Yoga Series Release Notes¶
14.0.0-11¶
Bug Fixes¶
Bifrost no longers installs GRUB2 and shim on the host system, avoding potential issues with a local bootloader.
14.0.0¶
New Features¶
Adds a new CLI command
./bifrost-cli deploy
that runs the deploy playbook, optionally specifying a custom image.
Adds a new way to specify a custom image for the
bifrost-deploy-nodes-dynamic
role by setting the new parametersdeploy_image_source
anddeploy_image_checksum
.
Allows customizing the configdrive URL or JSON for the
bifrost-deploy-nodes-dynamic
role by setting the new parameterdeploy_config_drive
.
Upgrade Notes¶
The parameters
network_mtu
,ipv4_nameserver
andipv4_gateway
no longer have default values. If needed, specify them explicitly.
When TLS is enabled, Ironic and Inspector now serve their API via unix sockets in the
/run/ironic
directory instead of private TCP ports on localhost. The public API is served by Nginx.
Deprecation Notes¶
The
deploy_image
parameter of thebifrost-deploy-nodes-dynamic
role is deprecated in favour ofdeploy_image_path
.
Bug Fixes¶
When several SSH public keys are available, prefers modern algorithms rather than RSA. This fixes logging in Cirros on CentOS 9.
Fixes the Bifrost inventory plugin to not set the
network_interface
variable since it conflicts with the Bifrost’s variable with a different meaning.
Fixes
bifrost-configdrives-dynamic
andbifrost-deploy-nodes-dynamic
whenuuid
is not set in the inventory file.
13.0.0¶
New Features¶
Adds support for setting root filesystem’s UUID that can be deployed on top of software RAID based root disk device.
Bifrost now starts a single Ironic process rather than separate API and conductor.
The
bifrost-cli install
command now generates an environment file (bifrost-install-env.json
by default, can be changed with the--output
argument) with the variables used during installation.
Adds basic support for running bifrost on CentOS Stream 9.
Add a boolean variable
enable_epel
that allows to enable the epel repository for CentOS Stream 8/9. Since we need that only when building a debian-based IPA image, the default value is set toinstall_dib
and its installation depends on the value of the dib_os_element used.
TLS (when enabled) is now handled by Nginx in proxy mode rather than services themselves.
Known Issues¶
A bug in the upgrade logic could leave the old
ironic-api
andironic-conductor
services running. It has been fixed, but if you have already upgraded to an affected version, you need to stop the services manually usingsystemctl
.
Upgrade Notes¶
On upgrade, the existing API and conductor services will be disabled and a single combined
ironic
process will be started instead.
In your inventory files, please remove sub-sections
power
,console
andmanagement
fromdriver_info
. Instead, just place all fields underdriver_info
directly.
Removes the deprecated Ansible module
os_ironic_facts
.
JSON RPC is now available only on localhost and without TLS. If you need it exposed to the network (i.e. you’re using Bifrost in a multi-node setting), set
expose_json_rpc
totrue
.
The location of the HTTP boot directory has been changed to
/var/lib/ironic/httpboot
. Please avoid running cleanings or deployments during the upgrade, otherwise PXE booting may fail until Ironic rebuilds the iPXE configuration.Any custom images will not be migrated from the old location
/httpboot
, please migrate them manually if needed. You may remove the old location after the upgrade.
TinyIPA (an IPA image based on TinyCoreLinux) is no longer used by default. Instead, a CentOS image published by the Ironic community is used, unless
use_tinyipa
is set totrue
.The TinyIPA image is much lighter, but is not suitable for real bare metal machines because of lack of drivers.
The location of the PXE boot directory has been changed to
/var/lib/tftpboot
.
Modification to the Bifrost virtual environment (
/opt/stack/bifrost
by default) will now needsudo
as the directory is now owned by root.
The deprecated and non-functioning variable
ANSIBLE_INSTALL_ROOT
is no longer supported.
Deprecation Notes¶
CentOS Stream 8 and Python 3.6 support is now deprecated and will be best-effort starting with the Z cycle.
Bug Fixes¶
Bifrost no longer defaults to using sub-sections
power
,console
andmanagement
underdriver_info
in inventory.
Password files (
htpasswd
) are no longer world-readable.
Makes sure the image cache directories are on the same filesystem as the PXE/HTTP directories to avoid the “Invalid cross-device link” error.
The keystone configuration is no longer world-readable.
The keystone process now runs as the
keystone
user, not as the nginx user.
The TFTP and HTTP directories are no longer world-readable by default. Set
boot_folder_permissions
to override.
Ironic Prometheus Exporter is now run as the
ironic
user, not as root.
Ironic Prometheus Exporter, Ironic Inspector, Staging Drivers and Keystone are no longer cloned if they are not enabled.
Actually respects the
prometheus_exporter_source_install
variable.
The Bifrost virtual environment (
/opt/stack/bifrost
by default) is no longer owned (and thus writable) by the regular user that started the installation.
12.0.0¶
New Features¶
Ansible 4 is now supported and used by default.
Debian Bullseye (11.0) is now supported as a base operating system.
Upgrade Notes¶
A separate Keystone admin service is no longer installed and will be disabled on upgrade. The main Keystone service can be used instead.
Bifrost now uses UEFI by default. Set
default_boot_mode
tobios
or use the--legacy-boot
CLI flag to override.
Deprecation Notes¶
Using legacy boot is deprecated, although we don’t have immediate plans to remove its support. Please consider using UEFI.
Support for distributions using Python 3.6, namely Ubuntu Bionic, Debian 10 “Buster” and openSUSE 15.2/15.3, has been deprecated and may be removed at any moment.
Support for Fedora has been deprecated, please use CentOS Stream 8.
Bug Fixes¶
Fixes an outdated grub and shim efi binaries path for Red Hat to be under
EFI/redhat
.
Fixes the iptables rule for PXE on systems not using firewalld (use port UDP/67 and UDP/69 instead of TCP/68 and TCP/69).
Other Notes¶
No longer installs
/etc/ironic/boot.ipxe
, relying on the boot script generated by Ironic instead.
The redfish emulator now has authentication enabled by default.