Xena Series (11.0.0 - 11.2.x) Release Notes¶
11.2.2-7¶
Deprecation Notes¶
Support for Fedora is no longer tested in the CI and will be removed fromthe code in the near future.
11.2.2¶
Bug Fixes¶
Password files (
htpasswd) are no longer world-readable.
Fixes the Bifrost inventory plugin to not set the
network_interfacevariable since it conflicts with the Bifrost’s variable with a differentmeaning.
Ironic Prometheus Exporter is now run as the
ironicuser, not as root.
Fixes
bifrost-configdrives-dynamicandbifrost-deploy-nodes-dynamicwhenuuidis not set in the inventory file.
11.2.1¶
Bug Fixes¶
Fixed an outdated grub and shim efi binaries path for Red Hat to to beunder
EFI/redhat.
Fixes the iptables rule for PXE on systems not using firewalld (useport UDP/67 and UDP/69 instead of TCP/68 and TCP/69).
11.2.0¶
New Features¶
Adds support for using dnsmasq as a DHCP relay target via the new
dhcp_pool_maskparameter.
Automatically configures
enabled_raid_interfacesbased on theenabled_hardware_types.
Adds support for manually specified enabled raid interfaces via the new
enabled_raid_interfacesparameter.
Supports customizing the TFTP directory via the new parameter
tftp_boot_folder.
Adds a new role
bifrost-uwsgi-installencapsulating uWSGI configurationlogic.
Virtual media images are now protected by TLS when TLS support is enabled.
Known Issues¶
Fedora 34 cryptography settings may prevent it from logging into CirrOSvia SSH. CirrOS images should not be used in production. If this problemaffects your development environment, temporary lower the cryptographyprofile:
sudoupdate-crypto-policies--setLEGACY
Upgrade Notes¶
Fedora 34 is now tested in the CI. Fedora 32 and newer should work, butare not tested any more.
The
adminKeystone endpoint will be upgraded from using port 35357(a separate admin API) to use port 5000 (the default Identity API).
Switches TFTP handling from Xinetd to dnsmasq, which must be enabled forTFTP boot to work.
Keystone services are now run as separate systemd services
uwsgi@keystone-publicanduwsgi@keystone-admin. The standaloneuwsgiservice is no longer used and is disabled on upgrade.
If
enable_tlsistrue, virtual media images for Redfish,iDRAC-Redfish and iLO are now served via TLS using the Ironic’sTLS certificate. If this is not desired, set the new optionvmedia_enable_tlstofalse.The new server’s port can be configured via the new
file_url_port_tlsoption.
Deprecation Notes¶
The separate Keystone admin API (served at port 35357) is deprecated andwill be removed in a future release. Please update your applications torefer to port 5000 only for Keystone operations.
Bug Fixes¶
When
copy_from_local_pathis used, destination path is removed onupgrade before copying.
Fixes Fedora 34 support by switching from the removed Xinetd todnsmasq for TFTP boot.
Fixes support for TLS
ca_certand other current authenticationparameters in theos_ironic_node_infomodule. The implementation usesutilities from the OpenStack Ansible collection.
Other Notes¶
Moves the generic code for managing Nginx into a new role
bifrost-nginx-install.
