We are ecstatic to announce the release of: ironic 21.0.0: OpenStack Bare Metal Provisioning This release is part of the zed release series. The source is available from: https://opendev.org/openstack/ironic Download the package from: https://tarballs.openstack.org/ironic/ Please report issues through: https://storyboard.openstack.org/#!/project/943 For more details, please see below. 21.0.0 ^^^^^^ New Features ************ * Adds a new feature to permit Ironic to automatically provide an instance requestor's project, "lessee" rights to the Bare Metal machine under the Role Based Access Control model implemented in Ironic. It does this by saving the project ID of the requestor to the Node "lessee" field automatically, and removing the rights when undeploying the machine. This feature, is normally disabled, but can be enabled using the "[conductor]automatic_lessee" configuration option. This option will not work in a mixed-version upgrade with older API services. * Adds a default "project" scoped "manager" role to the RBAC model. In the ironic model, access is generally explicitly delegated, and such the "manager" role is presently equivelent to project scoped "admin" role, however future delineation may occur as the new features and capabilities are added. * When an allocation is being processed, the randomized candidate list is now modified so that a node with a matching name to the allocation is moved to the beginning of the list. This greatly increases the chance of node name and allocation name matching in environments where the naming schemes align. * Adds driver_info/irmc_verify_ca option to specify certification file. Default value of driver_info/irmc_verify_ca is True. * Adds SNMPv3 message authentication and encryption features to iRMC driver. To enable these features, the following parameters should be used in the node's "driver_info": * "irmc_snmp_user" * "irmc_snmp_auth_password" * "irmc_snmp_priv_password" * "irmc_snmp_auth_proto" (Optional, defaults to "sha") * "irmc_snmp_priv_proto" (Optional, defaults to "aes") "irmc_snmp_auth_proto" and "irmc_snmp_priv_proto" can also be set through the following options in the "[irmc]" section of "/etc/ironic/ironic.conf": * "snmp_auth_proto" * "snmp_priv_proto" * Nodes using virtual media can now specify their own external URL. This setting can be leveraged via the "driver_info\external_http_url" node setting. When used, this setting overrides the "[deploy]http_url" and "[deploy]external_http_url" settings in the configuration file. * The "ramdisk" deploy interface is now enabled by default. When the default "direct" deploy is also enabled, the "ramdisk" deploy must be explicitly requested on the node level. Known Issues ************ * When using "jsonschema" 4.0.0 or newer, make sure to include a proper "$schema" field in your custom network data or RAID schemas. Upgrade Notes ************* * The deprecated support for instance network booting (not to be confused with the "ramdisk" deploy, iSCSI boot or Anaconda deploy) has been removed. The "boot_option" capability is no longer supported. * Support for trusted boot has been removed. This feature requires instance network booting, which is also removed this cycle. Deprecation Notes ***************** * Support for the syslinux (https://wiki.syslinux.org/wiki/index.php? title=Syslinux_6_Changelog#Changes_in_6.04) and the often separately package isolinux (https://wiki.syslinux.org/wiki/index.php?title=ISOLINUX) and pxelinux (https://wiki.syslinux.org/wiki/index.php?title=PXELINUX). Legacy BIOS boot loaders, is deprecated and will be removed the future. This is for two reasons. The first is because it is a BIOS mode bootloader, and the shift to UEFI booting has reduced the need for these packages. The second reason is a lack of maintenance, which is ultimately the same reason Linux distributions are discussing dropping support and packaging. Syslinux has not been updated since 2019 (https://repo.or.cz/syslinux.git/shortlog). Incidently, the file format it utilizes *is* supported by Power hardware, and that may result in the configuration template remaining in Ironic for the forseeable future. * Support for use of pxelinux (https://wiki.syslinux.org/wiki/index.php?title=PXELINUX) is deprecated due to the deprecation of support for Syslinux. * Support for virtual media booting with x86 Hardware in Legacy BIOS mode is deprecated due to the dependency upon isolinux (https://wiki.syslinux.org/wiki/index.php?title=ISOLINUX) for use of Legacy BIOS boot mode. "isolinux" is from the "syslinux" package and source tree. * Deprecation of "pxelinux", as a result of the deprecation of "syslinux", does ultimately mean the default for the "pxe" boot_interface to carry defaults for the use of grub based network booting, specifically for operators who are unable to use iPXE. * Deprecates the "irmc_snmp_security" field in "driver_info" for iRMC driver, it will be removed in the future. Please use "irmc_snmp_user" field instead. Security Issues *************** * Modifies the "irmc" hardware type to include a capability to control enforcement of HTTPS certificate verification. By default this is enforced. python-scciclient >= 0.12.0 is required. Bug Fixes ********* * Fixes an issue where "root_gb" became a required field when using the "anaconda" deployment interface, with a recent bug fix as the code path largely expected all deployment operations to utilize images, which is not the case. The case handling for non-image based deployments is now explicitly in internal parameter validation code. * Fixes handling of "image_source" parameters where internal validations would not gracefully handle received redirects and treat it as a failure. We now no longer explicitly fail when a redirect is received. * Fixes an issue where an "image_source" could not be set to a mirror URL to facilitate deployments using a mirror with the "anaconda" deployment interface. Ironic still presently has an explicit requirement on a "stage2" parameter to be explicitly defined. * Fixes rebooting into the agent after changing BIOS settings in fast- track mode with the "redfish-virtual-media" boot interface. Previously, the ISO would not be configured. * Fixes "OSError: [Errno 36] File name too long" when building a virtual media ISO from a long kernel, ramdisk or ESP URL. * Fixes an issue in the "anaconda" deployment interface where PXE argument processing and preparation was erroneously directly connecting to Glance, potentially leading to an exception in the standalone use case. * Fixes "redfish" and "idrac-redfish" RAID "create_configuration", "apply_configuration", "delete_configuration" clean and deploy steps to update node's "raid_config" field at the end of the steps. * Fixes "redfish-virtual-media" "boot" interface to allow it with iDRAC firmware from 6.00.00.00 (released June 2022) as it has virtual media boot issue fixed that prevented iDRAC firmware to work with "redfish-virtual-media" before. Consider upgrading iDRAC firmware if not done already, otherwise will still get an error when trying to use "redfish-virtual-media" with iDRAC. * Fixes compatibility with "jsonschema" package version 4.0.0 or newer by providing a proper schema version (Draft-07 currently). * Fixes a race condition in PXE initialization where the logic to retry what we suspect as potentially failed PXE boot operations was not consulting if an "agent token" had been established, which is the very first step in agent initialization. * When the "ramdisk" deploy interface is used and automated cleaning is disabled, the "pxe", "ipxe" and "redfish-virtual-media" boot interfaces no longer require a deploy kernel/ramdisk to be provided. * Anaconda supports the ability to explicitly pass a URL instead of a "stage2" ramdisk parameter. This has resulted in confusion in use of the "anaconda" deployment interface, as a "stage2" ramdisk is typically not used, but made sense with Glance images in a fully integrated OpenStack deployment. Now a URL to a path can be supplied to the "anaconda" deployment interface to simplify the interaction and use, and a redundant "stage2" parameter is no longer required. * Resolved clear_job_queue and reset_idrac verify step failures which occur when the functionality is not supported by the iDRAC. When this condition is detected, the code in the step handles the exception and logs a warning and completes successfully in case of verification steps but fails in case of cleaning steps. * Fixes an issue where an API user, when requesting a node list or single node object, could get an error indicating that the request was bad as the chassis was not found. This can occur when in-flight delete operations are in progress on another thread. Instead of surfacing a request breaking error, the API now suppresses the error and just treats it as if there is no Chassis. * Fixes "enable_netboot_fallback" to cause iPXE config to exit 0 when "sanboot --no-describe" fails. Allowing the firmware to move onto the next device in the boot order. Other Notes *********** * Adds documentation of standalone deployment use case with the "anaconda" deployment interface. * Updates the minimum version of "python-scciclient" library to "0.12.1". * Known issue when using iDRAC with Swift to stage firmware update files in Management interface "firmware_update" clean step of "redfish" or "idrac" hardware type has been fixed in iDRAC firmware 6.00.00.00. Upgrade when possible or use HTTP service to stage firmware files for iDRAC. Changes in ironic 20.2.0..21.0.0 -------------------------------- 2a66fd68a Ironic Release 21.0 faa7b37f2 Fix releasenotes before release 21.0 89f421b16 Do not reboot into nowhere after BIOS settings with fast-track bd8e48239 anaconda: ks liveimg = instance_info/image_info 05c16f10d Document driver_info external_http_url c197a2d8b Override external_http_url at node level e48c62187 Log successful clean up in image cache 3b28d0984 Modify test code to avoid CONF modification affection 64d7a7f30 Fix iRMC driver to use certification file in HTTPS 3a621e398 Update raid_type handling for Redfish raid_config 35bc014ed Change molds option to appropriate class 7b47e09a3 Fix pxe image lookups f6d2b2ed9 Modify do_node_verify to avoid state machine stuck f0a177876 Finally remove support for netboot and the boot_option capability fb253a670 Suppress Chassis Not Found on API Operation fb73bdf10 Exit ipxe script if enable_netboot_fallback failed 41484988e Stop documenting netboot and the boot_option capability f8135b22f Enable the ramdisk deploy by default c870b5525 Imported Translations from Zanata 0335ad16c Imported Translations from Zanata 56d3c5a03 Clarify disk_label with a warning 9f66a95aa Fix adoption unit test image check f7471f07c CI: Only setup fake v6 interface if needed 8c95131d8 CI: Save routing table information for troubleshooting 0311ea7c9 project scoped manager support 33bb2c248 Do not require stage2 for anaconda with standalone dbcce25d3 Remove support for trusted boot d90e59057 Remove workaround for Python < 3.7.4 79f82c026 [iRMC] Add SNMPv3 authentication functionality 55b9579f1 Fix compatibility with jsonschema>=4.0.0 c8be82c52 Deprecate syslinux 737ff34e7 Fix markup typo in Redfish driver docs 70812aa6e Update known issue for iDRAC Swift firmware update e78f123ff Make anaconda non-image deploys sane f0935c182 Add audit middleware options to ironic.conf e09919cab Move logging out of skip_automated_cleaning 0f1627388 Trivial: log which state the node is in 1dda97c78 Prevent clear_job_queue and reset_idrac failures on older iDRACs af838cca7 CI: Pull in diskimage-builder until new release is cut 73040c88d Fix redfish-virtual-media for newer iDRACs 19daab6ba Docs: specify what to do with the created images 8b99fcb0e CI: Default to TinyIPA when nested virt is not possible e0c758bb9 CI: Add iweb to the use tinyipa on list d75424b5e Prevent pxe retry when agent token exists 65583e641 No deploy_kernel/ramdisk with the ramdisk deploy and no cleaning 089b0c8e6 Use bifrost on centos9 integration job 2b55444f3 Allocation candidates prefer matching name 39a7f5800 Docs: replace nova cli calls with openstack 94f9745f0 [Minor] Fix misspellings of "insufficient" cf7a2b458 Drop python2 from bindep.txt 0406fa753 Remove unicode literal from code 5bbcabbab Remove netboot jobs from the gate 832dc8bf9 Switch to q35 machine type for test nodes 59d4cc666 Update bugfix section 81f583f69 devstack: use CentOS 9 for DIB IPA builds c3f397149 Auto-populate lessee for deployments 29364b7fb Fix Redfish RAID to update raid_config 63e53797a CI: Removing ironic job queue 2d885126e Don't use URLs as part of temporary file names (part 2) f1257c79c Swap the metalsmith UEFI job for a legacy one d2a2447e8 The Python 3.6 and Python 3.7Support has been dropped since zed b77a5d67d Fix names of two jobs Diffstat (except docs and test files) ------------------------------------- api-ref/source/baremetal-api-v1-allocation.inc | 6 +- api-ref/source/conf.py | 10 +- bindep.txt | 5 +- devstack/lib/ironic | 42 +- devstack/tools/ironic/templates/vm.xml | 17 +- .../include/local-boot-partition-images.inc | 56 -- driver-requirements.txt | 2 +- ironic/api/controllers/v1/network-data-schema.json | 2 +- ironic/api/controllers/v1/node.py | 13 +- ironic/api/controllers/v1/versions.py | 4 +- ironic/api/hooks.py | 8 +- ironic/common/context.py | 38 +- ironic/common/exception.py | 20 +- ironic/common/image_service.py | 41 ++ ironic/common/images.py | 87 ++- ironic/common/policy.py | 35 +- ironic/common/pxe_utils.py | 118 ++-- ironic/common/release_mappings.py | 22 +- ironic/common/utils.py | 24 +- ironic/conductor/allocations.py | 9 + ironic/conductor/cleaning.py | 6 +- ironic/conductor/deployments.py | 20 + ironic/conductor/manager.py | 11 +- ironic/conductor/rpcapi.py | 1 - ironic/conductor/utils.py | 43 +- ironic/conductor/verify.py | 2 +- ironic/conf/conductor.py | 10 + ironic/conf/default.py | 2 +- ironic/conf/deploy.py | 12 - ironic/conf/irmc.py | 14 +- ironic/conf/molds.py | 4 +- ironic/drivers/modules/agent.py | 36 +- ironic/drivers/modules/agent_base.py | 12 +- ironic/drivers/modules/agent_config.template | 13 - ironic/drivers/modules/ansible/deploy.py | 6 - ironic/drivers/modules/boot.ipxe | 6 + ironic/drivers/modules/boot_mode_utils.py | 28 +- ironic/drivers/modules/deploy_utils.py | 126 ++-- ironic/drivers/modules/drac/boot.py | 2 +- ironic/drivers/modules/drac/management.py | 42 +- ironic/drivers/modules/ilo/boot.py | 27 +- ironic/drivers/modules/ilo/power.py | 5 +- ironic/drivers/modules/image_cache.py | 11 + ironic/drivers/modules/image_utils.py | 13 +- ironic/drivers/modules/ipxe_config.template | 10 +- ironic/drivers/modules/irmc/boot.py | 5 +- ironic/drivers/modules/irmc/common.py | 239 +++++++- ironic/drivers/modules/irmc/inspect.py | 21 +- ironic/drivers/modules/irmc/power.py | 15 +- ironic/drivers/modules/ks.cfg.template | 3 + ironic/drivers/modules/network/neutron.py | 11 - ironic/drivers/modules/pxe_base.py | 67 +-- ironic/drivers/modules/pxe_config.template | 10 - ironic/drivers/modules/pxe_grub_config.template | 5 - ironic/drivers/modules/redfish/bios.py | 24 +- ironic/drivers/modules/redfish/boot.py | 38 +- ironic/drivers/modules/redfish/raid.py | 39 ++ .../api/controllers/v1/test_deploy_template.py | 2 +- .../ipxe_config_boot_from_anaconda.template | 41 ++ .../drivers/ipxe_config_boot_from_iso.template | 8 +- .../drivers/ipxe_config_boot_from_ramdisk.template | 8 +- ...e_config_boot_from_volume_extra_volume.template | 8 +- ...ipxe_config_boot_from_volume_multipath.template | 8 +- ...nfig_boot_from_volume_no_extra_volumes.template | 8 +- .../unit/drivers/ipxe_config_timeout.template | 8 +- .../unit/drivers/modules/ansible/test_deploy.py | 18 - .../unit/drivers/modules/drac/test_management.py | 90 +++ .../unit/drivers/modules/irmc/test_inspect.py | 55 +- .../unit/drivers/modules/network/test_neutron.py | 60 -- .../unit/drivers/modules/redfish/test_bios.py | 32 +- .../unit/drivers/modules/redfish/test_boot.py | 55 +- .../drivers/modules/redfish/test_firmware_utils.py | 26 +- .../drivers/modules/redfish/test_management.py | 10 +- .../unit/drivers/modules/redfish/test_raid.py | 146 ++++- .../unit/drivers/modules/storage/test_cinder.py | 2 +- .../unit/drivers/modules/test_boot_mode_utils.py | 13 - .../unit/drivers/modules/test_deploy_utils.py | 434 ++++---------- playbooks/ci-workarounds/get_extra_logging.yaml | 8 + .../add-automatic-lessee-88f8ecab7c76b65f.yaml | 11 + ...rbac-project-manager-role-7ffc52f78ff93432.yaml | 8 + .../allocation-node-name-46b473ec82662f7f.yaml | 7 + ...ased-deploy-option-sanity-b98fa138747c16d2.yaml | 21 + ...eprecate-syslinux-support-98d327c67607fc8e.yaml | 26 + .../notes/fast-track-bios-fa9ae685c151dd24.yaml | 6 + .../notes/file-name-too-long-72265bb3fec704f8.yaml | 5 + ...xe-glance-lookup-anaconda-86fe616c6286ec08.yaml | 6 + .../fix-redfish-raid-config-9e868c3e069475a1.yaml | 6 + ...fix-redfish-vm-boot-idrac-37ec734e6643cbac.yaml | 9 + ...certification-file-option-34e7a0062c768e58.yaml | 10 + .../irmc-add-snmpv3-security-fca05bfc30f50d1a.yaml | 30 + .../notes/jsonschema-966f55fc79b916fc.yaml | 9 + ...drac-firmware-swift-fixed-f9d30e60a53d96c4.yaml | 8 + .../notes/no-netboot-d08f46c12edabd35.yaml | 6 + .../notes/no-trustedboot-01322dbaf33f8df8.yaml | 5 + ...xternal_http_url-per-node-f5423b00b373e528.yaml | 8 + ...e-retry-when-token-exists-a4f38f7da56c1397.yaml | 7 + .../notes/ramdisk-deploy-384a38c3c96059dd.yaml | 6 + .../redfish-ramdisk-no-agent-490b5edb0b2387e5.yaml | 6 + ...y-standalone-anaconda-use-7160d0d3401e468e.yaml | 11 + ...rac-reset-if-attr-missing-b2a2b609c906c6c4.yaml | 8 + ...s_chassis_not_found_error-99ee4b902d504ec7.yaml | 9 + .../notes/version-foo-2eb39b768112547f.yaml | 6 + releasenotes/source/conf.py | 16 +- .../locale/en_GB/LC_MESSAGES/releasenotes.po | 276 ++++++++- .../source/locale/ja/LC_MESSAGES/releasenotes.po | 159 ----- requirements.txt | 2 +- setup.cfg | 4 +- tools/config/ironic-config-generator.conf | 1 + zuul.d/ironic-jobs.yaml | 43 +- zuul.d/project.yaml | 19 +- 171 files changed, 4070 insertions(+), 3006 deletions(-) Requirements updates -------------------- diff --git a/driver-requirements.txt b/driver-requirements.txt index da312468e..5333dbd4f 100644 --- a/driver-requirements.txt +++ b/driver-requirements.txt @@ -9 +9 @@ pysnmp>=4.3.0,<5.0.0 -python-scciclient>=0.8.0 +python-scciclient>=0.12.2 diff --git a/requirements.txt b/requirements.txt index 2ac3e8348..24c09f50c 100644 --- a/requirements.txt +++ b/requirements.txt @@ -41 +41 @@ Jinja2>=3.0.0 # BSD License (3 clause) -keystonemiddleware>=4.17.0 # Apache-2.0 +keystonemiddleware>=9.5.0 # Apache-2.0