[release-announce] bifrost 11.2.0 (xena)
no-reply at openstack.org
no-reply at openstack.org
Tue Sep 21 17:47:46 UTC 2021
We are jazzed to announce the release of:
bifrost 11.2.0: Deployment of physical machines using OpenStack Ironic
and Ansible
This release is part of the xena release series.
The source is available from:
https://opendev.org/openstack/bifrost
Download the package from:
https://tarballs.openstack.org/bifrost/
Please report issues through:
https://storyboard.openstack.org/#!/project/openstack/bifrost
For more details, please see below.
11.2.0
^^^^^^
New Features
************
* Adds support for using dnsmasq as a DHCP relay target via the new
"dhcp_pool_mask" parameter.
* Automatically configures "enabled_raid_interfaces" based on the
"enabled_hardware_types".
* Adds support for manually specified enabled raid interfaces via
the new "enabled_raid_interfaces" parameter.
* Supports customizing the TFTP directory via the new parameter
"tftp_boot_folder".
* Adds a new role "bifrost-uwsgi-install" encapsulating uWSGI
configuration logic.
* Virtual media images are now protected by TLS when TLS support is
enabled.
Known Issues
************
* Fedora 34 cryptography settings may prevent it from logging into
CirrOS via SSH. CirrOS images should not be used in production. If
this problem affects your development environment, temporary lower
the cryptography profile:
sudo update-crypto-policies --set LEGACY
Upgrade Notes
*************
* Fedora 34 is now tested in the CI. Fedora 32 and newer should
work, but are not tested any more.
* The "admin" Keystone endpoint will be upgraded from using port
35357 (a separate admin API) to use port 5000 (the default Identity
API).
* Switches TFTP handling from Xinetd to dnsmasq, which must be
enabled for TFTP boot to work.
* Keystone services are now run as separate systemd services "uwsgi
@keystone-public" and "uwsgi at keystone-admin". The standalone "uwsgi"
service is no longer used and is disabled on upgrade.
* If "enable_tls" is "true", virtual media images for Redfish,
iDRAC- Redfish and iLO are now served via TLS using the Ironic's TLS
certificate. If this is not desired, set the new option
"vmedia_enable_tls" to "false".
The new server's port can be configured via the new
"file_url_port_tls" option.
Deprecation Notes
*****************
* The separate Keystone admin API (served at port 35357) is
deprecated and will be removed in a future release. Please update
your applications to refer to port 5000 only for Keystone
operations.
Bug Fixes
*********
* When "copy_from_local_path" is used, destination path is removed
on upgrade before copying.
* Fixes Fedora 34 support by switching from the removed Xinetd to
dnsmasq for TFTP boot.
* Fixes support for TLS "ca_cert" and other current authentication
parameters in the "os_ironic_node_info" module. The implementation
uses utilities from the OpenStack Ansible collection.
Other Notes
***********
* Moves the generic code for managing Nginx into a new role
"bifrost- nginx-install".
Changes in bifrost 11.1.0..11.2.0
---------------------------------
e9e9206d Use safe shim binary paths on redhat family
b31bc667 Explicitly trap on ERR
5c188128 Add uWSGI role and use systemd instead of emperor mode
52e14a65 Allow configuring enabled raid interfaces
e8ae953d Add support for being dhcp relay target
05c13dfd Keystone: deprecate the separate admin service
d4ddc053 CI: collect keystone information
7e1dbbd0 CI: copy bifrost logs to the log directory
358a989e Keystone: consolidate uWSGI config, drop non-existing plugin
4f2fd6df Use TLS for virtual media when TLS is enabled
6cf3c7be os_ironic_node_info: fix TLS and potentially other issues
a79892ca Changes made to install documentation
6027b173 Improve main function
3852d3cf Remove destination when doing copy_from_local_path
064e8e9a Avoid a double restart of ironic components
8f94488f Update the supported Fedora versions
f8c0e0b7 Trivial: fix a warning in bifrost-keystone-client-config
a28b13eb Move Nginx code to a new role bifrost-nginx-install
65bc56e3 CI: use legacy crypto on Fedora with Cirros
ce262837 Drop external tftp service in favor to use dnsmasq's one
36969332 Keep sushy-emulator state directory in /var/lib
d5199cf1 Update deprecated pxe_append_params -> kernel_append_params
Diffstat (except docs and test files)
-------------------------------------
bifrost/cli.py | 5 +-
playbooks/ci/run.yaml | 2 +-
playbooks/ci/upgrade.yaml | 4 +-
playbooks/library/os_ironic_node_info.py | 46 +++--------
.../bifrost-create-vm-nodes/defaults/main.yml | 1 +
.../roles/bifrost-create-vm-nodes/tasks/main.yml | 8 ++
.../tasks/prepare_libvirt.yml | 33 +++++++-
.../templates/redfish-emulator.conf.j2 | 3 +
playbooks/roles/bifrost-ironic-install/README.md | 4 +
.../roles/bifrost-ironic-install/defaults/main.yml | 10 ++-
.../defaults/required_defaults_CentOS.yml | 1 +
.../defaults/required_defaults_Debian_family.yml | 5 --
.../defaults/required_defaults_Fedora.yml | 5 +-
.../defaults/required_defaults_RedHat.yml | 1 +
.../defaults/required_defaults_RedHat_family.yml | 5 --
.../defaults/required_defaults_Suse_family.yml | 4 -
.../defaults/required_defaults_Ubuntu.yml | 4 -
.../bifrost-ironic-install/files/tftpboot-map-file | 2 -
.../roles/bifrost-ironic-install/files/xinetd.tftp | 14 ----
.../bifrost-ironic-install/tasks/bootstrap.yml | 65 ++++++++++-----
.../tasks/create_tftpboot.yml | 48 +++++++----
.../bifrost-ironic-install/tasks/hw_types.yml | 9 +++
.../roles/bifrost-ironic-install/tasks/install.yml | 5 ++
.../roles/bifrost-ironic-install/tasks/start.yml | 29 ++-----
.../templates/dnsmasq.conf.j2 | 5 +-
.../templates/ironic.conf.j2 | 6 +-
.../nginx_conf.d_bifrost-httpboot.conf.j2 | 26 ++++++
.../bifrost-keystone-client-config/tasks/main.yml | 14 ++--
playbooks/roles/bifrost-keystone-install/README.md | 6 +-
.../bifrost-keystone-install/defaults/main.yml | 2 +-
.../defaults/required_defaults_Debian_family.yml | 2 -
.../defaults/required_defaults_RedHat_family.yml | 2 -
.../defaults/required_defaults_Suse_family.yml | 1 -
.../bifrost-keystone-install/tasks/bootstrap.yml | 94 +++++-----------------
.../bifrost-keystone-install/tasks/install.yml | 16 ++--
.../roles/bifrost-keystone-install/tasks/start.yml | 16 +++-
.../templates/keystone-admin.ini.j2 | 19 -----
.../templates/nginx.conf.j2 | 52 ------------
.../nginx_conf.d_bifrost-keystone.conf.j2 | 9 ++-
.../templates/systemd_template.j2 | 15 ----
...eystone-public.ini.j2 => uwsgi-keystone.ini.j2} | 9 ++-
.../roles/bifrost-nginx-install/defaults/main.yml | 17 ++++
.../bifrost-nginx-install/tasks/bootstrap.yml | 17 ++++
.../roles/bifrost-nginx-install/tasks/install.yml | 22 +++++
.../roles/bifrost-nginx-install/tasks/main.yml | 24 ++++++
.../roles/bifrost-nginx-install/tasks/start.yml | 18 +++++
.../templates/nginx.conf.j2 | 10 +--
.../roles/bifrost-prep-for-install/tasks/main.yml | 10 +++
.../roles/bifrost-uwsgi-install/defaults/main.yml | 23 ++++++
.../bifrost-uwsgi-install/tasks/bootstrap.yml | 57 +++++++++++++
.../roles/bifrost-uwsgi-install/tasks/install.yml | 18 +++++
.../roles/bifrost-uwsgi-install/tasks/main.yml | 20 +++++
.../templates/uwsgi at .service.j2 | 17 ++++
.../bifrost-nginx-install-8a824b4be58201c7.yaml | 5 ++
.../notes/copy-from-remove-7bcd4968a80cdbcf.yaml | 5 ++
.../notes/dhcp_pool_mask-6d9bd4d1b78be0ab.yaml | 5 ++
.../enabled_raid_interfaces-93086bc0cc29ee09.yaml | 8 ++
releasenotes/notes/fedora-bf306bdbbbea47c5.yaml | 13 +++
.../notes/keystone-admin-9eadd531de3f20ce.yaml | 10 +++
releasenotes/notes/no-xinetd-199ba2496469142c.yaml | 13 +++
.../os_ironic_node_info-49a608c3453cf18d.yaml | 6 ++
.../notes/uwsgi-install-eea2f9dca2470006.yaml | 10 +++
.../notes/vmedia-tls-ffa56b7c0466b663.yaml | 13 +++
scripts/collect-test-info.sh | 13 ++-
scripts/test-bifrost.sh | 15 +++-
tox.ini | 3 +-
zuul.d/bifrost-jobs.yaml | 1 +
68 files changed, 641 insertions(+), 346 deletions(-)
More information about the Release-announce
mailing list