[release-announce] bifrost 13.0.0 (yoga)
no-reply at openstack.org
no-reply at openstack.org
Mon Feb 28 13:56:46 UTC 2022
We are pleased to announce the release of:
bifrost 13.0.0: Deployment of physical machines using OpenStack Ironic
and Ansible
This release is part of the yoga release series.
The source is available from:
https://opendev.org/openstack/bifrost
Download the package from:
https://tarballs.openstack.org/bifrost/
Please report issues through:
https://storyboard.openstack.org/#!/project/openstack/bifrost
For more details, please see below.
13.0.0
^^^^^^
New Features
************
* Adds support for setting root filesystem's UUID that can be
deployed on top of software RAID based root disk device.
* Bifrost now starts a single Ironic process rather than separate
API and conductor.
* The "bifrost-cli install" command now generates an environment
file ("bifrost-install-env.json" by default, can be changed with the
"-- output" argument) with the variables used during installation.
* Adds basic support for running bifrost on CentOS Stream 9.
* Add a boolean variable "enable_epel" that allows to enable the
epel repository for CentOS Stream 8/9. Since we need that only when
building a debian-based IPA image, the default value is set to
"install_dib" and its installation depends on the value of the
dib_os_element used.
* TLS (when enabled) is now handled by Nginx in proxy mode rather
than services themselves.
Known Issues
************
* A bug in the upgrade logic could leave the old "ironic-api" and
"ironic-conductor" services running. It has been fixed, but if you
have already upgraded to an affected version, you need to stop the
services manually using "systemctl".
Upgrade Notes
*************
* On upgrade, the existing API and conductor services will be
disabled and a single combined "ironic" process will be started
instead.
* In your inventory files, please remove sub-sections "power",
"console" and "management" from "driver_info". Instead, just place
all fields under "driver_info" directly.
* Removes the deprecated Ansible module "os_ironic_facts".
* JSON RPC is now available only on localhost and without TLS. If
you need it exposed to the network (i.e. you're using Bifrost in a
multi-node setting), set "expose_json_rpc" to "true".
* The location of the HTTP boot directory has been changed to
"/var/lib/ironic/httpboot". Please avoid running cleanings or
deployments during the upgrade, otherwise PXE booting may fail until
Ironic rebuilds the iPXE configuration.
Any custom images will not be migrated from the old location
"/httpboot", please migrate them manually if needed. You may remove
the old location after the upgrade.
* TinyIPA (an IPA image based on TinyCoreLinux) is no longer used by
default. Instead, a CentOS image published by the Ironic community
(https://tarballs.opendev.org/openstack/ironic-python-
agent/dib/files/) is used, unless "use_tinyipa" is set to "true".
The TinyIPA image is much lighter, but is not suitable for real bare
metal machines because of lack of drivers.
* The location of the PXE boot directory has been changed to
"/var/lib/tftpboot".
* Modification to the Bifrost virtual environment
("/opt/stack/bifrost" by default) will now need "sudo" as the
directory is now owned by root.
* The deprecated and non-functioning variable "ANSIBLE_INSTALL_ROOT"
is no longer supported.
Deprecation Notes
*****************
* CentOS Stream 8 and Python 3.6 support is now deprecated and will
be best-effort starting with the Z cycle.
Bug Fixes
*********
* Bifrost no longer defaults to using sub-sections "power",
"console" and "management" under "driver_info" in inventory.
* Password files ("htpasswd") are no longer world-readable.
* Makes sure the image cache directories are on the same filesystem
as the PXE/HTTP directories to avoid the "Invalid cross-device link"
error.
* The keystone configuration is no longer world-readable.
* The keystone process now runs as the "keystone" user, not as the
nginx user.
* The TFTP and HTTP directories are no longer world-readable by
default. Set "boot_folder_permissions" to override.
* Ironic Prometheus Exporter is now run as the "ironic" user, not as
root.
* Ironic Prometheus Exporter, Ironic Inspector, Staging Drivers and
Keystone are no longer cloned if they are not enabled.
* Actually respects the "prometheus_exporter_source_install"
variable.
* The Bifrost virtual environment ("/opt/stack/bifrost" by default)
is no longer owned (and thus writable) by the regular user that
started the installation.
Changes in bifrost 12.0.0..13.0.0
---------------------------------
bb43fd8b Fix dib ipa jobs
9941e443 CI: properly report failures in the upgrade job
72ee1ff4 Only remove old services after they are stopped
629bf522 Update /etc/keystone ownership on upgrade from Xena
2d5026da CI: properly publish artifacts for the upgrade job
6323ae77 Revert "Install libvirt-python from source instead of a wheel"
f2825ad1 Enable epel repository only when needed
909c0405 Add dhcp, vmedia and dibipa CentOS Stream 9 jobs
6a10fcd2 CI: store bifrost.log as a Zuul artifact
7307ba28 Use Type=notify in systemd units for services
fa3c10c0 bindep: don't try to install epel-release on fedora
1f0662bc Remove deprecated os_ironic_facts
73df7ea1 Stop using sub-sections of driver_info
4cb0395d Make virtual environment owned by root
1cb49d7a Clean up the new architecture docs
ba2d0a40 Do not clone repositories that are not used
d2897574 Add CentOS Stream 9 keystone integration job
96ff3df0 Do not run ironic-prometheus-exporter as root
77f45dd3 Tighten permissions on keystone directories
f23369c2 Start Bifrost Architecture documentation
fc2e9e1c Change the TFTP directory to /var/lib/tftpboot
3cb96f1b Tighten permissions for PXE directories
786f8e10 Do not make password files world-readable
747d7750 Follow up to "Run bifrost on CentOS Stream 9"
03b56cf5 Run bifrost on CentOS Stream 9
9b83665d Generate an environment file during bifrost-cli install
40842895 Clean up the "How to" documentation
779e4d8a Move /httpboot to /var/lib/ironic
efe81e99 Remove configuration for ironic-agent element
eed8f33a Install pip package in dib based images
30ea9714 Change the default image to a DIB-built one
f284b98d [trivial] add python 3.9 in classifier
5bb8253d Use "none" RPC by default, disable JSON RPC
ea2d2a37 Use the combined Ironic service instead of API+conductor
f30cc865 Terminate TLS on Nginx
3b613719 Stop exposing JSON RPC to the whole network
b8833c5a Add support for root filesystem UUID customisation
Diffstat (except docs and test files)
-------------------------------------
.gitignore | 1 +
ansible-collections-requirements.yml | 2 +-
bifrost/cli.py | 31 +++-
bifrost/inventory.py | 14 +-
bindep.txt | 4 +-
playbooks/ci/post.yaml | 20 +++
playbooks/ci/upgrade.yaml | 14 +-
playbooks/install.yaml | 1 +
playbooks/inventory/baremetal.json.example | 26 ++-
playbooks/inventory/baremetal.yml.example | 24 ++-
playbooks/inventory/group_vars/baremetal | 2 +-
playbooks/inventory/group_vars/localhost | 2 +-
playbooks/inventory/group_vars/target | 2 +-
playbooks/library/os_ironic_facts.py | 1 -
playbooks/library/os_ironic_node_info.py | 14 +-
.../bifrost-configdrives-dynamic/defaults/main.yml | 2 +-
.../bifrost-create-dib-image/defaults/main.yml | 1 +
.../roles/bifrost-create-dib-image/tasks/main.yml | 5 -
.../defaults/required_defaults_CentOS.yml | 1 -
.../bifrost-create-vm-nodes/tasks/create_vm.yml | 17 +-
.../roles/bifrost-create-vm-nodes/tasks/main.yml | 6 +
.../tasks/prepare_libvirt.yml | 12 +-
.../templates/redfish-emulator.service.j2 | 2 +-
.../roles/bifrost-deploy-nodes-dynamic/README.md | 15 +-
.../bifrost-deploy-nodes-dynamic/defaults/main.yml | 2 +-
.../bifrost-deploy-nodes-dynamic/tasks/main.yml | 1 +
.../roles/bifrost-ironic-install/defaults/main.yml | 10 +-
.../bifrost-ironic-install/tasks/bootstrap.yml | 68 ++++---
.../tasks/create_tftpboot.yml | 20 ++-
.../tasks/inspector_bootstrap.yml | 20 ++-
.../roles/bifrost-ironic-install/tasks/install.yml | 33 +++-
.../roles/bifrost-ironic-install/tasks/start.yml | 28 ++-
.../templates/ironic-inspector.conf.j2 | 8 +-
.../ironic-prometheus-exporter.service.j2 | 4 +-
.../templates/ironic.conf.j2 | 18 +-
.../templates/nginx_conf.d_bifrost-ironic.conf.j2 | 35 ++++
.../templates/systemd_template.j2 | 9 +-
.../bifrost-keystone-install/defaults/main.yml | 5 -
.../files/keystone_policy.te | 3 +
.../bifrost-keystone-install/tasks/bootstrap.yml | 17 +-
.../templates/uwsgi-keystone.ini.j2 | 1 +
.../bifrost-prep-for-install/defaults/main.yml | 11 +-
.../roles/bifrost-prep-for-install/tasks/main.yml | 4 +
.../tasks/main.yml | 9 +
.../bifrost-uwsgi-install/tasks/bootstrap.yml | 8 +
.../templates/uwsgi at .service.j2 | 5 +-
playbooks/roles/ironic-enroll-dynamic/README.md | 18 +-
.../roles/ironic-enroll-dynamic/tasks/main.yml | 3 +-
...d-support-for-rootfs-uuid-9c332327954f7580.yaml | 5 +
releasenotes/notes/allinone-5fc5355f46192351.yaml | 9 +
.../bifrost-install-env-c424fe35422ca815.yaml | 6 +
releasenotes/notes/centos9-16c9853d1dd0554b.yaml | 8 +
.../notes/conditional-epel-b52ad3ad29f195f5.yaml | 8 +
.../notes/driver-info-5281b1ec920bd44d.yaml | 10 ++
releasenotes/notes/facts-1a84f77291c7d39d.yaml | 4 +
.../notes/global-rpc-b399d65310367951.yaml | 6 +
.../notes/htpasswd-perm-7754c0be7cc676e1.yaml | 4 +
releasenotes/notes/httpboot-f3891f6343c96914.yaml | 15 ++
.../notes/keystone-perm-4ce28fff2edd677a.yaml | 7 +
.../libvirt-not-importable-c8e88a8ef11a1f09.yaml | 5 -
.../notes/nginx-proxy-a4aa77ff045060be.yaml | 5 +
.../notes/no-tinyipa-8d18f3b21dbb9fe9.yaml | 10 ++
releasenotes/notes/perm-8b4236c6eddf1f1f.yaml | 5 +
.../notes/prometheus-user-e75a43f1b13e0049.yaml | 4 +
.../notes/service-upgrade-54fda4d86e9d7575.yaml | 7 +
releasenotes/notes/tftpboot-b7f448c1eb0b8187.yaml | 5 +
.../notes/unused-repos-af1949f7bbeca5e6.yaml | 7 +
.../notes/venv-owner-30669e2f5cffef2f.yaml | 13 ++
scripts/collect-test-info.sh | 13 +-
scripts/env-setup.sh | 22 +--
scripts/install-deps.sh | 12 +-
scripts/test-bifrost.sh | 12 +-
setup.cfg | 1 +
tools/vagrant_dev_env/Vagrantfile | 14 +-
tools/vagrant_dev_env/vagrant.yml | 4 -
zuul.d/bifrost-jobs.yaml | 37 +++-
zuul.d/project.yaml | 12 +-
86 files changed, 948 insertions(+), 333 deletions(-)
More information about the Release-announce
mailing list