We are jazzed to announce the release of: bifrost 11.2.0: Deployment of physical machines using OpenStack Ironic and Ansible This release is part of the xena release series. The source is available from: https://opendev.org/openstack/bifrost Download the package from: https://tarballs.openstack.org/bifrost/ Please report issues through: https://storyboard.openstack.org/#!/project/openstack/bifrost For more details, please see below. 11.2.0 ^^^^^^ New Features ************ * Adds support for using dnsmasq as a DHCP relay target via the new "dhcp_pool_mask" parameter. * Automatically configures "enabled_raid_interfaces" based on the "enabled_hardware_types". * Adds support for manually specified enabled raid interfaces via the new "enabled_raid_interfaces" parameter. * Supports customizing the TFTP directory via the new parameter "tftp_boot_folder". * Adds a new role "bifrost-uwsgi-install" encapsulating uWSGI configuration logic. * Virtual media images are now protected by TLS when TLS support is enabled. Known Issues ************ * Fedora 34 cryptography settings may prevent it from logging into CirrOS via SSH. CirrOS images should not be used in production. If this problem affects your development environment, temporary lower the cryptography profile: sudo update-crypto-policies --set LEGACY Upgrade Notes ************* * Fedora 34 is now tested in the CI. Fedora 32 and newer should work, but are not tested any more. * The "admin" Keystone endpoint will be upgraded from using port 35357 (a separate admin API) to use port 5000 (the default Identity API). * Switches TFTP handling from Xinetd to dnsmasq, which must be enabled for TFTP boot to work. * Keystone services are now run as separate systemd services "uwsgi @keystone-public" and "uwsgi@keystone-admin". The standalone "uwsgi" service is no longer used and is disabled on upgrade. * If "enable_tls" is "true", virtual media images for Redfish, iDRAC- Redfish and iLO are now served via TLS using the Ironic's TLS certificate. If this is not desired, set the new option "vmedia_enable_tls" to "false". The new server's port can be configured via the new "file_url_port_tls" option. Deprecation Notes ***************** * The separate Keystone admin API (served at port 35357) is deprecated and will be removed in a future release. Please update your applications to refer to port 5000 only for Keystone operations. Bug Fixes ********* * When "copy_from_local_path" is used, destination path is removed on upgrade before copying. * Fixes Fedora 34 support by switching from the removed Xinetd to dnsmasq for TFTP boot. * Fixes support for TLS "ca_cert" and other current authentication parameters in the "os_ironic_node_info" module. The implementation uses utilities from the OpenStack Ansible collection. Other Notes *********** * Moves the generic code for managing Nginx into a new role "bifrost- nginx-install". Changes in bifrost 11.1.0..11.2.0 --------------------------------- e9e9206d Use safe shim binary paths on redhat family b31bc667 Explicitly trap on ERR 5c188128 Add uWSGI role and use systemd instead of emperor mode 52e14a65 Allow configuring enabled raid interfaces e8ae953d Add support for being dhcp relay target 05c13dfd Keystone: deprecate the separate admin service d4ddc053 CI: collect keystone information 7e1dbbd0 CI: copy bifrost logs to the log directory 358a989e Keystone: consolidate uWSGI config, drop non-existing plugin 4f2fd6df Use TLS for virtual media when TLS is enabled 6cf3c7be os_ironic_node_info: fix TLS and potentially other issues a79892ca Changes made to install documentation 6027b173 Improve main function 3852d3cf Remove destination when doing copy_from_local_path 064e8e9a Avoid a double restart of ironic components 8f94488f Update the supported Fedora versions f8c0e0b7 Trivial: fix a warning in bifrost-keystone-client-config a28b13eb Move Nginx code to a new role bifrost-nginx-install 65bc56e3 CI: use legacy crypto on Fedora with Cirros ce262837 Drop external tftp service in favor to use dnsmasq's one 36969332 Keep sushy-emulator state directory in /var/lib d5199cf1 Update deprecated pxe_append_params -> kernel_append_params Diffstat (except docs and test files) ------------------------------------- bifrost/cli.py | 5 +- playbooks/ci/run.yaml | 2 +- playbooks/ci/upgrade.yaml | 4 +- playbooks/library/os_ironic_node_info.py | 46 +++-------- .../bifrost-create-vm-nodes/defaults/main.yml | 1 + .../roles/bifrost-create-vm-nodes/tasks/main.yml | 8 ++ .../tasks/prepare_libvirt.yml | 33 +++++++- .../templates/redfish-emulator.conf.j2 | 3 + playbooks/roles/bifrost-ironic-install/README.md | 4 + .../roles/bifrost-ironic-install/defaults/main.yml | 10 ++- .../defaults/required_defaults_CentOS.yml | 1 + .../defaults/required_defaults_Debian_family.yml | 5 -- .../defaults/required_defaults_Fedora.yml | 5 +- .../defaults/required_defaults_RedHat.yml | 1 + .../defaults/required_defaults_RedHat_family.yml | 5 -- .../defaults/required_defaults_Suse_family.yml | 4 - .../defaults/required_defaults_Ubuntu.yml | 4 - .../bifrost-ironic-install/files/tftpboot-map-file | 2 - .../roles/bifrost-ironic-install/files/xinetd.tftp | 14 ---- .../bifrost-ironic-install/tasks/bootstrap.yml | 65 ++++++++++----- .../tasks/create_tftpboot.yml | 48 +++++++---- .../bifrost-ironic-install/tasks/hw_types.yml | 9 +++ .../roles/bifrost-ironic-install/tasks/install.yml | 5 ++ .../roles/bifrost-ironic-install/tasks/start.yml | 29 ++----- .../templates/dnsmasq.conf.j2 | 5 +- .../templates/ironic.conf.j2 | 6 +- .../nginx_conf.d_bifrost-httpboot.conf.j2 | 26 ++++++ .../bifrost-keystone-client-config/tasks/main.yml | 14 ++-- playbooks/roles/bifrost-keystone-install/README.md | 6 +- .../bifrost-keystone-install/defaults/main.yml | 2 +- .../defaults/required_defaults_Debian_family.yml | 2 - .../defaults/required_defaults_RedHat_family.yml | 2 - .../defaults/required_defaults_Suse_family.yml | 1 - .../bifrost-keystone-install/tasks/bootstrap.yml | 94 +++++----------------- .../bifrost-keystone-install/tasks/install.yml | 16 ++-- .../roles/bifrost-keystone-install/tasks/start.yml | 16 +++- .../templates/keystone-admin.ini.j2 | 19 ----- .../templates/nginx.conf.j2 | 52 ------------ .../nginx_conf.d_bifrost-keystone.conf.j2 | 9 ++- .../templates/systemd_template.j2 | 15 ---- ...eystone-public.ini.j2 => uwsgi-keystone.ini.j2} | 9 ++- .../roles/bifrost-nginx-install/defaults/main.yml | 17 ++++ .../bifrost-nginx-install/tasks/bootstrap.yml | 17 ++++ .../roles/bifrost-nginx-install/tasks/install.yml | 22 +++++ .../roles/bifrost-nginx-install/tasks/main.yml | 24 ++++++ .../roles/bifrost-nginx-install/tasks/start.yml | 18 +++++ .../templates/nginx.conf.j2 | 10 +-- .../roles/bifrost-prep-for-install/tasks/main.yml | 10 +++ .../roles/bifrost-uwsgi-install/defaults/main.yml | 23 ++++++ .../bifrost-uwsgi-install/tasks/bootstrap.yml | 57 +++++++++++++ .../roles/bifrost-uwsgi-install/tasks/install.yml | 18 +++++ .../roles/bifrost-uwsgi-install/tasks/main.yml | 20 +++++ .../templates/uwsgi@.service.j2 | 17 ++++ .../bifrost-nginx-install-8a824b4be58201c7.yaml | 5 ++ .../notes/copy-from-remove-7bcd4968a80cdbcf.yaml | 5 ++ .../notes/dhcp_pool_mask-6d9bd4d1b78be0ab.yaml | 5 ++ .../enabled_raid_interfaces-93086bc0cc29ee09.yaml | 8 ++ releasenotes/notes/fedora-bf306bdbbbea47c5.yaml | 13 +++ .../notes/keystone-admin-9eadd531de3f20ce.yaml | 10 +++ releasenotes/notes/no-xinetd-199ba2496469142c.yaml | 13 +++ .../os_ironic_node_info-49a608c3453cf18d.yaml | 6 ++ .../notes/uwsgi-install-eea2f9dca2470006.yaml | 10 +++ .../notes/vmedia-tls-ffa56b7c0466b663.yaml | 13 +++ scripts/collect-test-info.sh | 13 ++- scripts/test-bifrost.sh | 15 +++- tox.ini | 3 +- zuul.d/bifrost-jobs.yaml | 1 + 68 files changed, 641 insertions(+), 346 deletions(-)