Yoga Series Release Notes

14.0.0

New Features

  • Adds a new CLI command ./bifrost-cli deploy that runs the deploy playbook, optionally specifying a custom image.

  • Adds a new way to specify a custom image for the bifrost-deploy-nodes-dynamic role by setting the new parameters deploy_image_source and deploy_image_checksum.

  • Allows customizing the configdrive URL or JSON for the bifrost-deploy-nodes-dynamic role by setting the new parameter deploy_config_drive.

Upgrade Notes

  • The parameters network_mtu, ipv4_nameserver and ipv4_gateway no longer have default values. If needed, specify them explicitly.

  • When TLS is enabled, Ironic and Inspector now serve their API via unix sockets in the /run/ironic directory instead of private TCP ports on localhost. The public API is served by Nginx.

Deprecation Notes

  • The deploy_image parameter of the bifrost-deploy-nodes-dynamic role is deprecated in favour of deploy_image_path.

Bug Fixes

  • When several SSH public keys are available, prefers modern algorithms rather than RSA. This fixes logging in Cirros on CentOS 9.

  • Fixes the Bifrost inventory plugin to not set the network_interface variable since it conflicts with the Bifrost’s variable with a different meaning.

  • Fixes bifrost-configdrives-dynamic and bifrost-deploy-nodes-dynamic when uuid is not set in the inventory file.

13.0.0

New Features

  • Adds support for setting root filesystem’s UUID that can be deployed on top of software RAID based root disk device.

  • Bifrost now starts a single Ironic process rather than separate API and conductor.

  • The bifrost-cli install command now generates an environment file (bifrost-install-env.json by default, can be changed with the --output argument) with the variables used during installation.

  • Adds basic support for running bifrost on CentOS Stream 9.

  • Add a boolean variable enable_epel that allows to enable the epel repository for CentOS Stream 8/9. Since we need that only when building a debian-based IPA image, the default value is set to install_dib and its installation depends on the value of the dib_os_element used.

  • TLS (when enabled) is now handled by Nginx in proxy mode rather than services themselves.

Known Issues

  • A bug in the upgrade logic could leave the old ironic-api and ironic-conductor services running. It has been fixed, but if you have already upgraded to an affected version, you need to stop the services manually using systemctl.

Upgrade Notes

  • On upgrade, the existing API and conductor services will be disabled and a single combined ironic process will be started instead.

  • In your inventory files, please remove sub-sections power, console and management from driver_info. Instead, just place all fields under driver_info directly.

  • Removes the deprecated Ansible module os_ironic_facts.

  • JSON RPC is now available only on localhost and without TLS. If you need it exposed to the network (i.e. you’re using Bifrost in a multi-node setting), set expose_json_rpc to true.

  • The location of the HTTP boot directory has been changed to /var/lib/ironic/httpboot. Please avoid running cleanings or deployments during the upgrade, otherwise PXE booting may fail until Ironic rebuilds the iPXE configuration.

    Any custom images will not be migrated from the old location /httpboot, please migrate them manually if needed. You may remove the old location after the upgrade.

  • TinyIPA (an IPA image based on TinyCoreLinux) is no longer used by default. Instead, a CentOS image published by the Ironic community is used, unless use_tinyipa is set to true.

    The TinyIPA image is much lighter, but is not suitable for real bare metal machines because of lack of drivers.

  • The location of the PXE boot directory has been changed to /var/lib/tftpboot.

  • Modification to the Bifrost virtual environment (/opt/stack/bifrost by default) will now need sudo as the directory is now owned by root.

  • The deprecated and non-functioning variable ANSIBLE_INSTALL_ROOT is no longer supported.

Deprecation Notes

  • CentOS Stream 8 and Python 3.6 support is now deprecated and will be best-effort starting with the Z cycle.

Bug Fixes

  • Bifrost no longer defaults to using sub-sections power, console and management under driver_info in inventory.

  • Password files (htpasswd) are no longer world-readable.

  • Makes sure the image cache directories are on the same filesystem as the PXE/HTTP directories to avoid the “Invalid cross-device link” error.

  • The keystone configuration is no longer world-readable.

  • The keystone process now runs as the keystone user, not as the nginx user.

  • The TFTP and HTTP directories are no longer world-readable by default. Set boot_folder_permissions to override.

  • Ironic Prometheus Exporter is now run as the ironic user, not as root.

  • Ironic Prometheus Exporter, Ironic Inspector, Staging Drivers and Keystone are no longer cloned if they are not enabled.

  • Actually respects the prometheus_exporter_source_install variable.

  • The Bifrost virtual environment (/opt/stack/bifrost by default) is no longer owned (and thus writable) by the regular user that started the installation.

12.0.0

New Features

  • Ansible 4 is now supported and used by default.

  • Debian Bullseye (11.0) is now supported as a base operating system.

Upgrade Notes

  • A separate Keystone admin service is no longer installed and will be disabled on upgrade. The main Keystone service can be used instead.

  • Bifrost now uses UEFI by default. Set default_boot_mode to bios or use the --legacy-boot CLI flag to override.

Deprecation Notes

  • Using legacy boot is deprecated, although we don’t have immediate plans to remove its support. Please consider using UEFI.

  • Support for distributions using Python 3.6, namely Ubuntu Bionic, Debian 10 “Buster” and openSUSE 15.2/15.3, has been deprecated and may be removed at any moment.

  • Support for Fedora has been deprecated, please use CentOS Stream 8.

Bug Fixes

  • Fixes an outdated grub and shim efi binaries path for Red Hat to be under EFI/redhat.

  • Fixes the iptables rule for PXE on systems not using firewalld (use port UDP/67 and UDP/69 instead of TCP/68 and TCP/69).

Other Notes

  • No longer installs /etc/ironic/boot.ipxe, relying on the boot script generated by Ironic instead.

  • The redfish emulator now has authentication enabled by default.