Yoga Series Release Notes¶
14.0.0-11¶
Bug Fixes¶
Bifrost no longers installs GRUB2 and shim on the host system, avoding potential issues with a local bootloader.
14.0.0¶
New Features¶
Adds a new CLI command
./bifrost-cli deploythat runs the deploy playbook, optionally specifying a custom image.
Adds a new way to specify a custom image for the
bifrost-deploy-nodes-dynamicrole by setting the new parametersdeploy_image_sourceanddeploy_image_checksum.
Allows customizing the configdrive URL or JSON for the
bifrost-deploy-nodes-dynamicrole by setting the new parameterdeploy_config_drive.
Upgrade Notes¶
The parameters
network_mtu,ipv4_nameserverandipv4_gatewayno longer have default values. If needed, specify them explicitly.
When TLS is enabled, Ironic and Inspector now serve their API via unix sockets in the
/run/ironicdirectory instead of private TCP ports on localhost. The public API is served by Nginx.
Deprecation Notes¶
The
deploy_imageparameter of thebifrost-deploy-nodes-dynamicrole is deprecated in favour ofdeploy_image_path.
Bug Fixes¶
When several SSH public keys are available, prefers modern algorithms rather than RSA. This fixes logging in Cirros on CentOS 9.
Fixes the Bifrost inventory plugin to not set the
network_interfacevariable since it conflicts with the Bifrost’s variable with a different meaning.
Fixes
bifrost-configdrives-dynamicandbifrost-deploy-nodes-dynamicwhenuuidis not set in the inventory file.
13.0.0¶
New Features¶
Adds support for setting root filesystem’s UUID that can be deployed on top of software RAID based root disk device.
Bifrost now starts a single Ironic process rather than separate API and conductor.
The
bifrost-cli installcommand now generates an environment file (bifrost-install-env.jsonby default, can be changed with the--outputargument) with the variables used during installation.
Adds basic support for running bifrost on CentOS Stream 9.
Add a boolean variable
enable_epelthat allows to enable the epel repository for CentOS Stream 8/9. Since we need that only when building a debian-based IPA image, the default value is set toinstall_diband its installation depends on the value of the dib_os_element used.
TLS (when enabled) is now handled by Nginx in proxy mode rather than services themselves.
Known Issues¶
A bug in the upgrade logic could leave the old
ironic-apiandironic-conductorservices running. It has been fixed, but if you have already upgraded to an affected version, you need to stop the services manually usingsystemctl.
Upgrade Notes¶
On upgrade, the existing API and conductor services will be disabled and a single combined
ironicprocess will be started instead.
In your inventory files, please remove sub-sections
power,consoleandmanagementfromdriver_info. Instead, just place all fields underdriver_infodirectly.
Removes the deprecated Ansible module
os_ironic_facts.
JSON RPC is now available only on localhost and without TLS. If you need it exposed to the network (i.e. you’re using Bifrost in a multi-node setting), set
expose_json_rpctotrue.
The location of the HTTP boot directory has been changed to
/var/lib/ironic/httpboot. Please avoid running cleanings or deployments during the upgrade, otherwise PXE booting may fail until Ironic rebuilds the iPXE configuration.Any custom images will not be migrated from the old location
/httpboot, please migrate them manually if needed. You may remove the old location after the upgrade.
TinyIPA (an IPA image based on TinyCoreLinux) is no longer used by default. Instead, a CentOS image published by the Ironic community is used, unless
use_tinyipais set totrue.The TinyIPA image is much lighter, but is not suitable for real bare metal machines because of lack of drivers.
The location of the PXE boot directory has been changed to
/var/lib/tftpboot.
Modification to the Bifrost virtual environment (
/opt/stack/bifrostby default) will now needsudoas the directory is now owned by root.
The deprecated and non-functioning variable
ANSIBLE_INSTALL_ROOTis no longer supported.
Deprecation Notes¶
CentOS Stream 8 and Python 3.6 support is now deprecated and will be best-effort starting with the Z cycle.
Bug Fixes¶
Bifrost no longer defaults to using sub-sections
power,consoleandmanagementunderdriver_infoin inventory.
Password files (
htpasswd) are no longer world-readable.
Makes sure the image cache directories are on the same filesystem as the PXE/HTTP directories to avoid the “Invalid cross-device link” error.
The keystone configuration is no longer world-readable.
The keystone process now runs as the
keystoneuser, not as the nginx user.
The TFTP and HTTP directories are no longer world-readable by default. Set
boot_folder_permissionsto override.
Ironic Prometheus Exporter is now run as the
ironicuser, not as root.
Ironic Prometheus Exporter, Ironic Inspector, Staging Drivers and Keystone are no longer cloned if they are not enabled.
Actually respects the
prometheus_exporter_source_installvariable.
The Bifrost virtual environment (
/opt/stack/bifrostby default) is no longer owned (and thus writable) by the regular user that started the installation.
12.0.0¶
New Features¶
Ansible 4 is now supported and used by default.
Debian Bullseye (11.0) is now supported as a base operating system.
Upgrade Notes¶
A separate Keystone admin service is no longer installed and will be disabled on upgrade. The main Keystone service can be used instead.
Bifrost now uses UEFI by default. Set
default_boot_modetobiosor use the--legacy-bootCLI flag to override.
Deprecation Notes¶
Using legacy boot is deprecated, although we don’t have immediate plans to remove its support. Please consider using UEFI.
Support for distributions using Python 3.6, namely Ubuntu Bionic, Debian 10 “Buster” and openSUSE 15.2/15.3, has been deprecated and may be removed at any moment.
Support for Fedora has been deprecated, please use CentOS Stream 8.
Bug Fixes¶
Fixes an outdated grub and shim efi binaries path for Red Hat to be under
EFI/redhat.
Fixes the iptables rule for PXE on systems not using firewalld (use port UDP/67 and UDP/69 instead of TCP/68 and TCP/69).
Other Notes¶
No longer installs
/etc/ironic/boot.ipxe, relying on the boot script generated by Ironic instead.
The redfish emulator now has authentication enabled by default.
