We are ecstatic to announce the release of: ironic 29.0.0 This release is part of the epoxy release series. The source is available from: https://opendev.org/openstack/ironic Download the package from: https://tarballs.openstack.org/ironic/ Please report issues through: https://bugs.launchpad.net/ironic/+bugs For more details, please see below. 29.0.0 ^^^^^^ New Features ************ * Adds a "bootc" deploy interface which can be enabled by an Ironic deployment administrator, which can then enable users of the "bootc" deploy interface to have a streamlined path for the deployment of bootc supporting container images to a host directly, without additional intermediate steps. More information about bootc can be found on the bootc website (https://containers.github.io/bootc/). * Adds support for OCI Container Registries for the retrieval of deployment artifacts and whole-disk images to be written to a remote host. * If *ignore_project_check_for_admin_tasks* is set to *True*, the system will check if the requester is an admin for verifying image availability, bypassing the project check for administrative tasks. * Adds the capability for Ironic's conductor to detect Zstandard compressed content and to automatically decompress the files to enable image format detection and conversion. This is due to use of Zstandard compression upon artifacts stored in container registries is a popular practice, and can be disabled using the "[conductor]disable_zstandard_decompression" configuration option. * A new entry point "ironic.console.container" is added to determine how console containers are orchestrated when "ironic.conf" "[vnc]enabled=True". By default the "fake" provider is specified by "[vnc]container_provider" which performs no orchestration. The only functional implementation included is "systemd" which manages containers as Systemd Quadlet containers. These containers run as user services and rootless podman containers. Having "podman" installed is also a dependency for this provider. See "ironic.conf" "[vnc]" options to see how this provider can be configured. The "systemd" provider is opinionated and will not be appropriate for some Ironic deployment methods, especially those which run Ironic inside containers. External implementations of "ironic.console.container" are encouraged to integrate with other deployment / management methods. * New "console" drivers "redfish-graphical" and "fake-graphical" have been added. This allows the graphical console to be accessed for Dell iDRAC, HPE iLO, and Supermicro hosts. The "fake-graphical" driver is useful for demonstrating the full integration of "ironic- novncproxy" and the "systemd" provider of "ironic.console.container". * A new service "ironic-novncproxy" has been added which allows the graphical console of a host to be presented in a NoVNC web browser interface. Hosts required a supported "console" driver to access its graphical console. * Add support for a node in service failed state can be unprovisioned via the "delete" provision action. * When "ironic.conf" "[vnc]read_only=True" is set, keyboard and mouse events will not be passed to the console. Upgrade Notes ************* * If graphical console support is required, the "ironic-novncproxy" service needs to be started and managed. Graphical console specific options need to be set in the "[vnc]" section of "ironic.conf". * Remove unused and (pre-Rocky release) deprecated *token* parameter from the DHCP driver interface method. Deprecation Notes ***************** * Use of the console driver "ipmitool-shellinabox" has been deprecated and will be removed in a future release of Ironic. This decision was reached with the reality that the fork of shellinabox appears abandoned with no changes in 7 years and open issues to call for the project to hand over maintainership (https://github.com/shellinabox/shellinabox/issues/531). Bug Fixes ********* * When changing from glanceclient to OpenStack SDK to communicate with Glance, a bug was introduced reading image properties causing the Anaconda deploy interface to be unable to use Glance images. Other deploy interfaces continued to function but could have resulted in some properties not taking affect. See bug 2099275 (https://bugs.launchpad.net/ironic/+bug/2099953) for more details. * Fixes the identification of physical network segment mapping so a virtual interface (VIF) which has already been mapped to a physical network segment can be identified. * Fix the issue that restart of conductor service can not recover a node stuck at the "servicing" state. * Some vendors insist that floppy images must be 1440 KiB in size and that the file name ends with ".img". Make it so. * Includes the agent token parameter in get command status requests as the endpoint now requires authentication. * Log non-recoverable secure boot status check failures at INFO level. Changes in ironic 28.0.0..29.0.0 -------------------------------- 6e099bdfe Allow a node in service fail state to be unprovisioned 4a6dece8e Update release mappings for epoxy f23930bc9 API/Testing: Inspection rules migration 910ee2e38 Clean-up: Inspection Rules Testing da99e1154 doc: Update the runbook API usage 0962a07e0 Remove IPA build on cleanup e91685f33 Add servicing to stuck states on recovery 1dbb501cd Add ignore_project_check_for_admin_tasks config option b25a3cad6 [CI] Use bigger partition as work dir for metal3 job 3925c90a6 [CI] Fix libvirt logs collection in metal3 job de5988af2 Follow-up: Apply Inspection Rules fef0cfec7 [CI] metal3 integration: reduce total time between node check 57d7b10cb vncproxy: Use dedicated options for SSL 05734cfc9 fix glance metadata layout 6af973aee Install and run sushy-tools within a virtualenv 25a3dd076 Documentation for graphical consoles 53d93d6d7 Restore recompile of dnsmasq 45700551d CI: Make metal3 non-voting 3ac02101c CI: Change standalone jobs over to OVN b49d509d9 doc: updates to anaconda deploy interface 1ad1b167f Implement graphical console read-only support 4ed44172b Add vnc-container image build e41cb93ee Implement drivers redfish-graphical, fake-graphical 48557942a Add systemd provider for console containers 48940fcd6 Replace deprecated FormatChecker.cls_checks e6de3578f Fix fake classmethods d1bdee946 Replace deprecated abc.abstractclassmethod 1412cc336 Enable trunk plugin for tinyipa-multinode 5230316e7 Drop direct dependency on iso8601 56dbf38ed Make floppy images more floppy e7d1f8e21 Add extra log to is_image_available 7d3d75db7 CI: Extend default timeouts slightly 1afc11be8 ci: focus ironic-tempest-bios-ipmi-direct-tinyipa f333fd4d1 More reliable TinyIPA build with network retries 45d87a851 Remove multinancy page beaaf405d Add ironic-novncproxy service e994d405b Remove gmr from the docs 0b57f5609 centos devstack support: fix VM permissions 449bc1a82 deprecate shellinabox fecdaed26 Mention removing codespell job in bugfix branches 4d5e2de19 Trivial: Enable disabling tftp setup 0aadeeea7 Fix devstack plugin for centos 489652835 allow multiple inspection interfaces to load hooks feb320594 Filter physnets when ports are pre-allocated to a segment 690bc3190 trivial: lock dnsmasq check to ubuntu f5083f7a4 trivial: de-distro dnsmasq version check 782045852 OVN UEFI IPv6 CI job c0681ccf6 Utility functions for graphical console drivers 279392966 Pass agent token to get command results 15df33437 Apply Rules: inspection rules migration d6a692e3f DB: inspection rules migration 437ce1467 OCI: Send the auth header to IPA 6aaa84f11 oci: fix auth config loading 526253641 oci: fix hang with 429 error code handling 59804114f move hooks execution into shareable module e0a9a2157 [docs] Fix link to metal3-integration page c7fa447ab bootc deploy interface - for bootable containers ec53c6b5d CI: Only artificially pin down the mtu in multinode 520d01a0a Add basic documentation on metal3-integration job d6b339ba3 Automatic zstd detection and decompression... db4412d57 OCI container adjacent artifact support 69b3ff405 Remove ibmc leftovers 62a44faf6 Log secure boot access failures at INFO level 68f379582 Create a reference section fa7a8bf9c Fixes upstream table width on cleaning docs 9f43eddb3 Checkout dnsmasq in a tmp directory b7e2b1242 Fix invalid command in grenade destroy 778f8f09f Trivial: Remove the long deprecated `token` arg d163f1619 [devstack ]Use tap interfaces for VMs 083ade489 Mask all driver_internal_info in node output 602a8ba38 Update hardware burn-in docs Diffstat (except docs and test files) ------------------------------------- bindep.txt | 7 + devstack/files/bindep.txt | 2 + devstack/lib/ironic | 291 +++++-- devstack/plugin.sh | 2 +- devstack/settings | 10 +- devstack/tools/ironic/scripts/configure-vm.py | 3 + devstack/tools/ironic/scripts/create-node.sh | 14 +- devstack/tools/ironic/templates/vm.xml | 6 +- devstack/upgrade/resources.sh | 2 +- .../install/include/configure-ironic-conductor.inc | 50 ++ .../include/configure-ironic-novncproxy.inc | 45 ++ .../include/configure-ironic-singleprocess.inc | 10 +- .../refarch/small-cloud-trusted-tenants.rst | 15 + ironic/api/controllers/v1/__init__.py | 5 +- ironic/api/controllers/v1/inspection_rule.py | 295 +++++++ ironic/api/controllers/v1/node.py | 5 +- ironic/api/controllers/v1/notification_utils.py | 4 + ironic/api/controllers/v1/utils.py | 8 + ironic/api/controllers/v1/versions.py | 4 +- ironic/api/validation/validators.py | 46 +- ironic/cmd/novncproxy.py | 56 ++ ironic/cmd/singleprocess.py | 6 + ironic/common/checksum_utils.py | 146 ++++ ironic/common/console_factory.py | 67 ++ ironic/common/exception.py | 73 ++ ironic/common/glance_service/image_service.py | 14 + ironic/common/glance_service/service_utils.py | 48 +- ironic/common/image_service.py | 544 +++++++++++++ ironic/common/images.py | 94 ++- .../ibmc => common/inspection_rules}/__init__.py | 0 ironic/common/inspection_rules/actions.py | 409 ++++++++++ ironic/common/inspection_rules/base.py | 157 ++++ ironic/common/inspection_rules/engine.py | 210 +++++ ironic/common/inspection_rules/operators.py | 236 ++++++ ironic/common/inspection_rules/utils.py | 177 ++++ ironic/common/inspection_rules/validation.py | 186 +++++ ironic/common/neutron.py | 56 +- ironic/common/oci_registry.py | 791 ++++++++++++++++++ ironic/common/policy.py | 47 +- ironic/common/pxe_utils.py | 10 +- ironic/common/release_mappings.py | 76 +- ironic/common/states.py | 6 +- ironic/common/vnc.py | 113 +++ ironic/conductor/inspection.py | 5 +- ironic/conductor/rpc_service.py | 15 + ironic/conductor/utils.py | 2 + ironic/conf/__init__.py | 4 + ironic/conf/conductor.py | 9 + ironic/conf/default.py | 6 + ironic/conf/inspector.py | 22 +- ironic/conf/oci.py | 63 ++ ironic/conf/opts.py | 2 + ironic/conf/vnc.py | 147 ++++ ironic/console/__init__.py | 0 ironic/console/container/__init__.py | 0 ironic/console/container/base.py | 55 ++ ironic/console/container/fake.py | 31 + .../container/ironic-console.container.template | 12 + ironic/console/container/systemd.py | 325 ++++++++ ironic/console/novncproxy_service.py | 74 ++ ironic/console/rfb/__init__.py | 0 ironic/console/rfb/auth.py | 65 ++ ironic/console/rfb/authnone.py | 24 + ironic/console/rfb/auths.py | 51 ++ ironic/console/securityproxy/__init__.py | 0 ironic/console/securityproxy/base.py | 44 + ironic/console/securityproxy/rfb.py | 214 +++++ ironic/console/websocketproxy.py | 249 ++++++ ironic/db/api.py | 65 +- .../versions/21c48150dea9_add_inspection_rules.py | 54 ++ ironic/db/sqlalchemy/api.py | 73 ++ ironic/db/sqlalchemy/models.py | 20 + ironic/dhcp/base.py | 9 +- ironic/dhcp/dnsmasq.py | 3 +- ironic/dhcp/neutron.py | 8 +- ironic/dhcp/none.py | 3 +- ironic/drivers/fake_hardware.py | 4 +- ironic/drivers/generic.py | 2 +- ironic/drivers/modules/agent.py | 172 +++- ironic/drivers/modules/agent_client.py | 6 + ironic/drivers/modules/deploy_utils.py | 272 +++++-- ironic/drivers/modules/fake.py | 29 + ironic/drivers/modules/graphical_console.py | 94 +++ ironic/drivers/modules/image_cache.py | 40 +- ironic/drivers/modules/image_utils.py | 8 +- ironic/drivers/modules/inspect_utils.py | 120 ++- ironic/drivers/modules/inspector/agent.py | 90 +-- ironic/drivers/modules/ipmitool.py | 8 + .../drivers/modules/redfish/graphical_console.py | 73 ++ ironic/drivers/modules/redfish/management.py | 11 +- ironic/drivers/redfish.py | 6 + ironic/drivers/utils.py | 21 + ironic/objects/__init__.py | 1 + ironic/objects/inspection_rule.py | 211 +++++ .../api/controllers/v1/test_inspection_rule.py | 267 ++++++ .../console/container/test_console_container.py | 325 ++++++++ .../console/securityproxy/test_websocketproxy.py | 507 ++++++++++++ .../unit/drivers/modules/inspector/test_agent.py | 69 +- .../unit/drivers/modules/test_agent_client.py | 6 +- .../unit/drivers/modules/test_deploy_utils.py | 188 ++++- .../unit/drivers/modules/test_graphical_console.py | 83 ++ .../unit/drivers/modules/test_inspect_utils.py | 65 ++ playbooks/metal3-ci/post.yaml | 1 + playbooks/metal3-ci/run.yaml | 22 +- ...dd-bootc-deploy-interface-2658614c5190c457.yaml | 10 + ...ontainer-registry-support-9ed3ddc345410433.yaml | 5 + ...ect_check_for_admin_tasks-54007fb30017296f.yaml | 4 + ...omatic-zstd-decompression-bf30cb99ebbb07f3.yaml | 11 + ...ce-image-properties-check-2a11337c9e517a5c.yaml | 10 + ...console_container_systemd-9aba9a603e3fa94c.yaml | 17 + .../deprecate-shell-in-a-box-eef2ec4a96683e19.yaml | 8 + ...ix-physnet-identification-6f4e32fa3850de8b.yaml | 6 + .../fix-stuck-on-servicing-9a86f32d9687461a.yaml | 5 + .../floppy-image-quirks-32e14d32a37b0742.yaml | 5 + .../notes/graphical-consoles-a9e2f0def57f7a47.yaml | 8 + ...ent-token-to-get-requests-982bacce85d95ce8.yaml | 5 + .../notes/novncproxy-cf70aae44e8a6bd9.yaml | 12 + ...y-exceptions-to-INFO-logs-24479c994d93de21.yaml | 4 + ...eprecated-token-parameter-a38cd202b8a34b30.yaml | 5 + ...service-failed-unprovison-b63c2ecde624131b.yaml | 5 + .../notes/vnc_read_only-e0f18c5d0d356515.yaml | 5 + requirements.txt | 2 + setup.cfg | 9 + test-requirements.txt | 1 - tools/vnc-container/Containerfile | 25 + tools/vnc-container/README.rst | 74 ++ tools/vnc-container/bin/start-browser-x11vnc.sh | 11 + tools/vnc-container/bin/start-selenium-browser.py | 337 ++++++++ tools/vnc-container/bin/start-xvfb.sh | 5 + tools/vnc-container/drivers/fake/index.html | 80 ++ .../drivers/fake/ironic_mascot_color.png | Bin 0 -> 91447 bytes zuul.d/ironic-jobs.yaml | 78 +- zuul.d/project.yaml | 2 + 187 files changed, 13390 insertions(+), 724 deletions(-) Requirements updates -------------------- diff --git a/requirements.txt b/requirements.txt index 2f3705f9b..ecfb0cbe4 100644 --- a/requirements.txt +++ b/requirements.txt @@ -49,0 +50,2 @@ bcrypt>=3.1.3 # Apache-2.0 +websockify>=0.9.0 # LGPLv3 +PyYAML>=6.0.2 # MIT diff --git a/test-requirements.txt b/test-requirements.txt index 52e337a59..f20c660e6 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -5 +4,0 @@ PyMySQL>=0.8.0 # MIT License -iso8601>=0.1.11 # MIT