[release-announce] bifrost 8.3.0 (victoria)
no-reply at openstack.org
no-reply at openstack.org
Thu Aug 13 16:21:58 UTC 2020
We are jazzed to announce the release of:
bifrost 8.3.0: Deployment of physical machines using OpenStack Ironic
and Ansible
This release is part of the victoria release series.
The source is available from:
https://opendev.org/openstack/bifrost
Download the package from:
https://tarballs.openstack.org/bifrost/
Please report issues through:
https://storyboard.openstack.org/#!/project/openstack/bifrost
For more details, please see below.
8.3.0
^^^^^
New Features
************
* Adds support for configuring credential-less deploy via the new
"agent" power interface and the "manual-management" hardware type.
* Extra parameters for ansible can now be passed to "bifrost-cli"
via the "-e"/"--extra-vars" flag. The format is the same as for
ansible- playbook.
* Metadata cleaning is now enabled by default, set "cleaning" to
"false" to disable completely.
* To enable full disk cleaning, set "cleaning_disk_erase" to "true".
* The new parameter "default_boot_mode" allows specifying the
default boot mode: "uefi" or "bios".
* Set the new parameter "developer_mode" to "true" to make all
packages installed from source to be installed with the "--editable"
flag. The corresponding "bifrost-cli" argument is "--develop".
* The new variable "git_url_root" allows overriding the root URL for
all repositories (e.g. changing the default "https://opendev.org" to
a local path).
* HTTP basic authentication for API services is now supported in
addition to no authentication and Keystone. It is triggered by
setting "noauth_mode=false" with "enable_keystone=false".
* Installations with "bifrost-cli" now use HTTP basic authentication
if Keystone is disabled.
* The ramdisk logs for inspection are now stored by default in
"/var/log/ironic-inspector/ramdisk".
* If "keystone_lockout_security_attempts" is enabled, the amount of
time the account stays locked is now regulated by the new parameter
"keystone_lockout_duration" (defaulting to 1800 seconds).
* Deploy/cleaning ramdisk logs are now always stored by default, use
"ironic_store_ramdisk_logs" to override.
* Added creation of a symbolic link from $VENV/collections directory
which contains ansible collections to the playbooks subdirectory of
bifrost. This is done in the env-setup.sh script.
* The "bifrost-create-vm-nodes" role now supports redfish emulation,
set "test_vm_node_driver=redfish" (or "--driver=redfish" for
"bifrost-cli testenv") to use.
* The new parameter "default_boot_mode" allows specifying the
default boot mode: "uefi" or "bios".
Upgrade Notes
*************
* The variable "ci_testing" is no longer taken into account by the
roles. Use the existing "copy_from_local_path" if you need Bifrost
to copy repositories from their pre-cached locations.
* If you use "cleaning=true" to enable full disk cleaning, you need
to also set "cleaning_disk_erase=true" now. Omitting it will result
in only metadata cleaning enabled.
* All services now use *journald* logging by default, "ironic-
api.log" and "ironic-conductor.log" are no longer populated. Use
"ironic_log_dir" and "inspector_log_dir" to override.
* The ramdisk logs for deploy/cleaning are now by default stored in
"/var/log/ironic/deploy".
* The "inspector_user" user is not created by default any more. Use
"bifrost_user" instead.
* If you're relying on default passwords (e.g. for the database or
keystone passwords), they will be changed on upgrade. Please use
explicit values if you want to avoid it.
* OpenStackSDK is now installed from PyPI by default, set
"openstacksdk_source_install=true" to override.
* Previously installation used to be skipped completely if the
"skip_install" variable is defined, independent of its value. This
has been fixed, and now installation is only skipped if
"skip_install" is defined and equals "true".
Deprecation Notes
*****************
* Deprecates providing inspector discovery parameters via
"inspector[discovery]", use explicit variables instead.
* Bifrost will switch to HTTP basic authentication by default in the
future. If you want to avoid it, please set "noauth_mode" to "false"
explicitly.
* The "ironic_db_password" parameter is deprecated, please use
"service_password" to set a password to use between services or
override the whole "ironic" and "keystone" objects.
Security Issues
***************
* Uses mode 0700 for the inspector log directories to prevent them
from being world readable.
* When using Keystone, no longer locks users out of their accounts
on 3 unsuccessful attempts to log in. This creates a very trivially
exploitable denial-of-service issue. Use
"keystone_lockout_security_attempts" to re-enable (not recommended).
* Uses mode 0700 for the ironic log directories to prevent them from
being world readable.
* Random passwords are now generated by default instead of using a
constant. The same parameters as before can be used to override
them.
Bug Fixes
*********
* No longer clones repositories with corresponding
"*_source_install" variables set to "false".
* Ironic Staging Drivers are now installed from source by default
since they are released very infrequently (usually once per cycle).
* The addition of the symbolic link makes bifrost playbooks
independent of the ANSIBLE_COLLECTIONS_PATHS environment variable
which wasn't reliably set in some environments.
* Removing dependency on libselinux-python for Fedora OS family.
This package is no longer present in Fedora 32 and was causing
installation failures. It is safe to remove as it is used with
python2 only.
* On systems with SELinux enforcing, enables nginx to read symbolic
links. Fixes network boot of instances.
Other Notes
***********
* The role "bifrost-openstack-ci-prep" has been removed. It was only
used in the upstream CI context and is no longer required.
* The variable "ci_testing_zuul" is no longer used or set.
* The version of cirros used by default is now 0.5.1 (instead of
0.4.0).
* Bifrost now uses the equivalent modules from the openstack.cloud
collection. The change on modules is listed below.
* *os_client_config* is *config*
* *os_ironic* is *baremetal_node*
* *os_ironic_inspect* is *baremetal_inspect*
* *os_ironic_node* is *baremetal_node_action*
* *os_keystone_role* is *identity_role*
* *os_keystone_service* is *catalog_service*
* *os_user* is *identity_user*
* *os_user_role* is *role_assignment*
Changes in bifrost 8.2.0..8.3.0
-------------------------------
bcda97b Support HTTP basic auth and switch bifrost-cli to it
02fb11f Support redfish emulation and run the keystone jobs with redfish
9f62bc9 Support default_boot_mode and prepare the CI for different boot modes
a52b831 Change to "collections" where needed
73d71b2 Clean up bindep.txt
d6f0551 Dynamic roles: consolidate auth parameters in one place
1dc4564 Add developer mode to bifrost
da35932 Clean up requirements
0d3cf24 Install openstacksdk from pypi by default
77d09f0 Remove upstart templates
33a63bc Make ironic logging more in line with other services.
e816543 Add non-voting jobs with the openstack ansible collection from source
42f6d94 Consolidate env-setup
29cbe1b Support installing the openstack collection from a local location
fbb66d1 Add ansible collections symlink to .gitignore
2a6fc72 Use random passwords by default
90ec389 Switch bifrost to openstack.cloud collections
1606aad Store inspector ramdisk logs by default
112932d Enable debug logging in virtualbmc
92ec342 Correct handling of inspect_nodes in test-bifrost.yaml
ac2c136 bifrost_inventory: use stderr for logging
c331093 Create symlink to ansible collections on install
3c5377c Auto-set ansible_python_interpreter when in venv
3657bf7 Support configuring credential-less deploy
716f0fe Disable keystone account locking by default
639d9a5 Make ansible ask for sudo password
b67115d Support extra-vars in bifrost-cli
e3f5984 Expand advanced install instructions
e03d187 Update to cirros 0.5.1
d5b49bd Enable metadata cleaning by default
fc2b247 Make skip_install a normal boolean variable
8210ff3 selinux: allow nginx to read symbolic links
6610cf4 Rework installation documentation for an easier start
df9c0d4 Set min version of tox to 3.2.1
f4f456d Removing libselinux-python package from Fedora dependencies
a47db1e Account for bugfix branches in bifrost-cli
9e9249c Add git_url_root to override root for all repositories at once
ab69cca Get rid of ci_testing variable in roles
9b1d1d5 Do not clone repos with source_install==false
12bbea5 Remove bifrost-openstack-ci-prep role
Diffstat (except docs and test files)
-------------------------------------
.gitignore | 1 +
...nts.yml => ansible-collections-requirements.yml | 0
bifrost/cli.py | 50 +++-
bifrost/inventory.py | 1 +
bindep.txt | 13 +-
lower-constraints.txt | 7 +-
playbooks/ci/run.yaml | 3 +
playbooks/install.yaml | 3 +-
playbooks/inventory/group_vars/localhost | 4 +-
playbooks/inventory/group_vars/target | 4 +-
playbooks/redeploy-dynamic.yaml | 1 -
playbooks/roles/bifrost-cloud-config/README.md | 89 +++++++
.../roles/bifrost-cloud-config/defaults/main.yml | 2 +
.../roles/bifrost-cloud-config/tasks/main.yml | 62 +++++
.../bifrost-configdrives-dynamic/defaults/main.yml | 8 +-
.../tasks/update_facts_from_ironic.yaml | 26 +-
.../defaults/main.yml | 5 +
.../bifrost-create-dib-image/defaults/main.yml | 1 +
.../bifrost-create-vm-nodes/defaults/main.yml | 10 +-
.../defaults/required_defaults_CentOS.yml | 1 +
.../defaults/required_defaults_Debian.yml | 3 +
.../defaults/required_defaults_Fedora.yml | 3 +-
.../defaults/required_defaults_RedHat.yml | 1 +
.../defaults/required_defaults_Suse.yml | 3 +
.../defaults/required_defaults_Ubuntu_20.04.yml | 3 +
.../bifrost-create-vm-nodes/tasks/create_vm.yml | 12 +-
.../roles/bifrost-create-vm-nodes/tasks/main.yml | 11 +-
.../tasks/prepare_libvirt.yml | 68 +++++-
.../templates/redfish-emulator.conf.j2 | 11 +
.../templates/redfish-emulator.service.j2 | 15 ++
.../templates/virtualbmc.conf | 2 +
.../roles/bifrost-deploy-nodes-dynamic/README.md | 2 +-
.../bifrost-deploy-nodes-dynamic/defaults/main.yml | 7 +-
.../bifrost-deploy-nodes-dynamic/tasks/main.yml | 29 +--
playbooks/roles/bifrost-ironic-install/README.md | 29 ++-
.../roles/bifrost-ironic-install/defaults/main.yml | 128 +++++-----
.../defaults/required_defaults_Debian_family.yml | 1 +
.../defaults/required_defaults_Fedora.yml | 2 +-
.../defaults/required_defaults_RedHat_family.yml | 1 +
.../defaults/required_defaults_Suse_family.yml | 1 +
.../defaults/required_defaults_Ubuntu.yml | 1 +
.../bifrost-ironic-install/files/ironic_policy.te | 4 +-
.../bifrost-ironic-install/tasks/bootstrap.yml | 59 +++--
.../bifrost-ironic-install/tasks/hw_types.yml | 8 +
.../tasks/inspector_bootstrap.yml | 43 +++-
.../roles/bifrost-ironic-install/tasks/install.yml | 8 +-
.../tasks/keystone_setup.yml | 15 +-
.../tasks/keystone_setup_inspector.yml | 11 +-
.../templates/ironic-inspector.conf.j2 | 23 +-
.../templates/ironic.conf.j2 | 58 ++++-
.../templates/upstart_template.j2 | 10 -
.../defaults/main.yml | 18 ++
.../templates/clouds.yaml.j2 | 23 +-
.../templates/openrc.j2 | 25 +-
.../bifrost-keystone-install/defaults/main.yml | 25 +-
.../bifrost-keystone-install/tasks/install.yml | 2 +-
.../roles/bifrost-keystone-install/tasks/main.yml | 26 ++
.../templates/keystone.conf.j2 | 5 +-
.../templates/upstart_template.j2 | 10 -
.../roles/bifrost-openstack-ci-prep/README.md | 80 -------
.../bifrost-openstack-ci-prep/defaults/main.yml | 3 -
.../roles/bifrost-openstack-ci-prep/meta/main.yml | 15 --
.../roles/bifrost-openstack-ci-prep/tasks/main.yml | 49 ----
.../roles/bifrost-pip-install/defaults/main.yml | 3 +
playbooks/roles/bifrost-pip-install/tasks/main.yml | 7 +-
playbooks/roles/bifrost-prep-for-install/README.md | 20 +-
.../bifrost-prep-for-install/defaults/main.yml | 47 +++-
.../roles/bifrost-prep-for-install/tasks/main.yml | 4 +-
.../defaults/main.yml | 5 +
playbooks/roles/bifrost-rabbitmq/defaults/main.yml | 5 +
.../defaults/main.yml | 7 +-
.../tasks/main.yml | 25 +-
.../roles/ironic-delete-dynamic/defaults/main.yml | 6 +-
.../roles/ironic-delete-dynamic/tasks/main.yml | 24 +-
.../roles/ironic-enroll-dynamic/defaults/main.yml | 8 +-
.../roles/ironic-enroll-dynamic/tasks/main.yml | 22 +-
.../roles/ironic-inspect-node/defaults/main.yml | 5 +
playbooks/roles/ironic-inspect-node/tasks/main.yml | 42 +---
playbooks/test-bifrost-create-vm.yaml | 7 +-
playbooks/test-bifrost.yaml | 49 +---
.../notes/agent-power-0773acb338ae4169.yaml | 9 +
.../notes/bifrost-cli-extra-19fd989a05b2e4b4.yaml | 6 +
...bifrost-openstack-ci-prep-172cbb159e0a2b78.yaml | 5 +
.../notes/ci-testing-faa63db25ebc94df.yaml | 9 +
.../notes/cirros-0.5.1-d09a433cbea1a3b9.yaml | 4 +
releasenotes/notes/cleaning-9b4241342320f315.yaml | 12 +
.../notes/default-boot-mode-5561325f68224719.yaml | 5 +
.../notes/developer-mode-000e7a125642b9e1.yaml | 6 +
.../notes/git-url-root-c81478d395f66e46.yaml | 6 +
.../notes/http-basic-40df399ea63956aa.yaml | 14 ++
.../inspector-ramdisk-logs-0db7c111fd455cec.yaml | 9 +
.../notes/keystone-lockout-c8a26a09e0f0560b.yaml | 12 +
releasenotes/notes/logging-bcc7d552944c94e4.yaml | 17 ++
releasenotes/notes/no-clone-cebedc81211dcfa5.yaml | 8 +
.../notes/random-passwords-b33b8de010ee82b6.yaml | 18 ++
.../notes/releasenote-4812959d071329fc.yaml | 11 +
.../notes/releasenote-94bcb2b0da207f94.yaml | 7 +
.../notes/sdk-source-1bd77dbd11b08577.yaml | 5 +
.../notes/selinux-lnk_file-527ac51c60f9c2ad.yaml | 5 +
.../notes/skip-install-bfd642f5065cf304.yaml | 7 +
...h_to_openstack_collection-a6eb3e24a68a1a82.yaml | 14 ++
.../notes/test-redfish-54ed748e2305d8eb.yaml | 9 +
requirements.txt | 7 +-
scripts/collect-test-info.sh | 27 +--
scripts/env-setup.sh | 45 ++--
scripts/test-bifrost.sh | 33 ++-
test-requirements.txt | 4 -
tox.ini | 2 +-
zuul.d/bifrost-jobs.yaml | 14 +-
zuul.d/project.yaml | 4 +
114 files changed, 1333 insertions(+), 715 deletions(-)
Requirements updates
--------------------
diff --git a/requirements.txt b/requirements.txt
index 7531fba..70f3ed9 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -7 +7,4 @@ oslo.log>=3.36.0 # Apache-2.0
-paramiko>=2.0.0 # LGPLv2.1+
+PyYAML>=3.12 # MIT
+passlib>=1.7.2 # BSD
+# TODO(dtantsur): remove pyOpenSSL when we no longer support Bionic and
+# openSUSE updates its version to at least 18.0.0.
@@ -9 +12 @@ pyOpenSSL>=18.0.0 # Apache-2.0
-setuptools!=24.0.0,!=34.0.0,!=34.0.1,!=34.0.2,!=34.0.3,!=34.1.0,!=34.1.1,!=34.2.0,!=34.3.0,!=34.3.1,!=34.3.2,!=36.2.0,>=21.0.0 # PSF/ZPL
+setuptools!=48.0.0,!=49.0.0,>=39.0.1 # PSF/ZPL
diff --git a/test-requirements.txt b/test-requirements.txt
index 08571a1..d9fdd01 100644
--- a/test-requirements.txt
+++ b/test-requirements.txt
@@ -9 +8,0 @@ doc8>=0.6.0 # Apache-2.0
-oslotest>=3.2.0 # Apache-2.0
@@ -11,2 +9,0 @@ stestr>=2.0.0 # Apache-2.0
-testrepository>=0.0.18 # Apache-2.0/BSD
-testscenarios>=0.4 # Apache-2.0/BSD
@@ -14 +10,0 @@ testtools>=2.2.0 # MIT
-PyYAML>=3.12 # MIT
More information about the Release-announce
mailing list