We are amped to announce the release of: ironic-python-agent 7.0.0: Ironic Python Agent Ramdisk This release is part of the wallaby release series. The source is available from: https://opendev.org/openstack/ironic-python-agent Download the package from: https://tarballs.openstack.org/ironic-python-agent/ Please report issues through: https://storyboard.openstack.org/#!/project/openstack/ironic- python-agent For more details, please see below. 7.0.0 ^^^^^ New Features ************ * Adds support for NVMe-specific storage cleaning to IPA. Currently this is implemented by using nvme-cli format functionality. Crypto Erase is used if supported by the device, otherwise the code falls back to User Data Erase. The operators can control NVMe cleaning by using deploy.enable_nvme_erase config option which controls "agent_enable_nvme_erase" internal setting in driver_internal_info. * Adds a new deploy step "deploy.inject_files" to inject arbitrary files into the instance. See the hardware managers documentation (https://docs.openstack.org/ironic-python- agent/latest/admin/hardware_managers.html) for details. Known Issues ************ * Logic around virtual media device validation is now much more strict, and may not work in all cases. Should you discover a case, please provide the output from "lsblk -P -O" with a virtual media device attached to the Ironic development community via Storyboard (https://storyboard.openstack.org/#!/project/947). * Internal logic to copy configuration data from virtual media now requires the "boot_method=vmedia" flag to be set on the kernel command line of the bootloader for the virtual media. Operators crafting custom boot ISOs, should ensure that the appropriate command line is being added in any custom build processes. Upgrade Notes ************* * It is no longer possible to enable the so called *standalone mode*, in which the agent does not communicate with ironic. This mode is only useful for local testing, enabling it on production is always wrong. The ironic team does not support using ironic-python- agent as a standalone application outside of the normal workflow. Security Issues *************** * Addresses a potential vector in which an system authenticated malicious actor could leveraged data left on disk in some limited cases to make the API of the "ironic-python-agent" attackable, or possibly break cleaning processes to prevent the machine from being able to be returned to the available pool. Please see story 2008749 (https://storyboard.openstack.org/#!/story/2008749) for more information. Bug Fixes ********* * Adds validation of Virtual Media devices in order to prevent existing partitions on the system from being considered as potential sources of IPA configuration data. * Adds check into the configuration load from virtual media, to ensure it only occurs when the machine booted from virtual media. * IPA will now successfully clean configuration when it encounters a software RAID array that was previously created using entire devices instead of partitions. * IPA now properly checks if the root partition is already mounted. See Story 2008631 (https://storyboard.openstack.org/#!/story/2008631) for details. * Fixes an issue where metadata erasure cleaning fails for partitions because the read-only file isn't found, while it is available at the base device. Adds a check for the base device file on failure. See story 2008696 (https://storyboard.openstack.org/#!/story/2008696). * Fixes incorrect root partition UUID after streaming a raw partition image. * Increase memory usage limit for "qemu-img convert" command to 2 GiB. See Story 2008667 (https://storyboard.openstack.org/#!/story/2008667) for details. Changes in ironic-python-agent 6.6.0..7.0.0 ------------------------------------------- 993f9a0 Make the virtual media job voting afcc5d3 Fix incorrect lsblk tag and add a virtual media job 8dd6589 Validate vmedia for vmedia usage de726d4 Do not permit IPA standalone to be enabled by conf 2a64413 typo chanages -> changes d622d38 Refactor: use mounted from ironic-lib e613366 Fix root UUID for streamed partition images 4afe4f6 Check the base device if the read-only file cannot be read 45371bf Prepare to use tinycore 12 bff252c Remove default parameter from execute 5492ad7 Increase the memory limit for qemu-img d2127e7 Remove nvme-cli warning and delay on nvme-format 2220aaa Added comment about IPA logs being uploaded to Ironic ab267aa Allow clean_configuration to run against full-device arrays 0459c61 Use try_execute from ironic-lib 8bcf1be Add support for using NVMe specific cleaning 7d7940d Move some raid specific functions to raid_utils 319efe2 Fixes local boot for partition images 59cb08f New deploy step for injecting arbitrary files a35761c Remove samples from the hardware test module Diffstat (except docs and test files) ------------------------------------- ironic_python_agent/cmd/agent.py | 2 +- ironic_python_agent/config.py | 11 +- ironic_python_agent/extensions/image.py | 2 +- ironic_python_agent/extensions/standby.py | 9 +- ironic_python_agent/hardware.py | 261 ++-- ironic_python_agent/inject_files.py | 256 ++++ ironic_python_agent/raid_utils.py | 87 ++ ironic_python_agent/shell/write_image.sh | 4 +- ironic_python_agent/utils.py | 226 +++- .../adds-nvme-secure-erase-0ecfd624e5f50581.yaml | 8 + ...eck-virtual-media-devices-a9b1f54c3fe7884d.yaml | 30 + ...an-config-for-full-device-28ee09b58d97d122.yaml | 5 + ...boot-for-partition-images-755f570dc0982868.yaml | 7 + .../notes/inject-files-b411369ce6856dac.yaml | 7 + .../notes/no-standalone-bb34eae2cc468837.yaml | 8 + ...eck_read_only_base_device-5bc15ac2f034aca9.yaml | 7 + .../notes/streaming-uuid-fdf136a7745fbb3d.yaml | 5 + .../notes/up-qemuimg-mem-1536183a02b3a235.yaml | 7 + requirements.txt | 2 +- zuul.d/ironic-python-agent-jobs.yaml | 31 +- zuul.d/project.yaml | 2 + 30 files changed, 3198 insertions(+), 1338 deletions(-) Requirements updates -------------------- diff --git a/requirements.txt b/requirements.txt index 690a5b1..9fefc99 100644 --- a/requirements.txt +++ b/requirements.txt @@ -20 +20 @@ tenacity>=6.2.0 # Apache-2.0 -ironic-lib>=4.1.0 # Apache-2.0 +ironic-lib>=4.5.0 # Apache-2.0