[release-announce] bifrost 10.0.0 (wallaby)
no-reply at openstack.org
no-reply at openstack.org
Thu Dec 17 13:04:18 UTC 2020
We are ecstatic to announce the release of:
bifrost 10.0.0: Deployment of physical machines using OpenStack Ironic
and Ansible
This release is part of the wallaby release series.
The source is available from:
https://opendev.org/openstack/bifrost
Download the package from:
https://tarballs.openstack.org/bifrost/
Please report issues through:
https://storyboard.openstack.org/#!/project/openstack/bifrost
For more details, please see below.
10.0.0
^^^^^^
New Features
************
* Set the new boolean parameter "ipa_add_ssh_key" to "True" to
configure an ability to log into ramdisk with the current user's SSH
key. Only works for DIB-based ramdisks built with the "dynamic-
login" element.
* Ansible 2.10 is now supported and used by default (2.9 is still
supported).
* Adds the "--uefi" argument to "./bifrost-cli testenv" to make
testing VMs boot in the UEFI mode.
* Adds the "--uefi" argument to "./bifrost-cli install" to make
ironic use UEFI by default.
* Enables support for "redfish-virtual-media" in legacy (BIOS) boot
mode.
* Adds support for testing bifrost with UEFI secure boot enabled in
VMs. Requires an IPA ramdisk with kernel signed by a key recognized
by GRUB2 on the host machine.
* Adds support for emulating UEFI bare metal machines in the testing
environment. Pass "default_boot_mode=uefi" to enable.
* Adds support for Redfish virtual media in UEFI mode.
Known Issues
************
* UEFI testing with network boot does not work on Ubuntu Focal
because of TFTP issues.
Upgrade Notes
*************
* Following an announcement (https://lists.centos.org/pipermail
/centos-announce/2020-December/048208.html) by the CentOS project,
Bifrost has switched to CentOS Stream for testing. Regular CentOS is
no longer tested in the CI, meaning that both it and RHEL will only
be tested indirectly and supported on the best effort basis.
* The role "bifrost-create-bootable-image", marked as legacy since
2015, has been removed. Please use diskimage-builder or other
external tools to build your images.
* Bifrost now uses HTTP basic authentication by default. The
generated credentials will be stored in
"~/.config/openstack/clouds.yaml". Use "noauth_mode=true" with
"enable_keystone=false" to disable authentication.
Deprecation Notes
*****************
* Fedora 30 has reached end-of-life and is no longer explicitly
tested. Its support will be removed in one of the future releases.
* openSUSE Leap 15.1 is reaching end-of-life and is no longer
explicitly tested. Its support will be removed in one of the future
releases.
Bug Fixes
*********
* Unsets the "OS_CLOUD" variable in the generated "openrc".
* "OS_AUTH_TYPE" is now always set in the generated "openrc".
* FirewallD is now used on Fedora 32 and newer to fix firewall
issues.
* Fixes an issue with the Bifrost inventory plugin when used with
"BIFROST_INVENTORY_SOURCE=ironic". All node fields are now returned
as facts, as in Ussuri and earlier releases. See story 2008394 for
details.
* Copies ironic-lib rootwrap.d filters to the correct location.
* Correctly copies rootwrap.d filters on upgrade.
* Fixes SELinux context not being applied to /httpboot and
/tftpboot. This renders the "ironic_policy" module unnecessary, and
it has been removed.
* Ensures that the checksums file has the correct ownership.
* Explicitly opens ports 68 and 69 in firewall on systems not using
firewalld (e.g. Ubuntu).
* Fixes "PATH" to always include the virtual environment when
running validations.
Other Notes
***********
* Fedora 32 and openSUSE Leap 15.2 have been added to the supported
OS list.
Changes in bifrost 9.0.0..10.0.0
--------------------------------
aa727de7 Switch to using authentication by default
50400ae1 Update lower-constraints from an up-to-date environment
72c16562 Switch to CentOS 8 Stream for testing
95b69e2b Fix two CI issues
71e26d17 Fix missing node facts with BIFROST_INVENTORY_SOURCE=ironic
b604f66e Allow inserting SSH public key for dynamic-login
faa328d4 Support UEFI in bifrost-cli and document it
e5f0b8d6 Expand testenv documentation
17d43324 Fix handling rootwrap.d filters
fa7e9404 CI: set BIFROST_TRACE for debugging output
5a68e6ea selinux: add inspector and IPA ports to http_port_t type
e3fd08fa Ensure the correct SELinux context for /httpboot and /tftpboot
a03335c4 test-bifrost: make sure selinux is enforcing
71b86a31 Recognize TOX_CONSTRAINTS_FILE as a valid constraints variable
81999de9 Specify the collections version more explicitly
fefb26f6 Support testing secure boot
fd530ac5 Support Ansible 2.10
d45e6c49 Change the machine type to q35 to support UEFI on CentOS
6486aaa5 Fix discrepancy in kernel params for PXE and Redfish
810370b5 Update TOX_CONSTRAINTS_FILE
912d8d4d Remove bifrost-create-bootable-image
e211e66a Fix invalid invocation of the shell command
28ff3bd0 Redfish virtual media boot in UEFI
b2c9a973 Specify mandatory name parameter for virt_net
a2bfc586 Add a CI job with Redfish and UEFI
acda312a Explicitly open ports 68 and 69 on Ubuntu
0463cd18 Switch to firewalld for Fedora >= 32
e6ff6912 Ensure PATH contains the virtual environment when validating CLI
a07750d4 Add prometheus-exporter to keystone test
2e4d8512 Stop using deprecated iPXE parameters
35998b78 Set safe version of hacking
4c588187 Fix hacking min version to 3.1.0
a6c56c66 Force local connection for localhost
a04b2854 Add missing space in error message
9e3c685e Support redfish-virtual-media with legacy boot
b6624b2d Use upper constraints when installing Bifrost requirements
9880db80 Declare support for Fedora 32 and openSUSE Leap 15.2
79d3af76 Explicitly unset OS_CLOUD in the generated openrc
136cb2a5 Documentation: make it clearer that Ussuri does not have bifrost-cli
9d905e6b Another case for skip_package_install
2f150b05 Add Python3 wallaby unit tests
83e27fb3 Update master for stable/victoria
Diffstat (except docs and test files)
-------------------------------------
.ansible-lint | 1 +
ansible-collections-requirements.yml | 2 +-
bifrost/cli.py | 6 ++
bifrost/inventory.py | 7 +-
bindep.txt | 1 +
lower-constraints.txt | 17 ++--
playbooks/ci/run.yaml | 2 +
playbooks/roles/bifrost-cloud-config/README.md | 4 +-
.../roles/bifrost-cloud-config/defaults/main.yml | 2 +-
.../roles/bifrost-create-bootable-image/README.md | 64 ---------------
.../defaults/main.yml | 9 --
.../bifrost-create-bootable-image/meta/main.yml | 16 ----
.../tasks/create_bootable_image.yml | 74 -----------------
.../bifrost-create-bootable-image/tasks/main.yml | 21 -----
.../roles/bifrost-create-dib-image/tasks/main.yml | 1 +
.../bifrost-create-vm-nodes/defaults/main.yml | 40 ++++++++-
.../defaults/required_defaults_CentOS.yml | 1 -
.../roles/bifrost-create-vm-nodes/tasks/main.yml | 7 ++
.../tasks/prepare_libvirt.yml | 31 ++++++-
.../templates/redfish-emulator.conf.j2 | 2 +
.../templates/testvm.xml.j2 | 15 ++--
playbooks/roles/bifrost-ironic-install/README.md | 4 +-
.../roles/bifrost-ironic-install/defaults/main.yml | 23 +++++-
.../defaults/required_defaults_CentOS.yml | 3 +
.../defaults/required_defaults_Debian_family.yml | 6 ++
.../defaults/required_defaults_Fedora.yml | 6 ++
.../defaults/required_defaults_RedHat.yml | 3 +
.../defaults/required_defaults_RedHat_family.yml | 4 +
.../defaults/required_defaults_Suse_family.yml | 8 ++
.../defaults/required_defaults_Ubuntu.yml | 4 +
.../bifrost-ironic-install/files/ironic_policy.te | 21 -----
.../ssh_public_key_path.yaml | 43 ++++++++++
.../bifrost-ironic-install/tasks/bootstrap.yml | 96 +++++++++++++---------
.../bifrost-ironic-install/tasks/create_esp.yml | 55 +++++++++++++
.../bifrost-ironic-install/tasks/hw_types.yml | 1 +
.../tasks/inspector_bootstrap.yml | 4 +-
.../bifrost-ironic-install/tasks/ironic_config.yml | 6 ++
.../templates/ironic.conf.j2 | 25 +++---
.../defaults/main.yml | 6 +-
.../tasks/validate.yml | 11 ++-
.../templates/clouds.yaml.j2 | 2 +-
.../templates/openrc.j2 | 7 +-
.../roles/bifrost-pip-install/defaults/main.yml | 5 +-
.../defaults/main.yml | 2 +-
.../roles/ironic-inspect-node/defaults/main.yml | 2 +-
.../notes/add-ssh-key-eceb7cde22c3eb4a.yaml | 6 ++
.../notes/ansible-2.10-ee0211e72f9522c9.yaml | 4 +
.../notes/bifrost-cli-uefi-0d7890fb53655845.yaml | 8 ++
.../notes/centos8-stream-0c6d9adb544e36af.yaml | 8 ++
.../client-config-existing-8041abc5db164fd4.yaml | 6 ++
.../notes/f32-suse15.2-44a8189e81b1bfd7.yaml | 11 +++
.../notes/fedora-firewalld-f8e2e15be5fe43fd.yaml | 4 +
.../notes/fix-story-2008394-9a77486a838a1f2c.yaml | 7 ++
.../notes/ironic-lib-filters-371185c7a7691106.yaml | 6 ++
.../notes/no-bootable-image-63c649c3f2008c96.yaml | 6 ++
.../notes/no-no-auth-303152d1c29c691d.yaml | 7 ++
.../redfish-virtual-media-969d8747ab97165d.yaml | 4 +
releasenotes/notes/secontext-1f5ac63dbd0762d2.yaml | 8 ++
.../notes/secure-boot-07d1503cd034f9d3.yaml | 6 ++
.../notes/ubuntu-ports-ce9d1ceaf516adce.yaml | 5 ++
releasenotes/notes/uefi-emu-5fd047d01c09ed32.yaml | 9 ++
.../notes/validate-path-5c303903900dcd65.yaml | 5 ++
.../notes/vmedia-uefi-ce34974eaacd571c.yaml | 4 +
releasenotes/source/index.rst | 1 +
releasenotes/source/victoria.rst | 6 ++
scripts/env-setup.sh | 2 +-
scripts/install-deps.sh | 6 +-
scripts/test-bifrost.sh | 18 +++-
test-requirements.txt | 5 --
tools/ansible-lint.sh | 4 +-
tox.ini | 14 +++-
zuul.d/bifrost-jobs.yaml | 35 +++++++-
zuul.d/project.yaml | 6 +-
77 files changed, 662 insertions(+), 345 deletions(-)
Requirements updates
--------------------
diff --git a/test-requirements.txt b/test-requirements.txt
index d9fdd013..c7480dfa 100644
--- a/test-requirements.txt
+++ b/test-requirements.txt
@@ -5,2 +4,0 @@
-hacking>=3.0,<4.0.0 # Apache-2.0
-
@@ -8 +5,0 @@ coverage!=4.4,>=4.0 # Apache-2.0
-doc8>=0.6.0 # Apache-2.0
@@ -11,2 +7,0 @@ testtools>=2.2.0 # MIT
-Pygments>=2.2.0 # BSD license
-flake8-import-order>=0.17.1 # LGPLv3
More information about the Release-announce
mailing list