Yoga Series Release Notes¶
Adds a new CLI command
./bifrost-cli deploythat runs the deploy playbook, optionally specifying a custom image.
Adds a new way to specify a custom image for the
bifrost-deploy-nodes-dynamicrole by setting the new parameters
Allows customizing the configdrive URL or JSON for the
bifrost-deploy-nodes-dynamicrole by setting the new parameter
ipv4_gatewayno longer have default values. If needed, specify them explicitly.
When TLS is enabled, Ironic and Inspector now serve their API via unix sockets in the
/run/ironicdirectory instead of private TCP ports on localhost. The public API is served by Nginx.
deploy_imageparameter of the
bifrost-deploy-nodes-dynamicrole is deprecated in favour of
When several SSH public keys are available, prefers modern algorithms rather than RSA. This fixes logging in Cirros on CentOS 9.
Fixes the Bifrost inventory plugin to not set the
network_interfacevariable since it conflicts with the Bifrost’s variable with a different meaning.
uuidis not set in the inventory file.
Adds support for setting root filesystem’s UUID that can be deployed on top of software RAID based root disk device.
Bifrost now starts a single Ironic process rather than separate API and conductor.
bifrost-cli installcommand now generates an environment file (
bifrost-install-env.jsonby default, can be changed with the
--outputargument) with the variables used during installation.
Adds basic support for running bifrost on CentOS Stream 9.
Add a boolean variable
enable_epelthat allows to enable the epel repository for CentOS Stream 8/9. Since we need that only when building a debian-based IPA image, the default value is set to
install_diband its installation depends on the value of the dib_os_element used.
TLS (when enabled) is now handled by Nginx in proxy mode rather than services themselves.
A bug in the upgrade logic could leave the old
ironic-conductorservices running. It has been fixed, but if you have already upgraded to an affected version, you need to stop the services manually using
On upgrade, the existing API and conductor services will be disabled and a single combined
ironicprocess will be started instead.
In your inventory files, please remove sub-sections
driver_info. Instead, just place all fields under
Removes the deprecated Ansible module
JSON RPC is now available only on localhost and without TLS. If you need it exposed to the network (i.e. you’re using Bifrost in a multi-node setting), set
The location of the HTTP boot directory has been changed to
/var/lib/ironic/httpboot. Please avoid running cleanings or deployments during the upgrade, otherwise PXE booting may fail until Ironic rebuilds the iPXE configuration.
Any custom images will not be migrated from the old location
/httpboot, please migrate them manually if needed. You may remove the old location after the upgrade.
TinyIPA (an IPA image based on TinyCoreLinux) is no longer used by default. Instead, a CentOS image published by the Ironic community is used, unless
use_tinyipais set to
The TinyIPA image is much lighter, but is not suitable for real bare metal machines because of lack of drivers.
The location of the PXE boot directory has been changed to
Modification to the Bifrost virtual environment (
/opt/stack/bifrostby default) will now need
sudoas the directory is now owned by root.
The deprecated and non-functioning variable
ANSIBLE_INSTALL_ROOTis no longer supported.
CentOS Stream 8 and Python 3.6 support is now deprecated and will be best-effort starting with the Z cycle.
Bifrost no longer defaults to using sub-sections
Password files (
htpasswd) are no longer world-readable.
Makes sure the image cache directories are on the same filesystem as the PXE/HTTP directories to avoid the “Invalid cross-device link” error.
The keystone configuration is no longer world-readable.
The keystone process now runs as the
keystoneuser, not as the nginx user.
The TFTP and HTTP directories are no longer world-readable by default. Set
Ironic Prometheus Exporter is now run as the
ironicuser, not as root.
Ironic Prometheus Exporter, Ironic Inspector, Staging Drivers and Keystone are no longer cloned if they are not enabled.
Actually respects the
The Bifrost virtual environment (
/opt/stack/bifrostby default) is no longer owned (and thus writable) by the regular user that started the installation.
Ansible 4 is now supported and used by default.
Debian Bullseye (11.0) is now supported as a base operating system.
A separate Keystone admin service is no longer installed and will be disabled on upgrade. The main Keystone service can be used instead.
Bifrost now uses UEFI by default. Set
biosor use the
--legacy-bootCLI flag to override.
Using legacy boot is deprecated, although we don’t have immediate plans to remove its support. Please consider using UEFI.
Support for distributions using Python 3.6, namely Ubuntu Bionic, Debian 10 “Buster” and openSUSE 15.2/15.3, has been deprecated and may be removed at any moment.
Support for Fedora has been deprecated, please use CentOS Stream 8.
Fixes an outdated grub and shim efi binaries path for Red Hat to be under
Fixes the iptables rule for PXE on systems not using firewalld (use port UDP/67 and UDP/69 instead of TCP/68 and TCP/69).
No longer installs
/etc/ironic/boot.ipxe, relying on the boot script generated by Ironic instead.
The redfish emulator now has authentication enabled by default.