Xena Series (11.0.0 - 11.2.x) Release Notes¶
11.2.2¶
Bug Fixes¶
Password files (
htpasswd
) are no longer world-readable.
Fixes the Bifrost inventory plugin to not set the
network_interface
variable since it conflicts with the Bifrost’s variable with a different meaning.
Ironic Prometheus Exporter is now run as the
ironic
user, not as root.
Fixes
bifrost-configdrives-dynamic
andbifrost-deploy-nodes-dynamic
whenuuid
is not set in the inventory file.
11.2.1¶
Bug Fixes¶
Fixed an outdated grub and shim efi binaries path for Red Hat to to be under
EFI/redhat
.
Fixes the iptables rule for PXE on systems not using firewalld (use port UDP/67 and UDP/69 instead of TCP/68 and TCP/69).
11.2.0¶
New Features¶
Adds support for using dnsmasq as a DHCP relay target via the new
dhcp_pool_mask
parameter.
Automatically configures
enabled_raid_interfaces
based on theenabled_hardware_types
.
Adds support for manually specified enabled raid interfaces via the new
enabled_raid_interfaces
parameter.
Supports customizing the TFTP directory via the new parameter
tftp_boot_folder
.
Adds a new role
bifrost-uwsgi-install
encapsulating uWSGI configuration logic.
Virtual media images are now protected by TLS when TLS support is enabled.
Known Issues¶
Fedora 34 cryptography settings may prevent it from logging into CirrOS via SSH. CirrOS images should not be used in production. If this problem affects your development environment, temporary lower the cryptography profile:
sudo update-crypto-policies --set LEGACY
Upgrade Notes¶
Fedora 34 is now tested in the CI. Fedora 32 and newer should work, but are not tested any more.
The
admin
Keystone endpoint will be upgraded from using port 35357 (a separate admin API) to use port 5000 (the default Identity API).
Switches TFTP handling from Xinetd to dnsmasq, which must be enabled for TFTP boot to work.
Keystone services are now run as separate systemd services
uwsgi@keystone-public
anduwsgi@keystone-admin
. The standaloneuwsgi
service is no longer used and is disabled on upgrade.
If
enable_tls
istrue
, virtual media images for Redfish, iDRAC-Redfish and iLO are now served via TLS using the Ironic’s TLS certificate. If this is not desired, set the new optionvmedia_enable_tls
tofalse
.The new server’s port can be configured via the new
file_url_port_tls
option.
Deprecation Notes¶
The separate Keystone admin API (served at port 35357) is deprecated and will be removed in a future release. Please update your applications to refer to port 5000 only for Keystone operations.
Bug Fixes¶
When
copy_from_local_path
is used, destination path is removed on upgrade before copying.
Fixes Fedora 34 support by switching from the removed Xinetd to dnsmasq for TFTP boot.
Fixes support for TLS
ca_cert
and other current authentication parameters in theos_ironic_node_info
module. The implementation uses utilities from the OpenStack Ansible collection.
Other Notes¶
Moves the generic code for managing Nginx into a new role
bifrost-nginx-install
.
11.1.0¶
New Features¶
Automatically configures
enabled_vendor_interfaces
based on theenabled_hardware_types
.
Adds support for manually specified enabled vendor interfaces via the new
enabled_vendor_interfaces
parameter.
Automatically configures the required management interface for the
ilo5
hardware type.
Adds
ipa_download_headers
variable to control HTTP headers used when downloading IPA images.
Kernel parameters for the
ilo-virtual-media
boot interface can now be set via the newilo_kernel_params
variable.
Bug Fixes¶
Adds the require default kernel parameters for the
ilo-virtual-media
boot interface.
Installs sushy-oem-idrac when the
idrac
hardware type is enabled.
11.0.0¶
Upgrade Notes¶
Moves installation of package dependencies for Diskimage Builder (DIB) from the
bifrost-create-dib-image
role to thebifrost-install-ironic
role. This provides a cleaner separation between installation and image creation.
Removes support for the deprecated
iscsi
deploy interface.
Bug Fixes¶
Fixes a failure when building an Ubuntu image due to a missing
squashfs-tools
package.