We eagerly announce the release of: ironic-inspector 10.2.0: Hardware introspection for OpenStack Bare Metal This release is part of the victoria release series. The source is available from: https://opendev.org/openstack/ironic-inspector Download the package from: https://tarballs.openstack.org/ironic-inspector/ Please report issues through: https://storyboard.openstack.org/#!/project/944 For more details, please see below. 10.2.0 ^^^^^^ New Features ************ * Adds the ability for periodic clean-up and synchronization tasks with "ironic" to be able to be disabled by setting the "[DEFAULT]clean_up_period" to a value of "0". This is intended for "stand-alone" operators only as it may result in unexpected behaviors if used in a non-standalone environment. * Adds a new configuration option "[discovery]enroll_node_fields" that specifies additional fields to set on a node (e.g. driver interfaces). * Enable Basic HTTP authentication middleware. When the config option "[DEFAULT]auth_strategy" is set to "http_basic" then non-public API calls require a valid HTTP Basic authentication header to be set. The config option "[DEFAULT]http_basic_auth_user_file" defaults to "/etc/ironic- inspector/htpasswd" and points to a file that supports the Apache htpasswd syntax[1]. This file is read for every request, so no service restart is required when changes are made. The only password digest supported is bcrypt, and the "bcrypt" python library is used for password checks since it supports "$2y$" prefixed bcrypt passwords as generated by the Apache htpasswd utility. To try basic authentication, the following can be done: * Set "/etc/ironic-inspector/inspector.conf" "[DEFAULT]auth_strategy" to "http_basic" * Populate the htpasswd file with entries, for example: "htpasswd -nbB myName myPassword >> /etc/ironic-inspector/htpasswd" * Make basic authenticated HTTP requests, for example: "curl --user myName:myPassword http://localhost:6385/v1/introspection" [1] https://httpd.apache.org/docs/current/misc/password_encryptions.html * Adds periodic leader election for the cleanup sync with Ironic. The election interval is configured by the new "leader_election_interval" config option. * Adds a configuration option "[processing]update_pxe_enabled" to control whether the pxe_enabled should be updated according to introspection data for ports. The default value is True which is backwards compatible. Upgrade Notes ************* * Remove upper constraint for python construct library and use the latest version available. The minimum compatible version for python construct is now 2.9.39 * The raw data from the "extra_hardware" processing hook is no longer stored in Swift in an object named "extra_hardware-<node UUID>". The same information is already available as part of the unprocessed introspection data without a hard dependency on Swift. Deprecation Notes ***************** * The deprecated "[swift]max_retries" parameter has been removed. Bug Fixes ********* * Fixes an issue where IPv6 link local addresses are ignored during interface validation, making introspection fail. * Fixes "AttributeError: 'Node' object has no attribute 'uuid'" when trying to introspect an active node that is not currently in the cache. * No longer aborts the whole process if one periodic task fails. * Fixes accessing API endpoints with trailing slashes. Now they're treated the same way as without slashes, although the latter remain canonical URLs. * No longer uses introspection delay for nodes with "manage_boot==False" (i.e. boot is managed by ironic). It is useless and may actually break introspection if a node boots before it gets whitelisted in the PXE filter. * The introspection start API is now synchronous when "manage_boot==False". This means that any failures will be propagated to ironic, preventing it from powering a node on and booting it without the PXE filter updated. Changes in ironic-inspector 10.1.0..10.2.0 ------------------------------------------ b1e79e0 Add release version to release notes 06390e3 Use node.id instead of node.uuid in record_node 79878d7 Prepare release notes for release 10.2 0d20064 Add leader election for periodic sync with ironic 2f828ae Allow operators to disable clean_up sync f78229f Allow setting other fields on discovery 2532be9 Document [ironic] auth options for inspector b31888a Fix incorrect pxe-enabled was set during introspection f416673 Merge jobs 610228a Imported Translations from Zanata 7166617 Accept IPv6 link local address during interface validation 463cc07 Remove cimc_address from address field list 2b87caa CI: make grenade voting again 47315f9 devstack: Use uwsgi binary from path; temporary disable grenade 52138f2 Update doc for multi-arch x86 80167d4 Use unittest.mock instead of mock 6175bc4 [doc] Add misconfigured BMC channel to trouble shooting guide 196c019 Enable Basic HTTP authentication middleware. 7470320 Remove introspection timeout option 5004f93 Update lower-constraints.txt 542db84 Set default timeouts for ironic inspector base job 5960cde Cap jsonschema 3.2.0 as the minimal version 5d61513 Add py38 package metadata 06ee500 Set tempest_test_timeout for managed job c2224fd Bump hacking min version to 3.0.1 68ab6a0 Switch to newer openstackdocstheme and reno versions 0a037c5 Increase timeout for introspection in ironic-inspector-tempest-managed 9951b72 Imported Translations from Zanata c044ebd extra_hardware: stop storing raw data in swift b9f1746 Stop configuring install_command in tox. 721bd81 Use latest version of python construct 1818bda Remove translation sections from setup.cfg 5ccef9c Treat endpoints with trailing slashes the same way as without them 9643451 Stop creating a green thread in the introspection unit tests f3e27c1 Make POST /v1/introspection synchronous when manage_boot==False 3d1bf55 Avoid using introspection start delays with non-managed boot b5d3214 Convert jobs to dib a7ef716 Revert disabling the grenade job edfec4c Temporary disbling grenade and non-standalone-tempest 6ba9e00 [docs] remove the horribly outdated version support matrix bb71167 Fix grenade job a02fcd1 Add variable to set inspection timeout in tempest tests fe15db0 Silence debug logging from oslo_messaging 8a02e5a Stop running a periodic task for the noop PXE filter 6e38eff Stop aborting the process on periodic task failures 1b972c7 Monkey patch original current_thread _active 8211ab4 Update local.conf example file. 84c47d9 Cleanup deprecated [swift]max_retries 41b3323 [trivial] Remove duplicate entry in lldp test d580714 Remove testresources and testscenarios from test-requirements cee5922 Hacking: enforce usage of autospec=True in tests c4a057c Imported Translations from Zanata a5a81cf Add Python3 victoria unit tests 3c23ad1 Update master for stable/ussuri 61cd2af Upgrade flake8-import-order version to 0.17.1 773b199 No need to import print function anymore Diffstat (except docs and test files) ------------------------------------- api-ref/source/conf.py | 36 +--- babel.cfg | 1 - devstack/example.local.conf | 60 ++++--- devstack/plugin.sh | 6 +- ironic_inspector/cmd/__init__.py | 6 + ironic_inspector/cmd/migration.py | 2 - ironic_inspector/common/coordination.py | 35 ++++ ironic_inspector/common/lldp_parsers.py | 13 +- ironic_inspector/common/lldp_tlvs.py | 16 +- ironic_inspector/conductor/manager.py | 95 ++++++---- ironic_inspector/conf/default.py | 32 +++- ironic_inspector/conf/discovery.py | 2 + ironic_inspector/conf/opts.py | 5 +- ironic_inspector/conf/processing.py | 5 + ironic_inspector/conf/swift.py | 3 - ironic_inspector/introspect.py | 42 +++-- .../locale/en_GB/LC_MESSAGES/ironic_inspector.po | 57 ++++-- ironic_inspector/main.py | 27 ++- ironic_inspector/node_cache.py | 5 +- ironic_inspector/plugins/discovery.py | 2 +- ironic_inspector/plugins/extra_hardware.py | 19 -- ironic_inspector/plugins/lldp_basic.py | 1 - ironic_inspector/plugins/local_link_connection.py | 5 +- ironic_inspector/plugins/standard.py | 6 +- ironic_inspector/pxe_filter/base.py | 3 + ironic_inspector/test/functional.py | 43 ++++- ironic_inspector/test/unit/test_common_ironic.py | 6 +- ironic_inspector/test/unit/test_introspect.py | 38 +++- ironic_inspector/test/unit/test_iptables.py | 2 +- ironic_inspector/test/unit/test_main.py | 85 ++++++--- ironic_inspector/test/unit/test_manager.py | 62 ++----- ironic_inspector/test/unit/test_migrations.py | 22 +-- ironic_inspector/test/unit/test_node_cache.py | 13 +- .../test/unit/test_plugins_base_physnet.py | 3 +- .../test/unit/test_plugins_discovery.py | 23 +++ .../test/unit/test_plugins_extra_hardware.py | 73 +------- .../test/unit/test_plugins_lldp_basic.py | 25 ++- .../unit/test_plugins_local_link_connection.py | 3 +- .../test/unit/test_plugins_pci_devices.py | 18 +- .../test/unit/test_plugins_physnet_cidr_map.py | 14 +- .../test/unit/test_plugins_standard.py | 23 +-- ironic_inspector/test/unit/test_process.py | 9 +- ironic_inspector/test/unit/test_pxe_filter.py | 12 +- ironic_inspector/test/unit/test_utils.py | 5 + ironic_inspector/test/unit/test_wsgi_service.py | 10 ++ ironic_inspector/utils.py | 12 +- lower-constraints.txt | 110 ++++++++++-- ...to-turn-off-periodic-sync-5309ff2aa8a9ec14.yaml | 8 + ...accept-link-local-address-1fbb9cbdc3f980bb.yaml | 5 + .../notes/construct-fly-free-fab62c0a5cb71fa5.yaml | 6 + .../notes/enroll-node-fields-3f4e22213fd90307.yaml | 5 + .../extra-hardware-data-2346f0163e4b7699.yaml | 7 + .../notes/http-basic-auth-fbe1da9669f5388c.yaml | 27 +++ .../notes/leader-election-c6692d9962f30ad1.yaml | 6 + releasenotes/notes/node-id-920629472f01c83a.yaml | 5 + releasenotes/notes/periodics-18bf7fb57777c043.yaml | 4 + .../pxe-enabled-for-pxe-a199e81128557bc0.yaml | 6 + ...swift-max-retries-removal-8f3c117240448760.yaml | 4 + .../notes/trailing-slashes-93c2466b71829ec1.yaml | 5 + .../notes/unmanaged-delay-d39871e1346d9448.yaml | 6 + .../notes/unmanaged-result-4de3788e7820e3c5.yaml | 6 + releasenotes/source/conf.py | 9 +- releasenotes/source/index.rst | 1 + .../locale/en_GB/LC_MESSAGES/releasenotes.po | 194 ++++++++++++++++++++- releasenotes/source/train.rst | 6 +- releasenotes/source/ussuri.rst | 6 + requirements.txt | 10 +- setup.cfg | 15 +- test-requirements.txt | 12 +- tox.ini | 4 +- zuul.d/ironic-inspector-jobs.yaml | 38 ++-- zuul.d/project.yaml | 8 +- 76 files changed, 1055 insertions(+), 521 deletions(-) Requirements updates -------------------- diff --git a/requirements.txt b/requirements.txt index 95c0dd4..27b08bb 100644 --- a/requirements.txt +++ b/requirements.txt @@ -5,2 +5,2 @@ automaton>=1.9.0 # Apache-2.0 -alembic>=0.8.10 # MIT -construct<2.9,>=2.8.10 # MIT +alembic>=0.9.6 # MIT +construct>=2.9.39 # MIT @@ -10 +10 @@ futurist>=1.2.0 # Apache-2.0 -ironic-lib>=2.17.0 # Apache-2.0 +ironic-lib>=4.3.0 # Apache-2.0 @@ -12,2 +12,2 @@ jsonpath-rw<2.0,>=1.2.0 # Apache-2.0 -jsonschema>=2.6.0 # MIT -keystoneauth1>=3.14.0 # Apache-2.0 +jsonschema>=3.2.0 # MIT +keystoneauth1>=4.2.0 # Apache-2.0 diff --git a/test-requirements.txt b/test-requirements.txt index ce6c002..be6935d 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -8,3 +8,3 @@ doc8>=0.6.0 # Apache-2.0 -flake8-import-order>=0.13 # LGPLv3 -hacking>=3.0.0,<3.1.0 # Apache-2.0 -sphinx!=1.6.6,!=1.6.7,>=1.6.2 # BSD +flake8-import-order>=0.17.1 # LGPLv3 +hacking>=3.0.1,<3.1.0 # Apache-2.0 +sphinx>=2.0.0,!=2.1.0 # BSD @@ -13 +13 @@ sphinxcontrib-apidoc>=0.2.0 # BSD -openstackdocstheme>=1.31.2 # Apache-2.0 +openstackdocstheme>=2.2.0 # Apache-2.0 @@ -17 +17 @@ stestr>=1.0.0 # Apache-2.0 -reno>=2.5.0 # Apache-2.0 +reno>=3.1.0 # Apache-2.0 @@ -19,2 +18,0 @@ fixtures>=3.0.0 # Apache-2.0/BSD -testresources>=2.0.0 # Apache-2.0/BSD -testscenarios>=0.4 # Apache-2.0/BSD