We are happy to announce the release of: ironic 15.2.0: OpenStack Bare Metal Provisioning This release is part of the victoria release series. The source is available from: https://opendev.org/openstack/ironic Download the package from: https://tarballs.openstack.org/ironic/ Please report issues through: https://storyboard.openstack.org/#!/project/943 For more details, please see below. 15.2.0 ^^^^^^ New Features ************ * Adds inband deploy step "flash_firmware_sum" to the "management" interface of the "ilo" and "ilo5" hardware types. The required minimum version for the proliantutils library is 2.9.5. * Adds functionality to the "ipxe" boot interface to support use of an "instance_info\boot_iso" value with the "ramdisk" deployment interface. * Adds functionality to allow a user to supply a node "instance_info/boot_iso" parameter on machines utilizing the "redfish-virtual-media" boot interface. When combined with the "ramdisk" deployment interface, this allows an instance to boot into a user supplied ISO image. * The new **experimental** "agent" power interface allows limited provisioning operations on nodes without BMC credentials. See story 2007771 (https://storyboard.openstack.org/#!/story/2007771) for details. * The "agent" RAID interface now supports building RAID as a deploy step "apply_configuration". * Adds raid configuration validation to deploy step "apply_configuration" of "agent" RAID interface. Also, a post deploy hook has been added to this deploy step to update root device hint. * Adds a new "driver_info" parameter "agent_verify_ca" that allows specifying a file with certificates to use when accessing IPA. Set to "False" to disable certificate validation. * The "deploy" deploy step of the "direct" deploy interface has been split into three deploy steps: * "deploy" itself (priority 100) boots the deploy ramdisk * "write_image" (priority 80) downloads the user image from inside the ramdisk and writes it to the disk. * "prepare_instance_boot" (priority 60) prepares the boot device and writes the bootloader (if needed). Priorities 81 to 99 to be used for in-band deploy steps that run before the image is written. Priorities 61 to 79 can be used for in- band deploy steps that modify the written image before the bootloader is installed. * Provides a new option "[DEFAULT]hash_ring_algorithm" that specifies which cryptographic algorithm to use when building the hash ring. Set to something other than "md5" when using ironic on a system in FIPS mode. * Adds support for boot mode retrieval and setting with the "ilo" and "ilo5" hardware types. * Adds support for running custom in-band deploy steps when provisioning. Step priorities from 41 to 59 can be used for steps that run after the image is written and the bootloader is installed. * Adds the capability for an operator to set a configuration setting which tells the ironic-python-agent it is okay to skip read-only block devices when performing an "erase_devices" cleaning operation. This requires ironic-python-agent version 6.0.0 or greater and can be set using the "[deploy]erase_skip_read_only" configuration option. * The "deploy" deploy step of the "iscsi" deploy interface has been split into three deploy steps: * "deploy" itself (priority 100) boots the deploy ramdisk * "write_image" (priority 80) writes the image to the disk exposed via iSCSI. * "prepare_instance_boot" (priority 60) prepares the boot device and writes the bootloader (if needed). Priorities 81 to 99 to be used for in-band deploy steps that run before the image is written. Priorities 61 to 79 can be used for in- band deploy steps that modify the written image before the bootloader is installed. * The "deploy" deploy step of the "ansible" deploy interface has been split into two deploy steps: * "deploy" itself (priority 100) boots the deploy ramdisk * "write_image" (priority 80) writes the image to the disk and configures the bootloader. Priorities 81 to 99 to be used for in-band deploy steps that run before the image is written. * Adds *network_data* property to the node, a dictionary that represents the node static network configuration. The Ironic API performs formal JSON validation of node *network_data* content against user-supplied JSON schema at driver validation step. * Allow port lists to be filtered by project. Doing so checks the specified project against the port's node's owner and lessee. Deprecation Notes ***************** * Running the whole deployment process as a monolithic "deploy.deploy" deploy step is now deprecated. In a future release this step will only be used to prepare deployment and starting the agent, and special handling will be removed. All third party deploy interfaces must be updated to provide real deploy steps instead and set the "has_decomposed_deploy_steps" attribute to "True" on the deploy interface level. * The configuration options "[json_rpc]http_basic_username" and "[json_rpc]http_basic_password" have been deprecated in favour of the more generic "[json_rpc]username" and "[json_rpc]password". Bug Fixes ********* * Fixes RAID "apply_configuration" deploy step for "idrac-wsman" where deployment failed with "TypeError". See story 2007963 (https://storyboard.openstack.org/#!/story/2007963). * Fixes deployment hanging on an invalid in-band deploy step in a deploy templates. * Allows deleting nodes with a broken driver unless they require stopping serial console. * Fixes updating driver fields for nodes with a broken driver. This is required to be able to set maintenance for such nodes. * Fixes json_rpc client connections always using HTTP even if *use_ssl* was set to True. * When Ironic is doing IPMI retries the configured "min_command_interval" should be used instead of a default value of "1", which may be too short for some BMCs. * Fixes missing "agent" RAID compatibility for the "ilo5" and "idrac" hardware type preventing software RAID for working with them. * Fixes an issue where "ironic-conductor" initialization could return a "NodeNotLocked" error for requests requiring locks when the conductor was starting. This was due to the conductor removing locks after beginning accepting new work. The lock removal has been moved to after the Database connectivity has been established but before the RPC bus is initialized. * Fixes the conductor so the power sync operations are not asserted for nodes in the "adopt failed" state. * Fixes the issue that port auto allocation for the socat console failed to correctly identify the availablility of ports under IPv6 networks. * Removes stale agent tokens when rebooting nodes using API. This prevents lookup failures for nodes that get rebooted between fast- track operations. * Removes stale agent token on rescue and unrescue operations. Previously it would cause subsequent rescue operations to fail. * Fixes the preservation of potentially incorrect power state information when adoption process fails. Power state is now wiped as part of the failure handling process instead of being preserved. Other Notes *********** * The proliantutils library version 2.9.5 enables "ssacli" based in- band deploy step "apply_configuration" of "agent" RAID interface for "ilo" and "ilo5" hardware types. * Support for iPXE booting a ISO medium will only work if the ramdisk loaded by the bootloader contains all artifacts required for the booting operating system to load. This is a limitation of iPXE and x86 systems architecture, as the memory allocated for the rest of the ISO disk image in memory is freed by the booting kernel. * As part of the agent deploy interfaces refactoring, breaking changes will be made to implementations of "AgentDeploy" and "ISCSIDeploy". Third party deploy interfaces must be updated to inherit "HeartbeatMixin", "AgentBaseMixin" or "AgentDeployMixin" from "ironic.drivers.modules.agent_base" instead since their API is considered more stable. * Starting in ironic-python-agent 6.0.0, metadata erasure of read- only devices is skipped by default. * A new method "supports_power_sync" has been added to "PowerInterface". If it returns "False", the conductor will not try to assert power state for the node, merely recording the returned state instead. * The base agent deploy interface code now correctly handles power interfaces that do not support the "power on" action but support "reboot". Changes in ironic 15.1.0..15.2.0 -------------------------------- 0d94ef67c Fix time usage in unit tests for agent power interface 0fc1ca7a2 Enforce autospec in irmc tests 45644c64a [Trivial]Fix some typos in docs 82a2fe4f7 Follow up to I44336423194eed99f026c44b6390030a94ed0522 bc0cc8a8f Adds support SUM based firmware update as deploy step c6c79d143 Enforce autospec in xclarity tests 15fa7ac81 Enforce autospec in test_cinder adcb05a84 agent_client: support custom TLS certificates 00a23de3a Use property plus abstractmethod for abstractproperty 07a7a269b Fix console auto port allocation under IPv6 707b32134 Fix iscsi deploy steps priorities 0b0ab9eb1 Wipe agent token and URL on rescue and unrescue abed175fc Fix error word presistent in docs 013450826 Prevents power sync with ADOPTFAIL nodes ceb0d284b Change UEFI PXE job to use tinyipa ed10d7ed3 Enable deploy-time software RAID in standalone jobs feae197c5 Use TLS for json_rpc when configured 040523ad1 Log the traceback of unexpected errors when verifying power credentials 01772c31e Add cirros-specific FAQ item for troubleshooting 328cb9291 Fix idrac-wsman RAID apply_configuration 4fa65099d Break out collection functions for json usage b6a25d467 Convert v1 controller to plain, return JSON bf1552011 Convert root controller to plain controller 2bc99efe4 Enforce autospec in test_iscsi_deploy 9ca38395b Fix invalid assertTrue which should be assertEqual 52b567e7d Trivial: fix a minor issue in standalone docs and improve formatting 89275bd50 AgentRAID: Account for empty results in post-configuration checks b8e4aba1e Remove locks before RPC bus is started e144453c1 Mark IPv6 job as non-voting to unblock the gate 44d66d351 Reset power state upon adoption failure a1e079cae Make the final deploy step validation actually fail deploy 7a839569a Enforce autospec in some api tests 946087020 Add subsections to the standalone documentation 74e9e1d82 Deprecate http_basic_username and http_basic_password in [json_rpc] a5ce4dd8d Adds raid validation for in-band AgentRAID deploy step cf9188c2d Allow node lessee to see node's ports 6dfc40913 Force RAX hosts to run tinyipa 271d85e99 Update how to release section 67e51af6d Extend PXE boot retry timeout for RAX hosts 9189b4bb2 Add an option to choose the hash ring algorithm 9169085db Extend base build timeouts 1cb1df76d Stop running test_schedule_to_all_nodes in the multinode job 491147752 Document fast-track and the agent power interface 46f8c8575 Add agent power interface e804f6c56 Account for power interfaces that cannot power on 1e28a056b Convert root path / to use plain JSON 0ac401732 Rename Response to PassthruResponse b1328fa99 Remove Link type 5e12d502f Remove File type dc87a189c Update number of VM on ironic-base b1dd9147d Replace oslo_utils.netutils type compares with ipaddress 3750ba62d Auto extend the timeout for RAX hosts 3b6163afd Allow disabling retries in AgentClient.get_command_statuses 02d3efbd7 Explicitly set jobs to ML2/OVS a7ee20501 Enforce autospec in test_notification_utils 5abb3aedc Enforce autospec in test_deployments 0cbb0397b iPXE ISO Ramdisk booting ba0dc574b Follow-up on blocking port deletions 53f751dcf Remove old driver name from cross-gating job 5f557f47f Stop wiping driver_internal_info on node.driver updates bec00bd85 Ironic to use DevStack's neutron"-legacy" module 8c191ceb5 Fixes to skip validation of in-band deploy steps before agent boot a7976b349 Implement get_deploy_steps for AgentRAID d430d1bdb Set min version of tox to 3.2.1 f27fcda53 Use default timeout for all jobs 2d4d37535 Wipe agent token during reboot or power off c376cb321 Add missing agent RAID compatibility for ilo5 and idrac 44cc6dd79 Add wsme core types, remove WSME 8006c9dfd Add json and param parsing to args 44d56c559 Change non-tinyipa jobs to use multiple cores 3d778db0c Add knob for read-only and "erase_devices" 63f6adf68 Decompose the core deploy step on iscsi and ansible deploy bd0033611 Iso booting via redfish virtual media a7445d9f8 Use min_command_interval when ironic does IPMI retries bf65acf6b fix error word presistent in docs 2d814fe60 Remove non-inclusive language 39ca67ac2 fix error word confiuration to configuration in docs ddbc4a6a0 add tempest boot_mode config 2a6b5c14d Decompose the core deploy step of the direct deploy deec7f4a9 agent_base: support inserting in-band deploy steps 8aecabcfe Stop using md5 for __repr__ of objects 22c68cd7f CI: Make ipv6 job to voting 533258815 Allow deleting nodes with a broken driver 217e354a2 Do not validate driver on changing non-driver fields 737076fae Use native oslo.concurrency execution timeout in ipmitool 25dbdb7dc [doc] Describe how to extract an fs UUID from an image c84c6af08 Add `get_node_network_data` to Neutron NetworkInterface e43aee3db Adds boot mode support to iLO management interface f73338c99 Minor agent token log handling 9b4a63aa6 Add RPC objects for deployment API Diffstat (except docs and test files) ------------------------------------- devstack/lib/ironic | 45 +- driver-requirements.txt | 2 +- ironic/api/args.py | 381 +++++++++++ ironic/api/controllers/link.py | 39 +- ironic/api/controllers/root.py | 73 +- ironic/api/controllers/v1/__init__.py | 364 +++++----- ironic/api/controllers/v1/allocation.py | 8 +- ironic/api/controllers/v1/bios.py | 12 +- ironic/api/controllers/v1/chassis.py | 36 +- ironic/api/controllers/v1/collection.py | 54 +- ironic/api/controllers/v1/conductor.py | 12 +- ironic/api/controllers/v1/deploy_template.py | 12 +- ironic/api/controllers/v1/driver.py | 32 +- ironic/api/controllers/v1/node.py | 66 +- ironic/api/controllers/v1/port.py | 59 +- ironic/api/controllers/v1/portgroup.py | 22 +- ironic/api/controllers/v1/state.py | 3 +- ironic/api/controllers/v1/utils.py | 14 +- ironic/api/controllers/v1/volume.py | 25 +- ironic/api/controllers/v1/volume_connector.py | 16 +- ironic/api/controllers/v1/volume_target.py | 16 +- ironic/api/controllers/version.py | 57 +- ironic/api/expose.py | 20 +- ironic/api/method.py | 95 +++ ironic/api/types.py | 744 +++++++++++++++++++-- ironic/common/exception.py | 94 ++- ironic/common/hash_ring.py | 3 +- ironic/common/images.py | 30 +- ironic/common/json_rpc/client.py | 31 +- ironic/common/json_rpc/server.py | 4 +- ironic/common/neutron.py | 159 ++++- ironic/common/pxe_utils.py | 17 +- ironic/common/release_mappings.py | 1 + ironic/common/rpc_service.py | 2 + ironic/common/utils.py | 12 +- ironic/conductor/base_manager.py | 34 +- ironic/conductor/deployments.py | 9 +- ironic/conductor/manager.py | 54 +- ironic/conductor/rpcapi.py | 1 + ironic/conductor/task_manager.py | 17 + ironic/conductor/utils.py | 54 +- ironic/conf/default.py | 10 + ironic/conf/deploy.py | 11 + ironic/conf/json_rpc.py | 12 +- ironic/db/sqlalchemy/api.py | 26 +- ironic/dhcp/neutron.py | 22 +- ironic/drivers/base.py | 12 + ironic/drivers/drac.py | 8 +- ironic/drivers/generic.py | 3 +- ironic/drivers/hardware_type.py | 12 +- ironic/drivers/ilo.py | 8 +- ironic/drivers/modules/agent.py | 180 ++--- ironic/drivers/modules/agent_base.py | 150 ++++- ironic/drivers/modules/agent_client.py | 68 +- ironic/drivers/modules/agent_power.py | 220 ++++++ ironic/drivers/modules/ansible/deploy.py | 58 +- ironic/drivers/modules/console_utils.py | 27 +- ironic/drivers/modules/deploy_utils.py | 23 +- ironic/drivers/modules/drac/raid.py | 2 +- ironic/drivers/modules/ilo/common.py | 27 + ironic/drivers/modules/ilo/management.py | 116 +++- ironic/drivers/modules/ipmitool.py | 53 +- ironic/drivers/modules/ipxe_config.template | 5 + ironic/drivers/modules/iscsi_deploy.py | 57 +- ironic/drivers/modules/network/common.py | 50 +- ironic/drivers/modules/pxe_base.py | 11 +- ironic/drivers/modules/redfish/boot.py | 49 +- ironic/drivers/modules/snmp.py | 9 +- ironic/objects/__init__.py | 1 + ironic/objects/deployment.py | 259 +++++++ ironic/objects/fields.py | 7 +- ironic/objects/node.py | 4 - ironic/objects/port.py | 37 +- .../common/json_samples/neutron_network_show.json | 33 + .../json_samples/neutron_network_show_ipv6.json | 33 + .../common/json_samples/neutron_port_show.json | 59 ++ .../json_samples/neutron_port_show_ipv6.json | 59 ++ .../common/json_samples/neutron_subnet_show.json | 32 + .../json_samples/neutron_subnet_show_ipv6.json | 32 + .../unit/conductor/test_notification_utils.py | 19 +- .../drivers/ipxe_config_boot_from_iso.template | 39 ++ .../unit/drivers/modules/ansible/test_deploy.py | 137 +--- .../unit/drivers/modules/ilo/test_management.py | 450 ++++++++++--- .../drivers/modules/irmc/test_periodic_task.py | 73 +- .../unit/drivers/modules/network/test_flat.py | 5 +- .../unit/drivers/modules/network/test_neutron.py | 9 +- .../unit/drivers/modules/redfish/test_boot.py | 200 +++++- .../unit/drivers/modules/storage/test_cinder.py | 7 +- .../unit/drivers/modules/test_agent_client.py | 97 ++- .../unit/drivers/modules/test_console_utils.py | 47 +- .../unit/drivers/modules/test_deploy_utils.py | 14 + .../unit/drivers/modules/test_iscsi_deploy.py | 249 +++---- .../drivers/modules/xclarity/test_management.py | 5 +- .../unit/drivers/modules/xclarity/test_power.py | 26 +- lower-constraints.txt | 6 +- ...nsible-python-interpreter-2035e0f23d407aaf.yaml | 4 +- ...update-firmware-using-sum-cfee84a19120dd3c.yaml | 11 + ...add-ipxe-boot-iso-support-6ae2f5cc2250be3e.yaml | 12 + ...ish-boot_iso-pass-through-8a6f4d0c98ada1d5.yaml | 8 + .../notes/agent-power-a000fdf37cb870e4.yaml | 6 + .../notes/agent-raid-647acfd599e83476.yaml | 5 + .../agent-raid-validate-f7348ac034606b83.yaml | 6 + .../notes/agent-verify-ca-ddbfbb0f27198d82.yaml | 6 + ...-raid-apply-configuration-792ccf195057016b.yaml | 6 + .../deploy-step-validate-76b2aa97e02ba669.yaml | 5 + .../notes/destroy-broken-8b13de8382199aca.yaml | 5 + .../direct-deploy-steps-36486987156017d7.yaml | 17 + .../notes/driver-maintenance-0945c2939fa4e917.yaml | 5 + .../fix-json-rpc-client-ssl-2438a731beb3d5f9.yaml | 5 + ...-option-for-software-raid-baa2cffd95e1f624.yaml | 2 +- .../notes/hash-ring-algo-4337c18117b33070.yaml | 7 + ...boot-mode-management-apis-8173002daf79894c.yaml | 5 + .../notes/in-band-steps-e4a1fe759029fea5.yaml | 23 + ...se_devices-skip-read-only-9f8cd9278c35a84e.yaml | 12 + ...ries-min-command-interval-070cd7eff5eb74dd.yaml | 6 + .../iscsi-ansible-steps-817b52269d2455b0.yaml | 28 + .../json_rpc_http_basic-42dfc6ca2471a30e.yaml | 6 + .../notes/missing-sw-raid-b7fdc9259612970d.yaml | 5 + .../notes/no-power-on-842b21d55b07a632.yaml | 9 + .../notes/node-network-data-6f998aaa57020f4b.yaml | 7 + .../port-list-by-project-8cfaf3b2cf0dd627.yaml | 5 + .../notes/remove-locks-first-d12ac27106f800f8.yaml | 9 + ...-power-sync-for-adoptfail-d2498f1a2e997ed7.yaml | 5 + ...t-console-port-alloc-ipv6-26760f53f86209d0.yaml | 5 + .../notes/token-reboot-b48b5981a58a30ae.yaml | 5 + .../notes/unrescue-token-ae664a17343e0610.yaml | 5 + ...wer-state-on-adopt-failed-09194c8269c779de.yaml | 7 + requirements.txt | 7 +- setup.cfg | 1 + tools/bandit.yml | 1 - tox.ini | 10 +- zuul.d/ironic-jobs.yaml | 112 ++-- zuul.d/project.yaml | 8 +- 193 files changed, 8135 insertions(+), 2294 deletions(-) Requirements updates -------------------- diff --git a/driver-requirements.txt b/driver-requirements.txt index bb016f26e..539d27ba9 100644 --- a/driver-requirements.txt +++ b/driver-requirements.txt @@ -7 +7 @@ -proliantutils>=2.9.1 +proliantutils>=2.9.5 diff --git a/requirements.txt b/requirements.txt index 9a59e6777..9f7593b3c 100644 --- a/requirements.txt +++ b/requirements.txt @@ -13 +13 @@ python-glanceclient>=2.8.0 # Apache-2.0 -keystoneauth1>=3.18.0 # Apache-2.0 +keystoneauth1>=4.2.0 # Apache-2.0 @@ -19 +19 @@ pysendfile>=2.0.0;sys_platform!='win32' # MIT -oslo.concurrency>=3.26.0 # Apache-2.0 +oslo.concurrency>=4.2.0 # Apache-2.0 @@ -37 +36,0 @@ jsonpatch!=1.20,>=1.16 # BSD -WSME>=0.9.3 # MIT @@ -46 +45 @@ futurist>=1.2.0 # Apache-2.0 -tooz>=1.58.0 # Apache-2.0 +tooz>=2.7.0 # Apache-2.0