[release-announce] [ironic] ironic-inspector 6.1.0 (queens)

no-reply at openstack.org no-reply at openstack.org
Fri Oct 27 00:52:13 UTC 2017


We are overjoyed to announce the release of:

ironic-inspector 6.1.0: Hardware introspection for OpenStack Bare
Metal

This release is part of the queens release series.

The source is available from:

    http://git.openstack.org/cgit/openstack/ironic-inspector

Download the package from:

    https://tarballs.openstack.org/ironic-inspector/

Please report issues through launchpad:

    http://bugs.launchpad.net/ironic-inspector

For more details, please see below.

6.1.0
^^^^^


New Features
************

* The PXE filter drivers mechanism is now enabled. The firewall-
  based filtering was re-implemented as the "iptables" PXE filter
  driver.

* Adds an API access policy enforcment based on **oslo.policy**
  rules. Similar to other OpenStack services, operators now can
  configure fine-grained access policies using "policy.yaml" file. See
  policy.yaml.sample in the code tree for the list of available
  policies and their default rules. This file can also be generated
  from the code tree with the following command:

     tox -egenpolicy

  See the oslo.policy package documentation for more information on
  using and configuring API access policies.

   (https://git.openstack.org/cgit/openstack/ironic-
  inspector/plain/policy.yaml.sample)
  (https://docs.openstack.org/oslo.policy/latest/)


Upgrade Notes
*************

* Due to the choice of default values for API access policies rules,
  some API parts of the **ironic-inspector** service will become
  available to wider range of users after upgrade:

  * general access to the whole API is by default granted to a user
    with either "admin", "administrator" or "baremetal_admin" role
    (previously it allowed access only to a user with "admin" role)

  * listing of current introspection statuses and showing a given
    introspection is by default also allowed to a user with the
    "baremetal_observer" role

  If these access policies are not appropriate for your deployment,
  override them in a "policy.json" file in the **ironic-inspector**
  configuration directory (usually "/etc/ironic-inspector").

  See the oslo.policy package documentation for more information on
  using and configuring API access policies.

   (https://docs.openstack.org/oslo.policy/latest/)


Deprecation Notes
*****************

* The firewall-specific configuration options were moved from the
  "firewall" to the "iptables" group. All options in the "iptables"
  group are now deprecated.

* The generic firewall options "firewall_update_period" and
  "manage_firewall" were moved under the "pxe_filter" group as
  "sync_period" and "driver=iptables/noop" respectively.


Bug Fixes
*********

* A "version_id" is now explicitly generated during the
  "node_cache.start_introspection/.add_node" call to avoid race
  conditions such as in case of the two concurrent introspection calls
  bug.

   (https://bugs.launchpad.net/ironic-inspector/+bug/1719627)

* The older "ipmi_address" field in the introspection data no longer
  has priority over the newer "bmc_address" inventory field during
  lookup. This fixes lookup based on MAC addresses, when the BMC
  address is reported as "0.0.0.0" for any reason (see bug 1714944
  (https://bugs.launchpad.net/ironic-python-agent/+bug/1714944)).

* Should the "iptables" PXE filter encounter an unexpected exception
  in the periodic "sync" call, the exception will be logged and the
  filter driver will be reset in order to make subsequent "sync" calls
  fail (and propagate the failure, exiting the **ironc-inspector**
  process eventually).


Other Notes
***********

* Allows a periodic task to shut down an **ironic-inspector**
  process upon a failure.

Changes in ironic-inspector 6.0.0..6.1.0
----------------------------------------

d5266f7 Unittest node_info is added with a version_id
65d0213 Clean up release notes before a release
16148bf refer to 'openstack baremetal' CLI in docs
cbf4c39 Updated from global requirements
acb51f6 Support manage_firewall during deprecation period
7b27585 Refactoring the firewall
1689693 Update tests to do not use deprecated test.services()
7dbb7c1 flake8: Enable some off-by-default checks
19c1b8e pep8: Add 'application-import-names = ironic_inspector'
2e25c5e Fix for broken zuul v3 job and releasenotes
660b682 Just "import mock" as it works for Python 2 and 3
198ef70 Add request context and policy enforcement
a65a2ee Properly init config in unit tests
02f38aa Remove SCREEN_LOGDIR from devstack
bc87e6e Updated from global requirements
35f2d8c Make starting state non-reentrant
7625ed6 Use ostestr unit test runner
82000e4 Generate version_id upon add_node
7571be0 Replace the usage of 'admin_manager' with 'os_admin'
30affed Updated from global requirements
adffb3b Updated from global requirements
360b194 Updated from global requirements
776e345 Updated from global requirements
a1d19d9 Do not rely on the older ipmi_address field on lookup
9054402 Updated from global requirements
25929f3 Change example dnsmasq.conf in install doc for uefi
581c40c Allow periodics to terminate inspector
b1c0656 i[Trivialfix]Fix typos in ironic-inspector
94ac873 Updated from global requirements
98019af Release notes: specify pike versions
bc72a69 Imported Translations from Zanata
0ed098a Updated from global requirements
208b66d Remove ensure_logs_exist check during upgrade
021b427 Update reno for stable/pike


Diffstat (except docs and test files)
-------------------------------------

.gitignore                                         |   4 +-
.stestr.conf                                       |   3 +
CONTRIBUTING.rst                                   |   2 -
config-generator.conf                              |   1 +
devstack/example.local.conf                        |   1 -
devstack/upgrade/upgrade.sh                        |   2 -
example.conf                                       |  45 ++-
ironic_inspector/common/context.py                 |  45 +++
ironic_inspector/common/service_utils.py           |  18 +-
ironic_inspector/conf.py                           |  52 ++-
ironic_inspector/dbsync.py                         |   3 +-
ironic_inspector/firewall.py                       | 257 ------------
ironic_inspector/introspect.py                     |  12 +-
ironic_inspector/introspection_state.py            |   1 -
ironic_inspector/main.py                           |  95 +++--
ironic_inspector/node_cache.py                     |   5 +-
ironic_inspector/plugins/standard.py               |   6 +-
ironic_inspector/policy.py                         | 217 ++++++++++
ironic_inspector/process.py                        |   6 +-
ironic_inspector/pxe_filter/base.py                |  21 +-
ironic_inspector/pxe_filter/iptables.py            | 232 +++++++++++
ironic_inspector/test/base.py                      |   9 +-
ironic_inspector/test/functional.py                |   4 +-
ironic_inspector/test/unit/policy_fixture.py       |  40 ++
ironic_inspector/test/unit/test_firewall.py        | 444 ---------------------
ironic_inspector/test/unit/test_introspect.py      |  87 ++--
ironic_inspector/test/unit/test_iptables.py        | 356 +++++++++++++++++
ironic_inspector/test/unit/test_main.py            |   4 +-
ironic_inspector/test/unit/test_node_cache.py      |   3 +
ironic_inspector/test/unit/test_process.py         |  16 +-
ironic_inspector/test/unit/test_pxe_filter.py      |  39 +-
ironic_inspector/test/unit/test_swift.py           |   5 +-
ironic_inspector/test/unit/test_utils.py           |  46 ++-
ironic_inspector/test/unit/test_wsgi_service.py    | 367 +++++++++++++----
ironic_inspector/utils.py                          |  16 +-
ironic_inspector/wsgi_service.py                   |  53 ++-
policy-generator.conf                              |   3 +
policy.yaml.sample                                 |  59 +++
.../add_node-with-version_id-24f51e5888480aa0.yaml |   8 +
...iodics-shutdown-inspector-ac28ea5ba3224279.yaml |   5 +
.../empty-ipmi-address-2-4d57c34aec7d14e2.yaml     |   8 +
.../firewall-refactoring-17e8ad764f2cde8d.yaml     |  20 +
.../notes/policy-engine-c44828e3131e6c62.yaml      |  38 ++
releasenotes/source/index.rst                      |   1 +
.../source/locale/fr/LC_MESSAGES/releasenotes.po   | 110 +++++
releasenotes/source/pike.rst                       |   6 +
requirements.txt                                   |  32 +-
setup.cfg                                          |   5 +
test-requirements.txt                              |  13 +-
tox.ini                                            |  33 +-
60 files changed, 1910 insertions(+), 1033 deletions(-)


Requirements updates
--------------------

diff --git a/requirements.txt b/requirements.txt
index b02ff1b..47efea4 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -4 +4 @@
-automaton>=0.5.0 # Apache-2.0
+automaton>=1.9.0 # Apache-2.0
@@ -10 +10 @@ Flask!=0.11,<1.0,>=0.10 # BSD
-futurist!=0.15.0,>=0.11.0 # Apache-2.0
+futurist>=1.2.0 # Apache-2.0
@@ -13,4 +13,4 @@ jsonpath-rw<2.0,>=1.2.0 # Apache-2.0
-jsonschema!=2.5.0,<3.0.0,>=2.0.0 # MIT
-keystoneauth1>=3.1.0 # Apache-2.0
-keystonemiddleware>=4.12.0 # Apache-2.0
-netaddr!=0.7.16,>=0.7.13 # BSD
+jsonschema<3.0.0,>=2.6.0 # MIT
+keystoneauth1>=3.2.0 # Apache-2.0
+keystonemiddleware>=4.17.0 # Apache-2.0
+netaddr>=0.7.18 # BSD
@@ -21,9 +21,11 @@ pytz>=2013.6 # MIT
-oslo.concurrency>=3.8.0 # Apache-2.0
-oslo.config!=4.3.0,!=4.4.0,>=4.0.0 # Apache-2.0
-oslo.db>=4.24.0 # Apache-2.0
-oslo.i18n!=3.15.2,>=2.1.0 # Apache-2.0
-oslo.log>=3.22.0 # Apache-2.0
-oslo.middleware>=3.27.0 # Apache-2.0
-oslo.rootwrap>=5.0.0 # Apache-2.0
-oslo.serialization!=2.19.1,>=1.10.0 # Apache-2.0
-oslo.utils>=3.20.0 # Apache-2.0
+oslo.concurrency>=3.20.0 # Apache-2.0
+oslo.config>=4.6.0 # Apache-2.0
+oslo.context!=2.19.1,>=2.14.0 # Apache-2.0
+oslo.db>=4.27.0 # Apache-2.0
+oslo.i18n>=3.15.3 # Apache-2.0
+oslo.log>=3.30.0 # Apache-2.0
+oslo.middleware>=3.31.0 # Apache-2.0
+oslo.policy>=1.23.0 # Apache-2.0
+oslo.rootwrap>=5.8.0 # Apache-2.0
+oslo.serialization!=2.19.1,>=2.18.0 # Apache-2.0
+oslo.utils>=3.28.0 # Apache-2.0
diff --git a/test-requirements.txt b/test-requirements.txt
index e54b32e..3c8fca1 100644
--- a/test-requirements.txt
+++ b/test-requirements.txt
@@ -5 +5 @@ coverage!=4.4,>=4.0 # Apache-2.0
-doc8 # Apache-2.0
+doc8>=0.6.0 # Apache-2.0
@@ -7,2 +7,2 @@ flake8-import-order==0.11 # LGPLv3
-hacking<0.13,>=0.12.0 # Apache-2.0
-mock>=2.0 # BSD
+hacking>=1.0.0 # Apache-2.0
+mock>=2.0.0 # BSD
@@ -10,2 +10,3 @@ sphinx>=1.6.2 # BSD
-openstackdocstheme>=1.16.0 # Apache-2.0
-reno!=2.3.1,>=1.8.0 # Apache-2.0
+openstackdocstheme>=1.17.0 # Apache-2.0
+os-testr>=1.0.0 # Apache-2.0
+reno>=2.5.0 # Apache-2.0
@@ -13 +14 @@ fixtures>=3.0.0 # Apache-2.0/BSD
-testresources>=0.2.4 # Apache-2.0/BSD
+testresources>=2.0.0 # Apache-2.0/BSD






More information about the Release-announce mailing list