
ca_certand other current authentication parameters in the
os_ironic_node_infomodule. The implementation uses utilities from the OpenStack Ansible collection.
Moves the generic code for managing Nginx into a new role
enabled_vendor_interfacesbased on the
Adds support for manually specified enabled vendor interfaces via the new
Automatically configures the required management interface for the
ipa_download_headersvariable to control HTTP headers used when downloading IPA images.
Kernel parameters for the
ilo-virtual-mediaboot interface can now be set via the new
Adds the require default kernel parameters for the
Installs sushy-oem-idrac when the
idrachardware type is enabled.
Moves installation of package dependencies for Diskimage Builder (DIB) from the
bifrost-create-dib-imagerole to the
bifrost-install-ironicrole. This provides a cleaner separation between installation and image creation.
Removes support for the deprecated
Fixes a failure when building an Ubuntu image due to a missing