Xena Series (11.0.0 - 11.2.x) Release Notes¶
11.2.2¶
Bug Fixes¶
Password files (
htpasswd) are no longer world-readable.
Fixes the Bifrost inventory plugin to not set the
network_interfacevariable since it conflicts with the Bifrost’s variable with a different meaning.
Ironic Prometheus Exporter is now run as the
ironicuser, not as root.
Fixes
bifrost-configdrives-dynamicandbifrost-deploy-nodes-dynamicwhenuuidis not set in the inventory file.
11.2.1¶
Bug Fixes¶
Fixed an outdated grub and shim efi binaries path for Red Hat to to be under
EFI/redhat.
Fixes the iptables rule for PXE on systems not using firewalld (use port UDP/67 and UDP/69 instead of TCP/68 and TCP/69).
11.2.0¶
New Features¶
Adds support for using dnsmasq as a DHCP relay target via the new
dhcp_pool_maskparameter.
Automatically configures
enabled_raid_interfacesbased on theenabled_hardware_types.
Adds support for manually specified enabled raid interfaces via the new
enabled_raid_interfacesparameter.
Supports customizing the TFTP directory via the new parameter
tftp_boot_folder.
Adds a new role
bifrost-uwsgi-installencapsulating uWSGI configuration logic.
Virtual media images are now protected by TLS when TLS support is enabled.
Known Issues¶
Fedora 34 cryptography settings may prevent it from logging into CirrOS via SSH. CirrOS images should not be used in production. If this problem affects your development environment, temporary lower the cryptography profile:
sudo update-crypto-policies --set LEGACY
Upgrade Notes¶
Fedora 34 is now tested in the CI. Fedora 32 and newer should work, but are not tested any more.
The
adminKeystone endpoint will be upgraded from using port 35357 (a separate admin API) to use port 5000 (the default Identity API).
Switches TFTP handling from Xinetd to dnsmasq, which must be enabled for TFTP boot to work.
Keystone services are now run as separate systemd services
uwsgi@keystone-publicanduwsgi@keystone-admin. The standaloneuwsgiservice is no longer used and is disabled on upgrade.
If
enable_tlsistrue, virtual media images for Redfish, iDRAC-Redfish and iLO are now served via TLS using the Ironic’s TLS certificate. If this is not desired, set the new optionvmedia_enable_tlstofalse.The new server’s port can be configured via the new
file_url_port_tlsoption.
Deprecation Notes¶
The separate Keystone admin API (served at port 35357) is deprecated and will be removed in a future release. Please update your applications to refer to port 5000 only for Keystone operations.
Bug Fixes¶
When
copy_from_local_pathis used, destination path is removed on upgrade before copying.
Fixes Fedora 34 support by switching from the removed Xinetd to dnsmasq for TFTP boot.
Fixes support for TLS
ca_certand other current authentication parameters in theos_ironic_node_infomodule. The implementation uses utilities from the OpenStack Ansible collection.
Other Notes¶
Moves the generic code for managing Nginx into a new role
bifrost-nginx-install.
11.1.0¶
New Features¶
Automatically configures
enabled_vendor_interfacesbased on theenabled_hardware_types.
Adds support for manually specified enabled vendor interfaces via the new
enabled_vendor_interfacesparameter.
Automatically configures the required management interface for the
ilo5hardware type.
Adds
ipa_download_headersvariable to control HTTP headers used when downloading IPA images.
Kernel parameters for the
ilo-virtual-mediaboot interface can now be set via the newilo_kernel_paramsvariable.
Bug Fixes¶
Adds the require default kernel parameters for the
ilo-virtual-mediaboot interface.
Installs sushy-oem-idrac when the
idrachardware type is enabled.
11.0.0¶
Upgrade Notes¶
Moves installation of package dependencies for Diskimage Builder (DIB) from the
bifrost-create-dib-imagerole to thebifrost-install-ironicrole. This provides a cleaner separation between installation and image creation.
Removes support for the deprecated
iscsideploy interface.
Bug Fixes¶
Fixes a failure when building an Ubuntu image due to a missing
squashfs-toolspackage.
