[release-announce] bifrost 9.0.0 (victoria)
no-reply at openstack.org
no-reply at openstack.org
Thu Oct 1 19:11:16 UTC 2020
We are excited to announce the release of:
bifrost 9.0.0: Deployment of physical machines using OpenStack Ironic
and Ansible
This release is part of the victoria release series.
The source is available from:
https://opendev.org/openstack/bifrost
Download the package from:
https://tarballs.openstack.org/bifrost/
Please report issues through:
https://storyboard.openstack.org/#!/project/openstack/bifrost
For more details, please see below.
9.0.0
^^^^^
New Features
************
* Adds support to install the Ironic Prometheus Exporter. It can be
done through the "bifrost-cli" using "--enable-prometheus-exporter"
option, or when setting *enable_prometheus_expoter=True* when
deploying.
* The first IPv4 address of the "network_interface" is now used for
ironic and ironic-inspector API URLs in "clouds.yaml" in "openrc"
instead of "localhost". Use "ironic_api_url" and
"ironic_inspector_api_url" to override.
* The "bifrost-keystone-client-config" role now validates that CLI
access actually works with the generated configuration, use
"skip_validation=false" to disable.
* Supports TLS configuration by setting "enable_tls=true" and,
optionally, "generate_tls=true". The corresponding "bifrost-cli"
argument is "--enable-tls" (auto-generated certificates only).
* The "bifrost-ironic-install" role now validates that the services
have been started successfully, use "skip_validation" to disable.
Known Issues
************
* Because of Ansible dependencies Bifrost only works on virtual
environments created with "--system-site-packages".
* When using Keystone for authentication, it may not be possible to
disable TLS after enabling it if the certificate is in a non-
standard location.
* Due to upgrade limitations, it may not be possible to enable TLS
on upgrading from a previous version. Do an upgrade first, then
enable TLS in a separate installation step.
Upgrade Notes
*************
* The "use_public_urls" parameter is no longer supported, just
provide "public_ip" instead.
* Bifrost no longer adds ironic and ironic-inspector endpoints to
the public firewalld zone, the operator has to do it explicitly if
external access is expected.
* Support for the legacy CSV inventory format has been removed, only
JSON and YAML are supported now.
* Support for installing and using RabbitMQ has been removed.
* Support for storing introspection data in nginx has been removed.
It was useful before ironic-inspector started supporting storing
data in the database, which is the default nowadays.
* Support for the OpenStack MetaData version 2012-08-10 has been
removed from the "bifrost-configdrives-dynamic" role. The newest
supported metadata version is now 2015-10-15.
* The deprecated parameter "node_network_info" has been removed, use
"node_network_data" instead.
* Adds the explicit setting of file access permissions to get_url
calls in bifrost ansible playbooks to ensure that the contents of
"/httpboot" are world-readable independently of which Ansible
version is in use.
* Packaged iPXE ROMs are now used by default on openSUSE, set
"download_ipxe=true" to override.
* Bifrost will no longer kill all running dnsmasq processes for you.
If you have dnsmasq processes that are not managed by systemd, you
have to stop them yourself.
* No longer supports installation outside of a virtual environment.
The parameter "enable_venv" has been removed.
Bug Fixes
*********
* Fixes an issue where the bifrost-create-dib-image role overrides
any existing ELEMENTS_PATH environment variable value. This fix
appends any existing ELEMENTS_PATH value to the path set in the
role.
* Changes to keystone endpoint configuration are now automatically
reflected on existing endpoints.
* Correctly updates repositories copied with "copy_from_local_path".
* When copying repositories using "copy_from_local_path", make sure
they are consistently owned by the local user. Previously some
repositories could end up owned by "root".
* Correctly updates IPA images checksums on a major upgrade.
* Automatically enables DHCP and TFTP services in firewalld on
CentOS/RHEL.
* Instead of modifying the "public" firewalld zone, creates a new
zone "bifrost" and puts the "network_interface" in it. Set
"firewalld_internal_zone=public" to revert to the previous behavior.
* Makes "/var/lib/ironic" and its images subdirectories readable by
nginx. This is required for using the images cache.
* Fixes ACL of PXE and iPXE boot files to make sure they are world-
readable.
* Resolves the issue with ansible versions 2.9.12 and 2.8.14 where
implicit setting of file permissions on files downloaded with
get_url calls results in overly restrictive permissions. This leads
to access denied while attempting to read the contents of
"/httpboot" and results in failed deployments.
* Ensures that repositories are consistently owned by the calling
user.
* Removes the "test_vm_network_enable_dhcp" option and disables DHCP
on the libvirt network instead of unconditionally killing all
dnsmasq processes on the machine.
* Adds correct SELinux context for "/tftpboot".
Other Notes
***********
* The file "env-vars" has been removed. It contains variables that
only work for no-auth mode and only for ironic itself (not
inspector). Use the generated "clouds.yaml" or "openrc" in the home
directory.
* The primary supported version of Ubuntu is now 20.04 (Focal).
Ubuntu 18.04 (Bionic) is still supported, but may be removed in a
future release.
* Ironic JSON RPC is now always authenticated, even in no-auth mode.
* Removes the no longer used "transform_boot_image" variable.
Changes in bifrost 8.3.0..9.0.0
-------------------------------
4f175fd Add ipe installation to bifrost
ac9eab4 Document a potential issue with firewalld and SSH
a454be2 Always default skip_validation to skip_start
120fc5d Switch integration testing to Ubuntu Focal
813e323 Add some interfaces for development hardware types
d550a1f bifrost-configdrives-dynamic: automatically find ed25519 SSH keys
eaa04b1 bifrost-cli: do not provide any release if non can be detected
dc57b72 Fix internal_ip detection in {enroll,deploy}-dynamic
90a98d0 Move CLI validation to bifrost-keystone-client-config
0ef62ca Ensure that repositories are owned by the running users
0c242fa test-bifrost: use existing playbooks
20863aa Cleanup test-bifrost.yaml
8a4e36a Correct the auth_strategy value (noauth instead of none)
cd3fcaf Recover support for installing stable/ussuri
08339c3 Discourage using non-matching versions of Bifrost and Ironic
736eccf redfish-emulator: log handled requests
8cce676 Remove install unnecessary packages
3fcd7c5 [CI] Check with Kolla Ansible
321c823 Fix l-c testing for Ubuntu Focal (py38)
7e8e60f Re-download checkums on upgrades and updates
c7f3935 Force updating repos with copy_from_local_path
3d07f8e Remove transform_boot_image
a874c7a Always setup environment in bifrost-cli and make it less verbose
28c0848 Remove unnecessary overrides of ansible_python_interpreter
5e7f72a Fix install on systems without systemd
e4ad94c Follow up on "Fix error 601"
ddafc94 TLS support for API services
e4d0325 Fix error 601
ea4ee59 Use packaged iPXE ROMs for openSUSE
710e0db Create our own firewalld zone and use it on real bare metal
eb8d858 Workaround for setuptools 50.0
2e6ce41 ansible-lint: fix error 602
4140536 ansible-lint: fix error 504
0eee2d0 ansible-lint: fix error 206
ef51bdc Let us finish the rabbit hunt
ee5fb69 Update keystone documentation
114c210 Move services to internal_ip by default and refactor endpoint creation
807700c Change LANG in install-deps.sh to en_US.UTF-8
57edf29 Make /var/lib/ironic/{,images,master_images} readable by nginx
5befa87 Disable DHCP on the libvirt network rather than doing `killall dnsmasq`
3aacfd3 Add correct SELinux context for /tftpboot and fix map-file ACL
9a026a7 Allow custom elements by appending existing ELEMENTS_PATH var
fc022bd Trivial: remove a reference to update-rc.d
1f37c41 Explicitly set permissions on /httpboot contents
04a6973 Remove support for OpenStack MetaData version 2012-08-10
156a316 Authentication JSON RPC even in no-auth mode
7445e6f Stop supporting storing introspection data in nginx
790f81c Remove support for the legacy CSV format
2cf2125 Remove support for non-venv deployments
b51efc1 ansible-lint: fix errors 303, 305, 306
62a803f ansible-lint: fix error 204 (Lines should be no longer than 160 chars)
6f825b0 Add a CI job with ansible-lint
3b52787 Remove env-vars
2eabfd7 Make the iPXE and PXE boot files world-readable
6e1bae9 Explicitly enable DHCP services on baremetal CentOS/RHEL
d203955 dynamic: always use clouds.yaml when it is available
df33abf Validate that the services are running after installation
Diffstat (except docs and test files)
-------------------------------------
.ansible-lint | 10 +
bifrost/cli.py | 55 ++---
bifrost/inventory.py | 144 +------------
env-vars | 2 -
lower-constraints.txt | 2 +-
playbooks/ci/run.yaml | 3 +-
playbooks/cleanup-deployment-images.yaml | 6 +-
playbooks/deploy-dynamic.yaml | 5 +
playbooks/enroll-dynamic.yaml | 7 +-
playbooks/example-deploy-all-available-nodes.yaml | 14 +-
playbooks/install.yaml | 17 +-
playbooks/inventory/group_vars/localhost | 5 -
playbooks/inventory/group_vars/target | 5 -
playbooks/redeploy-dynamic.yaml | 21 +-
playbooks/roles/bifrost-cloud-config/README.md | 4 +
.../roles/bifrost-cloud-config/defaults/main.yml | 11 +
.../roles/bifrost-cloud-config/tasks/main.yml | 35 +++-
.../bifrost-configdrives-dynamic/defaults/main.yml | 12 +-
.../bifrost-configdrives-dynamic/tasks/main.yml | 43 ++--
.../tasks/ssh_public_key_path.yaml | 36 +++-
.../tasks/update_facts_from_ironic.yaml | 1 +
.../bifrost-configdrives-dynamic/vars/main.yml | 5 -
.../defaults/main.yml | 3 +-
.../tasks/create_bootable_image.yml | 37 ++--
.../bifrost-create-bootable-image/tasks/main.yml | 2 +-
.../bifrost-create-dib-image/defaults/main.yml | 3 +-
.../roles/bifrost-create-dib-image/tasks/main.yml | 124 ++++++++----
playbooks/roles/bifrost-create-vm-nodes/README.md | 11 +-
.../bifrost-create-vm-nodes/defaults/main.yml | 6 +-
.../bifrost-create-vm-nodes/tasks/create_vm.yml | 8 +-
.../roles/bifrost-create-vm-nodes/tasks/main.yml | 80 +++-----
.../tasks/prepare_libvirt.yml | 8 +-
.../bifrost-create-vm-nodes/templates/net.xml.j2 | 8 +-
.../templates/redfish-emulator.service.j2 | 10 +-
.../templates/vbmcd.service.j2 | 7 +-
.../bifrost-deploy-nodes-dynamic/defaults/main.yml | 3 +-
.../bifrost-deploy-nodes-dynamic/tasks/main.yml | 14 +-
playbooks/roles/bifrost-ironic-install/README.md | 21 +-
.../roles/bifrost-ironic-install/defaults/main.yml | 65 ++++--
.../defaults/required_defaults_Suse_family.yml | 11 +-
.../bifrost-ironic-install/tasks/bootstrap.yml | 200 +++++++++---------
.../tasks/create_tftpboot.yml | 71 +++++--
.../tasks/download_ipa_image.yml | 92 +++++----
.../bifrost-ironic-install/tasks/get_ipxe.yml | 8 +-
.../bifrost-ironic-install/tasks/hw_types.yml | 11 +-
.../tasks/inspector_bootstrap.yml | 44 +++-
.../roles/bifrost-ironic-install/tasks/install.yml | 12 +-
.../bifrost-ironic-install/tasks/ironic_config.yml | 11 +-
.../tasks/keystone_setup.yml | 224 +++++++--------------
.../tasks/keystone_setup_inspector.yml | 178 ++++++----------
.../roles/bifrost-ironic-install/tasks/main.yml | 33 +--
.../bifrost-ironic-install/tasks/migrations.yml | 7 +-
.../tasks/prometheus_exporter_install.yml} | 26 +--
.../tasks/prometheus_exporter_start.yml | 38 ++++
.../tasks/set_ssh_private_key.yml | 10 +-
.../tasks/setup_firewalld.yml | 50 +++++
.../roles/bifrost-ironic-install/tasks/start.yml | 30 ++-
.../bifrost-ironic-install/tasks/validate.yml | 97 +++++++++
.../templates/inspector-default-boot-ipxe.j2 | 2 +-
.../templates/ironic-inspector.conf.j2 | 28 ++-
.../ironic-prometheus-exporter.service.j2 | 10 +
.../templates/ironic.conf.j2 | 57 ++++--
.../bifrost-ironic-install/templates/nginx.conf.j2 | 8 -
.../defaults/main.yml | 21 +-
.../bifrost-keystone-client-config/tasks/main.yml | 11 +-
.../tasks/validate.yml | 60 ++++++
.../templates/clouds.yaml.j2 | 15 ++
.../templates/openrc.j2 | 4 +
.../bifrost-keystone-install/defaults/main.yml | 18 +-
.../bifrost-keystone-install/tasks/bootstrap.yml | 73 ++++---
.../roles/bifrost-keystone-install/tasks/main.yml | 41 ++--
.../roles/bifrost-keystone-install/tasks/start.yml | 3 +-
.../bifrost-keystone-install/tasks/upgrade.yml | 121 +++++++++++
.../templates/keystone-admin.ini.j2 | 4 +-
.../templates/keystone-public.ini.j2 | 4 +-
.../nginx_conf.d_bifrost-keystone.conf.j2 | 12 ++
.../roles/bifrost-pip-install/defaults/main.yml | 3 +-
playbooks/roles/bifrost-pip-install/tasks/main.yml | 30 +--
.../bifrost-prep-for-install/defaults/main.yml | 13 +-
.../roles/bifrost-prep-for-install/tasks/main.yml | 27 ++-
.../defaults/main.yml | 7 +-
.../tasks/main.yml | 8 +-
playbooks/roles/bifrost-rabbitmq/defaults/main.yml | 11 -
playbooks/roles/bifrost-rabbitmq/tasks/main.yml | 62 ------
.../roles/bifrost-test-dhcp/files/test-dhcp.py | 24 ---
playbooks/roles/bifrost-test-dhcp/tasks/main.yml | 4 +-
playbooks/roles/bifrost-tls/README.md | 86 ++++++++
playbooks/roles/bifrost-tls/defaults/main.yml | 34 ++++
playbooks/roles/bifrost-tls/tasks/main.yml | 54 +++++
.../defaults/main.yml | 3 +-
.../tasks/main.yml | 1 +
.../roles/ironic-delete-dynamic/defaults/main.yml | 3 +-
.../roles/ironic-delete-dynamic/tasks/main.yml | 1 +
.../roles/ironic-enroll-dynamic/defaults/main.yml | 3 +-
.../roles/ironic-enroll-dynamic/tasks/main.yml | 3 +-
.../roles/ironic-inspect-node/defaults/main.yml | 3 +-
playbooks/roles/ironic-inspect-node/tasks/main.yml | 7 +-
playbooks/test-bifrost-create-vm.yaml | 20 +-
playbooks/test-bifrost.yaml | 100 ++-------
releasenotes/notes/add-ipe-1f57e04d2881215f.yaml | 6 +
.../allow-custom-elements-05c9495c8fd840e8.yaml | 7 +
releasenotes/notes/api-url-a6f79de3cc8b0e3d.yaml | 15 ++
.../notes/cli-validate-474e15ba9631e72f.yaml | 6 +
.../copy_from_local_path-8aff180483e6bced.yaml | 8 +
.../download-ipa-upgrade-91e0fc4beea7419e.yaml | 4 +
releasenotes/notes/env-vars-f07a4779a881c039.yaml | 6 +
.../notes/firewalld-services-4c255c02d8d427f8.yaml | 4 +
.../notes/firewalld-zone-d8c72fb5924a4916.yaml | 11 +
releasenotes/notes/focal-e40fdd37d11faac9.yaml | 5 +
.../notes/images-permissions-2042490e3ca13656.yaml | 5 +
.../notes/interpreter-a6cd3a98e9cd239f.yaml | 5 +
.../notes/json-rpc-auth-2430cc7432cbfe10.yaml | 4 +
releasenotes/notes/no-csv-b7f149e88aba1b85.yaml | 5 +
releasenotes/notes/no-rabbit-95434aaea3bb5528.yaml | 4 +
.../notes/no-store-nginx-75bc3f9068fb8f78.yaml | 6 +
.../notes/old-network-info-33a853faf6d6c6d0.yaml | 8 +
releasenotes/notes/pxe-acl-26f3be809caa0c88.yaml | 4 +
.../notes/releasenote-341a5eebe6168aea.yaml | 13 ++
.../notes/repo-owner-41db02a4d0406a7a.yaml | 4 +
releasenotes/notes/suse-ipxe-ce4f1bf07db78860.yaml | 5 +
...st_vm_network_enable_dhcp-78923ef94b44e6d1.yaml | 11 +
.../notes/tftp-context-6f918743ba9052b0.yaml | 4 +
releasenotes/notes/tls-988e725820bb8aca.yaml | 14 ++
.../transform_boot_image-16fe26bd1a849aa0.yaml | 3 +
releasenotes/notes/validate-261b92bc614f5d4a.yaml | 5 +
.../notes/venv-forever-ba8b85b04a28a293.yaml | 5 +
scripts/env-setup.sh | 45 ++---
scripts/install-deps.sh | 78 +++----
scripts/test-bifrost.sh | 12 +-
tools/ansible-lint.sh | 25 +++
tools/vagrant_dev_env/vagrant.yml | 6 +-
tox.ini | 9 +-
zuul.d/bifrost-jobs.yaml | 42 +++-
zuul.d/project.yaml | 38 +++-
143 files changed, 2198 insertions(+), 1735 deletions(-)
More information about the Release-announce
mailing list