[release-announce] ironic-python-agent 6.1.0 (ussuri)

We are stoked to announce the release of:

ironic-python-agent 6.1.0: Ironic Python Agent Ramdisk

This release is part of the ussuri stable release series.

The source is available from:

https://opendev.org/openstack/ironic-python-agent

Download the package from:

https://tarballs.openstack.org/ironic-python-agent/

Please report issues through:

https://storyboard.openstack.org/#!/project/openstack/ironic- python-agent

For more details, please see below.

6.1.0 ^^^^^

New Features ************

* Adds support for the agent to receive, store, and return an "agent token" from the Ironic deployment to help secure use of the ironic API "/v1/heartbeat" endpoint, as well as the API of the ironic- python-agent ramdisk.

* Target devices for software RAID can now be specified in the form of device hints (same as for root devices) in the "physical_disks" parameter of a logical disk configuration.

* Adds a feature where IPA will utilize a "[DEFAULT]ntp_server" or "ipa-ntp-server" kernel command line argument to cause the agent to attempt to sync the clock to the NTP source. The agent also attempts to sync the software clock to the NTP time source, and assert an update to the hardware clock prior to powering the machine off. Please note, if your system clock is set to local time as opposed to UTC, this may result in undesirable behavior.

* Adds UEFI boot support for Software RAID, and for partition table creation based upon boot mode in use.

Upgrade Notes *************

* The minimum supported versions of the ironic API is now 1.31, corresponding to the latest available in the Ocata release. All versions before that one are not supported anymore.

* The type of the partition table created for Software RAID is now based upon the boot mode in use (GPT for UEFI or if explicitly passed via the instance's capabilities or the node's properties, otherwise MSDOS). The amount of reserved space on the drives now also depends on the boot mode (128MiB for UEFI/GPT, 8MiB for BIOS/GPT, and one sector otherwise).

Security Issues ***************

* The salt was generated using random and the module it's not in compliance with FIPS 140-2. Now we let the salt be automatically generated by the crypt function (it will use the strongest method available).

Bug Fixes *********

* Fixes an issue with deployment ramdisks running in UEFI boot mode where dual-boot images may cause the logic to prematurely exit before UEFI parameters can be updated. Internal checks for a BIOS bootloader will always return "False" now when the machine is in UEFI mode.

* Fixes an issue where secondary GPT partition tables were not being updated after the "ironic-python-agent" wrote the disk image to the target disk. The agent now unconditionally attempts to repair the secondary partition table. Previously, software RAID volumes would report errors upon restart.

* Fixes error handling if efibootmgr is not present in ramdisk. See story (https://storyboard.openstack.org/#!/story/2007324) for more details.

* Provides timeout and retries when establishing a connection to download an image in the "standby" extension. Reduces probability of an image download getting stuck in the event of network problems.

The default timeout is 60 seconds and can be set via the "ipa-image- download-connection-timeout" kernel parameter. The default number of retries is 2 and can be set via the "ipa-image-download-connection- retries" parameter.

* Fixes risk of potential active node thundering heard by introducing jitter handling into the "ironic-collect-introspection- data". By default, the jitter will cause the "introspection_daemon_post_interval" configuration parameter based time value to be honored between in a range of 70% to 120% of the desired time window.

Should failures occur after the initial connection and start of the daemon mode for introspection data collection, the fallback is a maximum of 400% of the introspection daemon post interval.

* The salt now will be automatically generated by the crypt function.

* Rescans partitions on a software RAID device that gets restarted when installing boot loader.

* Fixes an issue where the agent was failing to rescan the device deployed upon before checking uefi contents. This would occur with an iSCSI based deployment, as partition management operations are performed by the conductor, and not locally.

* No longer tries to use GRUB2 for configuring boot for whole disk images with an EFI partition present but only marked as "boot" (not "esp").

Changes in ironic-python-agent 6.0.0..6.1.0 -------------------------------------------

8adb7e1 Add timeout and retries when connection to an image server 8a9df0b Upgrade flake8-import-order version to 0.17.1 896f389 Mock get_node_boot_mode in software RAID unit tests c050264 Add raid.apply_configuration deploy step 5589b05 Use unittest.mock instead of third party mock 2039a5d Stop configuring install_command in tox. ff49b04 A boot partition on a GPT disk should be considered an EFI partition 6a9a9e9 Fix the token logic to be compatible with older ironic 3966871 Move logic to calculate raid sectors to raid_utils 38215d3 Change default ram for tinyipa jobs f32a4a2 Move logic for raid start sector to raid_utils 6c51709 Move minimum ironic version to latest ocata 9ac6040 Remove unused version parameter in version header function 66c3278 Editing follow-up for UEFI Software RAID support d5d62c8 Use unittest mock from standard library 079f61d Simplify deduplicate_steps 1b4ce47 Add an ability to run in-band deploy steps 3e7d447 Cleanup py27 support 9343348 Software RAID: Add UEFI support b909277 Change ipa partition jobs to netboot 34b58f6 Only check for partitions on devices that are part of software RAID 368ab13 Add jitter to inspection command reporting a332a19 Bump hacking to 3.0.0 916cd5c Rescan after restarting the md device 55b011c Fix GPT partition tables after agent writes contents bf0bb7a Improve debug logging around Raid/Bootloader 46c482d [trivial] Fix comment for Software RAID restart 81137d4 Return false for MBR bootloader check on UEFI machines 476931d Explicitly set ramdisk type c97a71d Fix agent token vmedia use 7f8afac Use crypt to generate salt ddbba07 Allow specifying target devices for software RAID 6f1f9c7 Rescan devices before performing uefi checks af5f05a Agent token support 638cfc6 Amending ntp time sync release note 731bbe8 Log the agent version cee4bfc Add NTP time sync 823a7cd Fixes error handling if efibootmgr is not present in ramdisk b5e2576 [doc] How to pause the IPA for debugging 629a19f Ignore None md5 checksum field dd721dd tgtd session detach test fails on Centos7 ab00904 Catch ValueError for FIPS 140-2 mode 375453a "fix" GenericHardwareManger unit test failure 530ae44 Convert apply_result to mock object c1da514 Ignore pyudev errors about device number 5380945 Fix multiprocessing call in unit test

Diffstat (except docs and test files) -------------------------------------

ironic_python_agent/agent.py | 56 ++- ironic_python_agent/api/app.py | 6 +- ironic_python_agent/cmd/agent.py | 1 + ironic_python_agent/config.py | 35 ++ ironic_python_agent/errors.py | 37 +- ironic_python_agent/extensions/base.py | 8 +- ironic_python_agent/extensions/clean.py | 111 +---- ironic_python_agent/extensions/deploy.py | 97 ++++ ironic_python_agent/extensions/image.py | 308 +++++++++--- ironic_python_agent/extensions/rescue.py | 15 +- ironic_python_agent/extensions/standby.py | 91 +++- ironic_python_agent/hardware.py | 306 +++++++++--- ironic_python_agent/inspect.py | 49 +- ironic_python_agent/ironic_api_client.py | 34 +- ironic_python_agent/raid_utils.py | 134 ++++++ ironic_python_agent/utils.py | 272 ++++++++++- lower-constraints.txt | 7 +- .../agent-token-support-1086218cf2a0c917.yaml | 7 + ...tloader-ignored-uefi-mode-8578a009d5b5be62.yaml | 7 + ...xecutes-gpt-partition-fix-b6156cc16da00dfc.yaml | 7 + ...gr-not-present-in-ramdisk-f11b4241edcf0e81.yaml | 6 + .../image-download-retries-65ac31fe4328e438.yaml | 11 + ...er-for-inspection-command-5a226927757a0308.yaml | 13 + ...t_crypt_generate_the_salt-99876591325275a1.yaml | 9 + .../notes/md-restart-9e0d47863a086792.yaml | 5 + .../notes/min-ironic-ocata-dff80e567783e87c.yaml | 6 + .../notes/raid-hints-604f9ffdd86432eb.yaml | 6 + ...scan-before-checking-uefi-64597c937880134d.yaml | 7 + ...t-clock-prior-to-poweroff-af6ec210aad8b45a.yaml | 10 + ...ftraid-bootable-with-uefi-aa22e6cbaf1ea747.yaml | 12 + releasenotes/notes/uefi-esp-660fc2c650e6af92.yaml | 5 + requirements.txt | 2 +- setup.cfg | 14 +- setup.py | 9 - test-requirements.txt | 7 +- tox.ini | 3 +- zuul.d/ironic-python-agent-jobs.yaml | 10 + 62 files changed, 3379 insertions(+), 549 deletions(-)

Requirements updates --------------------

diff --git a/requirements.txt b/requirements.txt index 4905237..28ea8ac 100644 --- a/requirements.txt +++ b/requirements.txt @@ -19 +19 @@ stevedore>=1.20.0 # Apache-2.0 -ironic-lib>=2.17.0 # Apache-2.0 +ironic-lib>=4.1.0 # Apache-2.0 diff --git a/test-requirements.txt b/test-requirements.txt index ad69171..c48ea59 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -4 +4 @@ -hacking>=1.0.0,<1.1.0 # Apache-2.0 +hacking>=3.0.0,<3.1.0 # Apache-2.0 @@ -6 +5,0 @@ coverage!=4.4,>=4.0 # Apache-2.0 -mock>=2.0.0 # BSD @@ -11 +10 @@ bashate>=0.5.1 # Apache-2.0 -flake8-import-order>=0.13 # LGPLv3 +flake8-import-order>=0.17.1 # LGPLv3 @@ -16 +15 @@ doc8>=0.6.0 # Apache-2.0 -sphinx!=1.6.6,!=1.6.7,>=1.6.2;python_version>='3.4' # BSD +sphinx!=1.6.6,!=1.6.7,>=1.6.2 # BSD