[release-announce] ironic-python-agent 6.5.0 (wallaby)
no-reply at openstack.org
no-reply at openstack.org
Wed Dec 30 13:30:42 UTC 2020
We are stoked to announce the release of:
ironic-python-agent 6.5.0: Ironic Python Agent Ramdisk
This release is part of the wallaby release series.
The source is available from:
https://opendev.org/openstack/ironic-python-agent
Download the package from:
https://tarballs.openstack.org/ironic-python-agent/
Please report issues through:
https://storyboard.openstack.org/#!/project/openstack/ironic-
python-agent
For more details, please see below.
6.5.0
^^^^^
New Features
************
* Adds UUID of the disks to the inventory of block devices that is
collected during inspection.
* Adds the ability to bring up VLAN interfaces and include them in
the introspection report. A new kernel params field is added -
"ipa- enable-vlan-interfaces", which defines either the VLAN
interface to enable, the interface to use, or 'all' - which
indicates all interfaces. If the particular VLAN is not provided,
IPA will use the LLDP information for the interface to determine
which VLANs should be enabled. See story 2008298
(https://storyboard.openstack.org/#!/story/2008298).
* Adds a clean step to erase the Linux kernel's pstore. The step is
disabled by default.
* Adds an configuration option which can be encoded into the ramdisk
itself or the PXE parameters being provided to instruct the agent to
ignore bootloader installation or configuration failures. This
functionality is useful to work around well-intentioned hardware
which is auto-populating all possible device into the UEFI nvram
firmware in order to try and help ensure the machine boots. Except,
this can also mean any explict configuration attempt will fail.
Operators needing this bypass can use the "ipa-ignore-bootloader-
failure" configuration option on the PXE command line or utilize the
"ignore_bootloader_failure" option for the Ramdisk configuration. In
a future version of ironic, this setting may be able to be overriden
by ironic node level configuration.
* Deployers in highly-secure environments can now manually set
Ironic API version instead of relying on unauthenticated
autodetection via the "ipa-ironic-api-version" on the kernel command
line. This is not a recommended configuration.
* For Software RAID, the IPA will use partition LABEL along with
UUID and PARTUUID passed from the conductor to identify the root
partition. The root file system LABEL can be set as value of the
"rootfs_uuid" image metadata property.
Security Issues
***************
* If enabled, the new clean step 'erase_pstore' removes all pstore
entries (the oops/panic logs from a failing kernel) upon cleaning.
This is to reduce the risk that potentially sensitive data is
preserved across instantiations (and therefore different users) of a
bare metal node.
Bug Fixes
*********
* Fixes an issue where intermittent or transitory connection issues
can cause inspection to fail. The ramdisk now retries to report to
inspector a total of five times.
* The system file system configuration file for Linux machines, the
"/etc/fstab" file is now updated to include a reference to the EFI
partition in the case of a partition image base deployment. Without
this reference, images deployed using partition images could end up
in situations where upgrading the bootloader could fail.
* Automatically generated TLS certificates now have their validity
starting in the past (1 hour by default) to allow for clock skew.
* Fixes the agent process for determining what partition label type
to utilize when writing partition images. In many cases, this could
fallback to "msdos" if the instance flavor was not properly labeled.
* Fixes issue where the running system operating mode was not taken
into account when writing partition images. The agent now utilises a
helper instead of explicitly expecting the flavor derived
information to supply all deployment context.
* Fixes an issue where deployments of Fedora or Centos can hang when
using grub2 with the execution of the "grub2-mkconfig" command not
returning before the deployment process times out. This is because
"grub2-mkconfig" triggers "os-prober" which can take an extended
period of time to evaluate additional unrelated devices for dual-
boot scenarios. Since operators are not dual booting their machines
enrolled in ironic, it seems like an un-necessary scan and has thus
been disabled.
* Correctly decodes error messages from ironic API.
* The "mdadm" utility is no longer a hard requirement. It's still
required if software RAID is used (even when not managed by ironic).
* Fixes the "write_image" deploy step to actually check and return
any errors during its execution.
* Fixes the agent's EFI boot handling such that EFI assets from a
partition image are preserved and used instead of overridden. This
should permit operators to use Secure Boot with partition images IF
the assets are already present in the partition image.
* Upon the creation of Software RAID devices, component devices are
sometimes kicked out immediately (for no apparent reason). This fix
re-adds devices in such cases in order to prevent the component to
be missing next time the device is assembled, which, for instance
may prevent the UEFI ESPs to be installed properly.
* Avoids a traceback when using "install_bootloader" with whole disk
images. If the root UUID cannot be detected, don't try to call grub.
Other Notes
***********
* Agent configuration files found on attached virtual media or
config drive devices are now copied to the ramdisk and loaded on
start up.
Changes in ironic-python-agent 6.4.0..6.5.0
-------------------------------------------
4fb8163 Fix boot mode detection for partition images
246e0cf Change default ironic_lib invocation to flag local booting
a12a574 Add fstab pointer to EFI partition
d69f12e Handle situation when a configdrive is already mounted
78b356c Remove lower-constraints job
88621e1 Avoid a full install in tox environments that do not need it
f9870d5 Prevent broken partition image UEFI deploys
cb6c005 Fix default disk label with partition images
67ee667 Upgrade version of doc8
557293c Generate TLS certificates with validity time in the past
7a83773 Option to enable bootloader config failure bypass
c327735 Fix lower-constraints with the new pip resolver
53dbc87 Correctly decode error messages from ironic API
b9b67fa Copy any configuration from the virtual media
ab8dee0 Make mdadm a soft requirement
6e3f28d Bring up VLAN interfaces and include in introspection report
60900d4 Reuse the docs deps to benefit from constraints
92e26b0 Add clean step 'erase_pstore'
3761a44 Fix vendor info retrieval for some versions of lshw
19c1a73 Remove the unused coding style modules
c7858d3 Add UUID to BlockDevice object
c585603 Log configuration options on start-up
448ded4 Fix physical memory calculation with new lshw
35d412e Updated Implementation of string interpolation delay on LOG messages
694ea74 Support using LABEL as identifier for rootfs
24a4b13 Use TOX_CONSTRAINTS_FILE
3a46586 Add example for custom disk erasure
066a96a Follow-up to API version setting
c3ab4a7 Remove nodeset option
1f15a10 Run dib ipa src jobs on ubuntu focal
a67807b Mark standalone job non-voting/remove from gate
8057556 Allow manual setting of Ironic API Version
71b6abc update lower-constraints.txt
6542a9c Don't run os-prober from grub2-mkconfig
7bcddee Set safe version of hacking
c7f6baf [trivial] Remove redundant list conversion
420ebc0 Do not silently swallow errors in the write_image deploy step
62672de Reduce the duration of retries in the inspector tests
1a67ddd Log a warning of target_boot_mode does not match current boot mode
fc4e0ee Don't try to call GRUB when root UUID is not provided
5c99f60 Use focal for tinyipa src jobs used by ipa-builder
13de98b Use bionic nodeset for DIB centos src jobs
253b488 Software RAID: Re-add missing devices
3ddca46 Add Python3 wallaby unit tests
fb45e58 Update master for stable/victoria
bb27bad Add basic retries for inspection
Diffstat (except docs and test files)
-------------------------------------
examples/README.rst | 9 +
examples/custom-disk-erase/example_disk_eraser.py | 59 ++
examples/custom-disk-erase/setup.cfg | 20 +
examples/custom-disk-erase/setup.py | 6 +
ironic_python_agent/api/app.py | 2 -
ironic_python_agent/cmd/agent.py | 13 +
ironic_python_agent/config.py | 36 +-
ironic_python_agent/extensions/base.py | 11 +
ironic_python_agent/extensions/image.py | 398 +++++++--
ironic_python_agent/extensions/standby.py | 11 +-
ironic_python_agent/hardware.py | 268 ++++--
ironic_python_agent/inspector.py | 20 +-
ironic_python_agent/ironic_api_client.py | 67 +-
ironic_python_agent/netutils.py | 117 +++
ironic_python_agent/tls_utils.py | 18 +-
ironic_python_agent/utils.py | 125 ++-
lower-constraints.txt | 93 --
.../add-block-device-uuid-c8b38264e1688110.yaml | 5 +
.../add-inspection-retry-1d385f69607c1452.yaml | 6 +
.../add-vlan-interfaces-cdfeb39d0f3d444d.yaml | 12 +
.../notes/add_erase_pstore-b109c58ed8f5d351.yaml | 11 +
...all-failure-to-be-ignored-b99667b13afa9759.yaml | 15 +
...nd-efi-partition-to-fstab-e9f945a4dd19bd7a.yaml | 8 +
.../notes/clock-skew-1fbf542b193cec17.yaml | 5 +
...n-of-partition-table-type-3c78bf78266e8cef.yaml | 6 +
...mode-for-partition-images-f96cf2b3c27b6533.yaml | 7 +
...edora-grub2-mkconfig-hang-fe22cde231994044.yaml | 11 +
.../notes/ironic-error-97e76d9ddacff039.yaml | 4 +
...figure-ironic-api-version-517afd0a423036ad.yaml | 7 +
releasenotes/notes/mdadm-d5b8c186182620b1.yaml | 5 +
.../notes/prepare-image-49744276cef719d5.yaml | 5 +
...serve-efi-folder-contents-ea1e278b3093ec55.yaml | 7 +
.../notes/readd_missing_devs-2ed85805388b6e42.yaml | 8 +
...-use-label-as-rootfs-uuid-d9a3827180f1a238.yaml | 6 +
.../notes/vmedia-copy-6a58f3183b166c42.yaml | 5 +
.../notes/whole-disk-grub-0b1b8b9c44e31d28.yaml | 5 +
releasenotes/source/index.rst | 1 +
releasenotes/source/victoria.rst | 6 +
test-requirements.txt | 6 +-
tox.ini | 25 +-
zuul.d/ironic-python-agent-jobs.yaml | 21 +-
zuul.d/project.yaml | 14 +-
53 files changed, 2842 insertions(+), 464 deletions(-)
Requirements updates
--------------------
diff --git a/test-requirements.txt b/test-requirements.txt
index d07515f..339b33c 100644
--- a/test-requirements.txt
+++ b/test-requirements.txt
@@ -4 +4 @@
-hacking>=3.1.0,<3.2.0 # Apache-2.0
+
@@ -9,2 +8,0 @@ stestr>=1.0.0 # Apache-2.0
-bashate>=0.5.1 # Apache-2.0
-flake8-import-order>=0.17.1 # LGPLv3
@@ -13,2 +10,0 @@ bandit!=1.6.0,>=1.1.0,<2.0.0 # Apache-2.0
-# Doc test requirements
-doc8>=0.6.0 # Apache-2.0
More information about the Release-announce
mailing list