We are ecstatic to announce the release of: bifrost 10.0.0: Deployment of physical machines using OpenStack Ironic and Ansible This release is part of the wallaby release series. The source is available from: https://opendev.org/openstack/bifrost Download the package from: https://tarballs.openstack.org/bifrost/ Please report issues through: https://storyboard.openstack.org/#!/project/openstack/bifrost For more details, please see below. 10.0.0 ^^^^^^ New Features ************ * Set the new boolean parameter "ipa_add_ssh_key" to "True" to configure an ability to log into ramdisk with the current user's SSH key. Only works for DIB-based ramdisks built with the "dynamic- login" element. * Ansible 2.10 is now supported and used by default (2.9 is still supported). * Adds the "--uefi" argument to "./bifrost-cli testenv" to make testing VMs boot in the UEFI mode. * Adds the "--uefi" argument to "./bifrost-cli install" to make ironic use UEFI by default. * Enables support for "redfish-virtual-media" in legacy (BIOS) boot mode. * Adds support for testing bifrost with UEFI secure boot enabled in VMs. Requires an IPA ramdisk with kernel signed by a key recognized by GRUB2 on the host machine. * Adds support for emulating UEFI bare metal machines in the testing environment. Pass "default_boot_mode=uefi" to enable. * Adds support for Redfish virtual media in UEFI mode. Known Issues ************ * UEFI testing with network boot does not work on Ubuntu Focal because of TFTP issues. Upgrade Notes ************* * Following an announcement (https://lists.centos.org/pipermail /centos-announce/2020-December/048208.html) by the CentOS project, Bifrost has switched to CentOS Stream for testing. Regular CentOS is no longer tested in the CI, meaning that both it and RHEL will only be tested indirectly and supported on the best effort basis. * The role "bifrost-create-bootable-image", marked as legacy since 2015, has been removed. Please use diskimage-builder or other external tools to build your images. * Bifrost now uses HTTP basic authentication by default. The generated credentials will be stored in "~/.config/openstack/clouds.yaml". Use "noauth_mode=true" with "enable_keystone=false" to disable authentication. Deprecation Notes ***************** * Fedora 30 has reached end-of-life and is no longer explicitly tested. Its support will be removed in one of the future releases. * openSUSE Leap 15.1 is reaching end-of-life and is no longer explicitly tested. Its support will be removed in one of the future releases. Bug Fixes ********* * Unsets the "OS_CLOUD" variable in the generated "openrc". * "OS_AUTH_TYPE" is now always set in the generated "openrc". * FirewallD is now used on Fedora 32 and newer to fix firewall issues. * Fixes an issue with the Bifrost inventory plugin when used with "BIFROST_INVENTORY_SOURCE=ironic". All node fields are now returned as facts, as in Ussuri and earlier releases. See story 2008394 for details. * Copies ironic-lib rootwrap.d filters to the correct location. * Correctly copies rootwrap.d filters on upgrade. * Fixes SELinux context not being applied to /httpboot and /tftpboot. This renders the "ironic_policy" module unnecessary, and it has been removed. * Ensures that the checksums file has the correct ownership. * Explicitly opens ports 68 and 69 in firewall on systems not using firewalld (e.g. Ubuntu). * Fixes "PATH" to always include the virtual environment when running validations. Other Notes *********** * Fedora 32 and openSUSE Leap 15.2 have been added to the supported OS list. Changes in bifrost 9.0.0..10.0.0 -------------------------------- aa727de7 Switch to using authentication by default 50400ae1 Update lower-constraints from an up-to-date environment 72c16562 Switch to CentOS 8 Stream for testing 95b69e2b Fix two CI issues 71e26d17 Fix missing node facts with BIFROST_INVENTORY_SOURCE=ironic b604f66e Allow inserting SSH public key for dynamic-login faa328d4 Support UEFI in bifrost-cli and document it e5f0b8d6 Expand testenv documentation 17d43324 Fix handling rootwrap.d filters fa7e9404 CI: set BIFROST_TRACE for debugging output 5a68e6ea selinux: add inspector and IPA ports to http_port_t type e3fd08fa Ensure the correct SELinux context for /httpboot and /tftpboot a03335c4 test-bifrost: make sure selinux is enforcing 71b86a31 Recognize TOX_CONSTRAINTS_FILE as a valid constraints variable 81999de9 Specify the collections version more explicitly fefb26f6 Support testing secure boot fd530ac5 Support Ansible 2.10 d45e6c49 Change the machine type to q35 to support UEFI on CentOS 6486aaa5 Fix discrepancy in kernel params for PXE and Redfish 810370b5 Update TOX_CONSTRAINTS_FILE 912d8d4d Remove bifrost-create-bootable-image e211e66a Fix invalid invocation of the shell command 28ff3bd0 Redfish virtual media boot in UEFI b2c9a973 Specify mandatory name parameter for virt_net a2bfc586 Add a CI job with Redfish and UEFI acda312a Explicitly open ports 68 and 69 on Ubuntu 0463cd18 Switch to firewalld for Fedora >= 32 e6ff6912 Ensure PATH contains the virtual environment when validating CLI a07750d4 Add prometheus-exporter to keystone test 2e4d8512 Stop using deprecated iPXE parameters 35998b78 Set safe version of hacking 4c588187 Fix hacking min version to 3.1.0 a6c56c66 Force local connection for localhost a04b2854 Add missing space in error message 9e3c685e Support redfish-virtual-media with legacy boot b6624b2d Use upper constraints when installing Bifrost requirements 9880db80 Declare support for Fedora 32 and openSUSE Leap 15.2 79d3af76 Explicitly unset OS_CLOUD in the generated openrc 136cb2a5 Documentation: make it clearer that Ussuri does not have bifrost-cli 9d905e6b Another case for skip_package_install 2f150b05 Add Python3 wallaby unit tests 83e27fb3 Update master for stable/victoria Diffstat (except docs and test files) ------------------------------------- .ansible-lint | 1 + ansible-collections-requirements.yml | 2 +- bifrost/cli.py | 6 ++ bifrost/inventory.py | 7 +- bindep.txt | 1 + lower-constraints.txt | 17 ++-- playbooks/ci/run.yaml | 2 + playbooks/roles/bifrost-cloud-config/README.md | 4 +- .../roles/bifrost-cloud-config/defaults/main.yml | 2 +- .../roles/bifrost-create-bootable-image/README.md | 64 --------------- .../defaults/main.yml | 9 -- .../bifrost-create-bootable-image/meta/main.yml | 16 ---- .../tasks/create_bootable_image.yml | 74 ----------------- .../bifrost-create-bootable-image/tasks/main.yml | 21 ----- .../roles/bifrost-create-dib-image/tasks/main.yml | 1 + .../bifrost-create-vm-nodes/defaults/main.yml | 40 ++++++++- .../defaults/required_defaults_CentOS.yml | 1 - .../roles/bifrost-create-vm-nodes/tasks/main.yml | 7 ++ .../tasks/prepare_libvirt.yml | 31 ++++++- .../templates/redfish-emulator.conf.j2 | 2 + .../templates/testvm.xml.j2 | 15 ++-- playbooks/roles/bifrost-ironic-install/README.md | 4 +- .../roles/bifrost-ironic-install/defaults/main.yml | 23 +++++- .../defaults/required_defaults_CentOS.yml | 3 + .../defaults/required_defaults_Debian_family.yml | 6 ++ .../defaults/required_defaults_Fedora.yml | 6 ++ .../defaults/required_defaults_RedHat.yml | 3 + .../defaults/required_defaults_RedHat_family.yml | 4 + .../defaults/required_defaults_Suse_family.yml | 8 ++ .../defaults/required_defaults_Ubuntu.yml | 4 + .../bifrost-ironic-install/files/ironic_policy.te | 21 ----- .../ssh_public_key_path.yaml | 43 ++++++++++ .../bifrost-ironic-install/tasks/bootstrap.yml | 96 +++++++++++++--------- .../bifrost-ironic-install/tasks/create_esp.yml | 55 +++++++++++++ .../bifrost-ironic-install/tasks/hw_types.yml | 1 + .../tasks/inspector_bootstrap.yml | 4 +- .../bifrost-ironic-install/tasks/ironic_config.yml | 6 ++ .../templates/ironic.conf.j2 | 25 +++--- .../defaults/main.yml | 6 +- .../tasks/validate.yml | 11 ++- .../templates/clouds.yaml.j2 | 2 +- .../templates/openrc.j2 | 7 +- .../roles/bifrost-pip-install/defaults/main.yml | 5 +- .../defaults/main.yml | 2 +- .../roles/ironic-inspect-node/defaults/main.yml | 2 +- .../notes/add-ssh-key-eceb7cde22c3eb4a.yaml | 6 ++ .../notes/ansible-2.10-ee0211e72f9522c9.yaml | 4 + .../notes/bifrost-cli-uefi-0d7890fb53655845.yaml | 8 ++ .../notes/centos8-stream-0c6d9adb544e36af.yaml | 8 ++ .../client-config-existing-8041abc5db164fd4.yaml | 6 ++ .../notes/f32-suse15.2-44a8189e81b1bfd7.yaml | 11 +++ .../notes/fedora-firewalld-f8e2e15be5fe43fd.yaml | 4 + .../notes/fix-story-2008394-9a77486a838a1f2c.yaml | 7 ++ .../notes/ironic-lib-filters-371185c7a7691106.yaml | 6 ++ .../notes/no-bootable-image-63c649c3f2008c96.yaml | 6 ++ .../notes/no-no-auth-303152d1c29c691d.yaml | 7 ++ .../redfish-virtual-media-969d8747ab97165d.yaml | 4 + releasenotes/notes/secontext-1f5ac63dbd0762d2.yaml | 8 ++ .../notes/secure-boot-07d1503cd034f9d3.yaml | 6 ++ .../notes/ubuntu-ports-ce9d1ceaf516adce.yaml | 5 ++ releasenotes/notes/uefi-emu-5fd047d01c09ed32.yaml | 9 ++ .../notes/validate-path-5c303903900dcd65.yaml | 5 ++ .../notes/vmedia-uefi-ce34974eaacd571c.yaml | 4 + releasenotes/source/index.rst | 1 + releasenotes/source/victoria.rst | 6 ++ scripts/env-setup.sh | 2 +- scripts/install-deps.sh | 6 +- scripts/test-bifrost.sh | 18 +++- test-requirements.txt | 5 -- tools/ansible-lint.sh | 4 +- tox.ini | 14 +++- zuul.d/bifrost-jobs.yaml | 35 +++++++- zuul.d/project.yaml | 6 +- 77 files changed, 662 insertions(+), 345 deletions(-) Requirements updates -------------------- diff --git a/test-requirements.txt b/test-requirements.txt index d9fdd013..c7480dfa 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -5,2 +4,0 @@ -hacking>=3.0,<4.0.0 # Apache-2.0 - @@ -8 +5,0 @@ coverage!=4.4,>=4.0 # Apache-2.0 -doc8>=0.6.0 # Apache-2.0 @@ -11,2 +7,0 @@ testtools>=2.2.0 # MIT -Pygments>=2.2.0 # BSD license -flake8-import-order>=0.17.1 # LGPLv3